XO Security

plugin banner

Enhance the security related, such as disabling pingback, change login page, login record and attempt to login restrictions.

Author:Xakuro (profile at wordpress.org)
WordPress version required:4.9
WordPress version tested:6.6
Plugin version:3.10.4
Added to WordPress repository:18-01-2016
Last updated:13-07-2024
Rating, %:100
Rated by:9
Plugin URI:https://xakuro.com/wordpress/xo-security/
Total downloads:246 473
Active installs:20 000+
plugin download
Click to start download

XO Security is a plugin to enhance login related security.
This plugin does not write to .htaccess file. Besides Apache, LiteSpeed, Nginx and IIS also work.


  • Record login log.
  • Limit login attempts.
  • Add Captcha to the login form and comment form.
  • Change the URL of the login page.
  • Enable two-factor authentication (2FA) for login.
  • Login Alert.
  • Disable login by mail address.
  • Disable login by user name.
  • Change login error message.
  • Disable XML-RPC and XML-RPC Pingback.
  • Disable REST API.
  • Disable author archive page.
  • Remove comment author class of comments list.
  • Remove the username from the oEmbed response data.
  • WooCommerce login page protection.
  • Anti-spam comment.
  • Hide WordPress version information.
  • Edit the author slug.
  • Disable RSS and Atom feeds.
  • Activate maintenance mode.
  • Delete the readme.html file.

WordPress multisite considerations

If you set the login page separately for the main site and the subsite, you will not be able to use the password loss function of the subsite. We recommend that you set the login page to be common to all sites.