{"id":66199,"date":"2017-04-07T00:23:17","date_gmt":"2017-04-07T00:23:17","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/wp-admin-protect\/"},"modified":"2026-03-31T18:56:33","modified_gmt":"2026-03-31T18:56:33","slug":"wp-admin-protect","status":"publish","type":"plugin","link":"https:\/\/yor.wordpress.org\/plugins\/wp-admin-protect\/","author":15739296,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"4.0.1","stable_tag":"4.0.1","tested":"6.9.4","requires":"5.0","requires_php":"7.4","requires_plugins":null,"header_name":"Protector \u2013 Malware Removal, Firewall & Core Repair","header_author":"Marcello Ruoppolo","header_description":"Protect your WP Admin from visitors, this plugin easily change your wp-login url to hide it from users.","assets_banners_color":"656a78","last_updated":"2026-03-31 18:56:33","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/kloxstudios.com\/","header_plugin_uri":"https:\/\/kloxstudios.com\/","header_author_uri":"https:\/\/kloxstudios.com\/","rating":5,"author_block_rating":0,"active_installs":200,"downloads":5195,"num_ratings":3,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"2.6.0":{"tag":"2.6.0","author":"marcelloruoppolome","date":"2026-02-08 11:55:58"},"2.7.3":{"tag":"2.7.3","author":"marcelloruoppolome","date":"2026-02-08 12:03:05"},"3.0.0":{"tag":"3.0.0","author":"marcelloruoppolome","date":"2026-03-31 18:52:08"},"4.0.0":{"tag":"4.0.0","author":"marcelloruoppolome","date":"2026-03-31 18:52:08"},"4.0.1":{"tag":"4.0.1","author":"marcelloruoppolome","date":"2026-03-31 18:56:33"}},"upgrade_notice":{"4.0.0":"

Version 4.0.0 is a massive upgrade! We've transformed Protector into a full-featured security suite with a built-in Malware Scanner, Bot Honeypots, and 1-Click Site Hardening.<\/p>"},"ratings":{"1":0,"2":0,"3":0,"4":0,"5":3},"assets_icons":{"icon-128x128.jpg":{"filename":"icon-128x128.jpg","revision":1789520,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.jpg":{"filename":"icon-256x256.jpg","revision":1789520,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.jpg":{"filename":"banner-1544x500.jpg","revision":2156965,"resolution":"1544x500","location":"assets","locale":""},"banner-1800x690.jpg":{"filename":"banner-1800x690.jpg","revision":2156965,"resolution":"1800x690","location":"assets","locale":""},"banner-772x250.jpg":{"filename":"banner-772x250.jpg","revision":2156965,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["2.6.0","2.7.3","3.0.0","4.0.0","4.0.1"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3495931,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3495931,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3495931,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3495931,"resolution":"4","location":"assets","locale":""},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3495931,"resolution":"5","location":"assets","locale":""},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3495931,"resolution":"6","location":"assets","locale":""}},"screenshots":{"1":"1-Click Security Dashboard:<\/strong> See your live protection status and activate shields instantly.","2":"Login Fortress:<\/strong> Configure your secret login URL and deploy invisible honeypot traps.","3":"Site Hardening:<\/strong> Fortify your WordPress installation against XSS and XML-RPC attacks with simple toggles.","4":"Advanced Protection:<\/strong> Unlock enterprise-grade tools like IP Lockouts and 2FA (Pro features).","5":"Malware Threat Scanner:<\/strong> Run deep server scans, detect infected files, and verify core integrity.","6":"Live Attack Log:<\/strong> Watch the firewall work in real-time as it blocks malicious IPs and bot networks."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[2439,1174,25642,55021,600],"plugin_category":[54],"plugin_contributors":[148963],"plugin_business_model":[],"class_list":["post-66199","plugin","type-plugin","status-publish","hentry","plugin_tags-brute-force","plugin_tags-firewall","plugin_tags-hide-login","plugin_tags-malware-scanner","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-marcelloruoppolome","plugin_committers-marcelloruoppolome","plugin_support_reps-marcelloruoppolome"],"banners":{"banner":"https:\/\/ps.w.org\/wp-admin-protect\/assets\/banner-772x250.jpg?rev=2156965","banner_2x":"https:\/\/ps.w.org\/wp-admin-protect\/assets\/banner-1544x500.jpg?rev=2156965","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/wp-admin-protect\/assets\/icon-128x128.jpg?rev=1789520","icon_2x":"https:\/\/ps.w.org\/wp-admin-protect\/assets\/icon-256x256.jpg?rev=1789520","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/wp-admin-protect\/assets\/screenshot-1.png?rev=3495931","caption":"1-Click Security Dashboard:<\/strong> See your live protection status and activate shields instantly."},{"src":"https:\/\/ps.w.org\/wp-admin-protect\/assets\/screenshot-2.png?rev=3495931","caption":"Login Fortress:<\/strong> Configure your secret login URL and deploy invisible honeypot traps."},{"src":"https:\/\/ps.w.org\/wp-admin-protect\/assets\/screenshot-3.png?rev=3495931","caption":"Site Hardening:<\/strong> Fortify your WordPress installation against XSS and XML-RPC attacks with simple toggles."},{"src":"https:\/\/ps.w.org\/wp-admin-protect\/assets\/screenshot-4.png?rev=3495931","caption":"Advanced Protection:<\/strong> Unlock enterprise-grade tools like IP Lockouts and 2FA (Pro features)."},{"src":"https:\/\/ps.w.org\/wp-admin-protect\/assets\/screenshot-5.png?rev=3495931","caption":"Malware Threat Scanner:<\/strong> Run deep server scans, detect infected files, and verify core integrity."},{"src":"https:\/\/ps.w.org\/wp-admin-protect\/assets\/screenshot-6.png?rev=3495931","caption":"Live Attack Log:<\/strong> Watch the firewall work in real-time as it blocks malicious IPs and bot networks."}],"raw_content":"\n

Every day, thousands of WordPress sites are hacked. Most security plugins offer protection, but they come with a massive cost: they slow down your server with bloated features and complex settings.<\/p>\n\n

Protector is different.<\/strong> It is a lightweight, AI-ready security layer that turns your WordPress site into a digital fortress without compromising speed.<\/p>\n\n

Whether you are trying to recover a hacked site or proactively defend your business, Protector delivers enterprise-grade security that anyone can configure. With our new 1-Click Security Overview Dashboard<\/strong>, you can activate all recommended protections and block 98% of automated attacks in under 8 seconds.<\/p>\n\n

\ud83d\udcd6 Read the Official Documentation here<\/a><\/strong><\/p>\n\n

\ud83e\udda0 Malware Threat Scanner & Auto-Repair<\/h3>\n\n

Don't just find malware; destroy it. Our deep, recursive local scanner verifies your WordPress integrity without crashing your server:\n* Core Integrity Verification:<\/strong> Cross-references all Core files against the official WordPress.org checksums.\n* Advanced Pattern Detection:<\/strong> Detects suspicious code patterns (like eval<\/code>, base64_decode<\/code>, shell_exec<\/code>) hidden in your files.\n* 1-Click Auto-Repair:<\/strong> Found a modified core file? Click \"Repair\" and Protector will automatically fetch a clean, original version directly from the official WP SVN and overwrite the infected file.<\/p>\n\n

\ud83d\udee1\ufe0f Login Fortress (Brute-Force Protection)<\/h3>\n\n

Hackers relentlessly target the wp-login.php<\/code> page. We make it disappear.\n* Secret Login URL:<\/strong> Hide wp-login.php<\/code> completely. Any unauthorized attempt will be instantly redirected to a custom URL of your choice.\n* Smart Honeypots:<\/strong> Inject invisible fields into your login and comment forms to trap and block spam\/brute-force bots automatically.\n* Block Username Scanning:<\/strong> Prevent attackers from discovering your admin usernames via ?author=1<\/code> enumeration.<\/p>\n\n

\ud83d\udd12 1-Click Site Hardening<\/h3>\n\n

Lock down common vulnerabilities instantly:\n* Security Headers:<\/strong> Protect against XSS, Clickjacking, and MIME-Sniffing attacks with a single toggle.\n* XML-RPC Control:<\/strong> Disable XML-RPC completely to eliminate one of the biggest brute-force attack vectors on WordPress.\n* Version Obfuscation:<\/strong> Hide your WordPress version from the source code so hackers can't target known exploits.\n* Restrict REST API:<\/strong> Block public access to endpoints that expose sensitive user data.<\/p>\n\n

\ud83d\udcca Live Attack Log<\/h3>\n\n

Peace of mind you can actually see. Monitor every blocked attack, triggered honeypot, and deleted malware in real-time straight from your dashboard.<\/p>\n\n

\ud83d\ude80 Upgrade to KloxStudios Pro<\/h3>\n\n

Need absolute maximum power? Protector integrates seamlessly with the KloxStudios Cloud AI. Pro users unlock Cloud AI Malware Verification for 3rd-party plugins\/themes, Automatic IP Lockouts, Instant Admin Login Alerts (Email & Webhook), and 2FA.<\/p>\n\n\n

You don't need a PhD in cybersecurity to secure your site.<\/p>\n\n

    \n
  1. Upload the protector-security<\/code> folder to the \/wp-content\/plugins\/<\/code> directory (or install directly via the WP Plugin directory).<\/li>\n
  2. Activate the plugin through the 'Plugins' menu in WordPress.<\/li>\n
  3. Navigate to the new \"Protector\" menu in your dashboard.<\/li>\n
  4. Click the massive yellow \"Activate Full Protection Now\"<\/strong> button on the dashboard for instant, 1-click security.<\/li>\n<\/ol>\n\n

    For detailed configuration guides, visit our Official Documentation<\/a>.<\/p>\n\n\n

    \n

    How do I use the secret login URL?<\/h3><\/dt>\n
      \n
    1. Go to the \"Protector\" menu > \"Login Fortress\" tab.<\/li>\n
    2. Toggle the 'Change your secret login URL' option.<\/li>\n
    3. Set your 'Secret Login Term' (e.g., mysecretaccess<\/code>).<\/li>\n
    4. Save changes and use your new login URL: yoursite.com\/wp-login.php?mysecretaccess<\/code>.<\/li>\n<\/ol><\/dd>\n

      What if I forget my secret term and get locked out?<\/h3><\/dt>\n

      Don't panic! You can temporarily disable the plugin by renaming the protector-security<\/code> folder inside wp-content\/plugins\/<\/code> via FTP or your hosting File Manager. This will instantly restore the default wp-login.php<\/code> access.<\/p><\/dd>\n

      Will the Malware Scanner slow down my site?<\/h3><\/dt>\n

      No! The scanner uses AJAX-based asynchronous batch processing. This means it scans your files in small chunks, preventing server timeouts and CPU spikes, even on massive websites with thousands of files.<\/p><\/dd>\n\n<\/dl>\n\n\n

      4.0.0<\/h4>\n\n
        \n
      • Major Overhaul: Complete UI\/UX redesign with a new Security Overview Dashboard.<\/li>\n
      • New: Malware Threat Scanner (verifies WP core files and detects suspicious patterns).<\/li>\n
      • New: Auto-Repair modified Core files directly from WordPress.org SVN.<\/li>\n
      • New: Login & Comment Honeypots to trap spam and brute-force bots.<\/li>\n
      • New: Site Hardening options (Security Headers, Disable XML-RPC, Restrict REST API).<\/li>\n
      • New: Live Attack Log to monitor blocked threats in real-time.<\/li>\n
      • New: Quick Setup - Secure your site in 1-click.<\/li>\n
      • Performance: AJAX-based batch scanning to prevent server timeouts on large sites.<\/li>\n
      • Security: Added Pro Add-on architecture readiness.<\/li>\n<\/ul>\n\n

        2.7.3<\/h4>\n\n
          \n
        • Fix: Resolved \"Too Many Redirects\" error by switching to wp_redirect.<\/li>\n
        • Security: Added data sanitization and escaping for all inputs.<\/li>\n
        • Performance: Removed all external CSS\/JS dependencies (FontAwesome\/Grids).<\/li>\n<\/ul>\n\n

          2.6.0<\/h4>\n\n
            \n
          • New Security Algorithm.<\/li>\n<\/ul>\n\n

            2.5.0<\/h4>\n\n
              \n
            • Layout improvements and new security features.<\/li>\n<\/ul>","raw_excerpt":"Protect your WP Admin access. The ultimate lightweight security suite. Block brute-force attacks, auto-repair infected core files, hide your login URL …","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/yor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/66199","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/yor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/yor.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/yor.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=66199"}],"author":[{"embeddable":true,"href":"https:\/\/yor.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/marcelloruoppolome"}],"wp:attachment":[{"href":"https:\/\/yor.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=66199"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/yor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=66199"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/yor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=66199"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/yor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=66199"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/yor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=66199"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/yor.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=66199"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}