WP Security Pro

plugin banner

Provides security against Login, Registrations, brute force attacks by tracking IP and Blacklisting IP's.

Author:miniorange (profile at wordpress.org)
WordPress version required:2.0.2
WordPress version tested:5.5.1
Plugin version:4.1.0
Added to WordPress repository:24-02-2016
Last updated:07-04-2020
Rating, %:80
Rated by:12
Plugin URI:http://miniorange.com
Total downloads:29 499
Active installs:1 000+
plugin download
Click to start download


  • Complete Web Security suite to protect wordpress from any attacks
  • Web Application Firewall (WAF) : WordPress Firewall to protect your site
  • OWASP TOP 10 Protection
  • Login Protection : Spam and Login Protection
  • Malware scanner: Detects any virus, malware and trojan
  • Backup: Taking Encrypted Backup with local storage and cloud storage
  • Two Factor Authentication : 2FA and MFA
  • Limit Login Attempts to stop password guessing
  • Realtime Global IP Blocing
  • Limit Rate of Request : Protecting resources from any security hole exploit
  • Crawler Detection and blocking
  • Blocking IP and Attacks
  • Country Blocking and Browser Blocking
  • Brute Force Attacks prevention to stop password hack
  • Captcha for Bot Detection
  • Google Recaptcha
  • Login Form Protection
  • Registration Form Protection
  • Integration with different plugin – Woo commerce, buddypress, ultimate member and others
  • Reporting
  • Audit Log

Web Application Firewall

  • WordPress firewall is built specifically for WordPress and blocks malicious traffic on your WordPress Site.
  • Block Attacks and prevent access
  • SQL injection Protection (SQL)
  • Cross-site Scripting(XSS) Attacks
  • Remote-File Inclusion(RFI)
  • Local File Inclusion(LFI)
  • Secure Rate Limiting – It controls the amount of incoming requests from a specific IP to a service(Website).
  • Realtime Global IP Blocking – It protects from malicious IPs and lets the genuine traffic on your WordPress.
  • Realtime Rules and Signatures update – Constant update of signatures based on threats.
  • Blocking IP – Block any IP you want just with one click.

Login Proctection and Spam Protection

  • Brute Force Login / Attacks Protection – We keep track of user’s login attempts and we send alerts to administrators for unusual activities if someone exceeds allowed failed login attempts.
  • Protects from brute force attacks and password guessing on the login page.
  • Limit Login Attempts – Automated attacks on the login page to guess your password can be a risk for users’ accounts. You can just limit the login attempts and the rate of requests on the website.
  • Login Security – Limit Login Attempts and track user login attempts
  • Password protection – Enforce Strong Password – Check Password strength for all users
  • Common Password protection – Detect if users use common leaked passwords
  • User Registration Security – Disallow Disposable / Fake email addresses
  • Google reCAPTCHA protection for login, registration.
  • Spam Protection and Comment Spam Protection

Registration Security

  • Captcha on registration form
  • Advanced User Verification – OTP Verification plugin verifies Email Address/Mobile Number of users by sending verification code(OTP) during registration. It removes the possibility of a user registering with fake Email Address/Mobile Number.
  • Protection for WordPress files – We provide you option to prevent access to user from browsing directory content and editing files from WP Dashboard (Themes and plugins).
  • Block Fake Users – We help you to detect suspicious email addresses instantly. Most of the users use disposable, fake or temporary email addresses for registering on online websites. We help you stop accepting registrations from those emails.

Malware Scanner

  • The scanner will scan all the files including WordPress core, plugins and theme files to know if any of them have malware and malicious URLs.
  • Malware Scanner  – The scanner will scan all the files including WordPress core, plugins and theme files to know if any of them have malware and malicious URLs.
  • Malware Detection Signatures – With Real-time signature updates, it checks for the latest threats and notifies you of any issues found.
  • Version Compare – Keep a watch continuously in the background and scan any new file or change in files.


  • Secure Backups – The files are password protected so that only person authorized can check the backup.
  • Schedule Backups – Support both manual backup and automated (scheduled) backups. Backups Files and Database on separate schedule.
  • Encrypted Database backup and File Backup – Backup your WordPress database files easily with a single click. You can either download your backup or can save it on your server.
  • Cloud Backups – Store it in cloud storage or remote locations like Google Drive, Amazon S3, DropBox and others.
  • One-Click Restore – File restoring made easy with just One-Click Restore.

Two Factor Authentication

  • Simplified & easy to user interface.
  • Two Factor Authentication (2FA) forever FREE!
  • Variety of Authentication Methods: Any App supporting TOTP algorithm like Google, Authy, LastPass Authenticator and Security Questions(KBA)
  • Remember Device – Trust Devices by dynamically analyzing user requests and apply business security policies to application access which minimizes the risks of unauthorized access.


  • IP Blocking – Manual and automatic blocking of IP address ( Blacklisting and whitelisting included ).
  • Country Blocking – If you have a website which gets inundated with SPAM or hacking attempts from visitors or bots originating from certain countries we can help you blocking those attempts. You can block the request coming from countries like Russia, Brazil, China and others.

Live traffic Monitoring and Reporting

  • Traffic Monitoring – Keep Real-time watch on traffic and get details on every request. Also you get the option for filtering reports with various criterias like username, IP address, date. Also you can export reports in csv and pdf.
  • IP Lookup: Check the location of the IP and get details related to the IP. With the IP Lookup feature you can know details about the request with Country, State and City of the IP and take action if needed.
  • Security Log – Logs Blocked IPs, Spammers, Bots, HTTP 404,403 and 400 logging

Advanced Features :-

  • Advanced Blocking – Block users based on: IP range, Country, Browser / User Agent, Referer and HostName(DNS)
  • Htaccess Website Security Protection- Secure your website from unintended user with htaccess website security protection which blocks user request on server(apache) level.
  • IP Lookup ( WHOIS ) – With IP Lookup you can trace IP address of an suspicious users, you can get an idea what part of the country or world they are accessing your website from.
  • Comment SPAM Filter and Site SPAM Check – We check if your website is generating SPAM to protect your website getting blocked by search engines. Also we help you to filter comments for malware and phishing urls.
  • SPAM Protection and google reCAPTCHA for comments – Google reCAPTCHA protects your website from spam and abuse. reCAPTCHA uses an advanced risk analysis engine and adaptive CAPTCHAs to keep automated software from engaging in abusive activities on your site.
  • Notification to admin and end users – Send Email Alerts for IP blocking and unusual activities with user account
  • DOS (Denial of service) attacks protection – Protect your resources from DOS attacks by slowing down attackers by delaying response and increasing delay in each of his requests and eventually blocking them entirely.
  • Notifications – Get email alerts for unusual activities with you user accounts. We also support customized email templates which you can use for branding.


miniOrange email verification tool actually connects to the mail server of user registering and checks whether the mailbox exists or not. This decreases bounce rate from your email address and saves your email address getting blacklisted.


Social Login allows your visitors to choose from their favourite social login apps to login, comment, share and optionally auto-register with your website or blog. One-click login to your website using social login applications like Google, Twitter, Facebook, Vkontakte, LinkedIn, Instagram, Amazon, Salesforce, Windows Live. Easy integration with your website with options to add Social login on login page, registration page and comments section.

How is miniOrange Different?

miniOrange has various types of deployments that gives the customer a safe and protective choice. miniOrange offers plugin, Cloud and On-premise server module. The plugin will block all incoming requests on the network where the website is hosted. You can block the request before reaching the server with the network solutions. Adding to this miniOrange also provides Login Protection and 2FA built specifically for CMS such as WordPress, Drupal, and others. And keeping backups are essential so that you can fall back in case of any loss or modification of data intentionally or unintentionally. miniOrange provides encrypted backups for file and database with one-click recovery.

=miniOrange provides three levels of solutions to which owners can decide which solution would be the best for them=

  • WordPress-Level Web Application Firewall
  • Server Level On-premise WAF
  • Server Level Cloud-based WAF

Do you want support?

Please email us at info@xecurify.com or Contact us