WordPress security hardening — firewall, malware scanner, 2FA, brute-force protection, file integrity monitoring, and security activity logging.
GuardPress is a WordPress security plugin that covers brute-force protection, Web Application Firewall rules, malware scanning, two-factor authentication, file integrity monitoring, core hardening, and a full audit log — all running inside WordPress with no SaaS subscription or cloud round-trip for the core feature set.
The firewall blocks SQL injection, XSS, RFI, and known attack patterns before they reach PHP. Brute-force protection auto-locks IPs after failed login attempts, and per-role 2FA enforcement lets you require TOTP on admin accounts while leaving subscribers untouched. The malware scanner runs on a schedule and on demand, comparing core files against official WordPress.org checksums and flagging plugins and themes against known CVEs via the WPScan vulnerability database.
Every security-relevant action — logins, content changes, settings modifications, user creations — lands in the activity log with timestamps, IP, and user agent. An emergency lockdown toggle pulls the site down to admins only with one click, and login notifications email admins on new-location signins so compromised credentials surface fast.
- Brute-force protection with automatic IP lockout
- Two-factor authentication (TOTP) with per-role enforcement
- Login CAPTCHA — reCAPTCHA, hCaptcha, or Cloudflare Turnstile
- Custom login URL to defuse bot traffic on
wp-login.php - Emergency lockdown — one-click admin-only mode
- Login notifications — email alerts on new-location admin signins
- Web Application Firewall with SQL injection, XSS, and RFI pattern blocking
- IP block lists — manual, automatic, and country-level
- Bot and bad-user-agent filtering
- Rate limiting before WordPress loads
- Scheduled and on-demand malware scanner
- File integrity monitoring for core, plugins, and themes
- Core file verification against WordPress.org checksums
- Vulnerability scanner against the WPScan CVE database
- One-click hardening — disable XML-RPC, file editing, user enumeration, directory browsing
- Security headers — HSTS, CSP, X-Frame-Options, Permissions-Policy
- PHP execution blocked in uploads and other writable directories
- Full audit log for logins, content changes, and settings changes
- SiteVault — WordPress backups and migration
- ForgeCache — Caching and performance
- SEObolt — SEO toolkit for WordPress
- FormForge — Form builder with PDF generation
- RoyalComply — Cookie compliance with real script blocking
- WordPress Security Scanner — Scan any WordPress site
- Plugin Security Scanner — Audit plugin code
- HTTP Headers Checker — Audit security headers
- SSL Checker — Verify certificate configuration
GuardPress significantly reduces common WordPress attack surfaces but does not guarantee invulnerability. No security plugin substitutes for operational practices — keeping WordPress, PHP, plugins, and themes updated, using strong passwords, maintaining current backups, and restricting access to admin accounts. GuardPress is one layer of defence in depth, not a replacement for any of the others.
Built by Royal Plugins
Lightweight, security-first WordPress plugins.
© 2026 Royal Plugins. All rights reserved.