Title: SecurelyWP – all-in-one security Author: SecurelyWP Published: أبريل 30, 2025 Last modified: نونبر 22, 2025 --- Search plugins ![](https://ps.w.org/securelywp/assets/banner-772x250.png?rev=3344712) ![](https://ps.w.org/securelywp/assets/icon-128x128.png?rev=3344712) # SecurelyWP – all-in-one security By [SecurelyWP](https://profiles.wordpress.org/securelywp/) [Download](https://downloads.wordpress.org/plugin/securelywp.1.0.10.zip) * [Details](https://ary.wordpress.org/plugins/securelywp/#description) * [Reviews](https://ary.wordpress.org/plugins/securelywp/#reviews) * [Installation](https://ary.wordpress.org/plugins/securelywp/#installation) * [Development](https://ary.wordpress.org/plugins/securelywp/#developers) [Support](https://wordpress.org/support/plugin/securelywp/) ## Description SecurelyWP is a hassle-free security plugin that makes your WordPress site safer the moment you activate it. Most features work out of the box, with optional CAPTCHA and two-factor authentication (2FA) configuration for enhanced protection. It includes strong security features, system details, security headers, CAPTCHA integration, and 2FA to keep your site secure and healthy. Why Choose SecurelyWP? * Works Out of the Box: Most security features activate automatically upon installation. * Comprehensive Protection: Guards against hacking, malicious files, form spam, and unauthorized access. * Lightweight: Designed to run smoothly without affecting your site’s speed or performance. * Free Features: Includes system details, security headers, CAPTCHA, and 2FA to monitor and protect your site. ### Features * Hide WordPress Version - Why: Stops hackers from targeting weaknesses in your WordPress version. - Impact: Good protection with no effect on your site’s appearance. * Disable PHP Execution in Uploads Folder - Why: Prevents harmful scripts from running if someone uploads a malicious file. - Impact: Strong defense against file-based attacks. * Prevent User Enumeration - Why: Blocks hackers from guessing usernames through sneaky methods. - Impact: Keeps your user list safe from prying eyes. * Detect & Warn About “admin” Username - Why: Alerts you if your site uses the risky “admin” username. - Impact: Big security boost if you change the username. * Disable File Editing in Dashboard - Why: Stops anyone from modifying your site’s code through the WordPress dashboard. - Impact: Major safeguard against unauthorized code changes. * Force HTTPS for Login & Admin - Why: Ensures your login and admin pages use a secure connection. - Impact: Critical for keeping your credentials safe. * Basic Brute Force Protection (Lite) - Why: Temporarily blocks repeated failed login attempts. - Impact: Strong protection against login attacks. * System Details - Why: Shows important info about your site to monitor its health. - Impact: Keeps you informed about your site’s status. * Security Headers - Why: Adds HTTP headers to improve your site’s security. - Impact: Strengthens your site’s defense with minimal setup. * CAPTCHA Protection (Cloudflare Turnstile) - Why: Adds CAPTCHA to prevent spam and bot submissions. - Impact: Enhances form security with user-friendly CAPTCHA. * Two-Factor Authentication (2FA) - Why: Adds an extra layer of security by requiring a second verification step during login. - Impact: Significantly reduces the risk of unauthorized access. **2FA Features:** – Authenticator App (TOTP): Use apps like Google Authenticator or Authy for time-based codes. – Email 2FA: Receive codes via email for verification.– Recovery Codes: Generate emergency codes for access if other methods are unavailable.– Per-User Settings: Each user can configure their own 2FA preferences. – Multisite Support: Super admins can enforce 2FA network-wide. – Flexible Options: Choose primary 2FA method from TOTP, Email 2FA, or Recovery Codes. **Supported Forms, Plugins & Multisite for CAPTCHA:** – Core WordPress: Login, Registration, Lost Password, Comment – E-commerce & Membership: WooCommerce Checkout, MemberPress, Ultimate Member, WP-Members – Form Plugins: WPForms, Gravity Forms, Contact Form 7 (CF7), Formidable Forms, Forminator, Elementor Pro, Easy Digital Downloads (EDD), Mailchimp for WordPress – Community / Forums: BuddyPress, bbPress– Multisite: Multisite Signup Forms ### How to Set Up CAPTCHA with Cloudflare Turnstile 1. **Sign Up for Cloudflare:** Go to https://www.cloudflare.com/ and create a free account or log in. 2. **Add Your Site:** Click “Add a Site” in the dashboard and enter your domain. 3. **Access Turnstile:** Navigate to the “Turnstile” section in the Cloudflare dashboard. 4. **Create a Turnstile Widget:** 5. * Click “Add Widget” * Provide a name (e.g., “SecurelyWP CAPTCHA”) * Add Hostnames (your domain, e.g., example.com) Click “Add” * Choose the widget type (“Managed”) 6. **Get Your Keys:** Copy the Site Key and Secret Key. 7. **Add Keys to SecurelyWP:** Go to SecurelyWP > CAPTCHA Settings in WordPress paste keys enable CAPTCHA for desired forms. 8. **Test Your CAPTCHA:** Visit a form to ensure the CAPTCHA widget appears and works correctly. ### How to Set Up Two-Factor Authentication 1. **Access 2FA Settings:** Go to “Profile” > “Two-Factor Authentication” in your WordPress dashboard. 2. **Enable 2FA Methods:** 3. * Authenticator App: Scan the QR code or enter the secret into your app (Google Authenticator, Authy). Verify with a code. * Email 2FA: Enable to receive codes via email. * Recovery Codes: Generate emergency codes. Copy or download codes for safekeeping. 4. **Choose Primary Method:** Select your preferred 2FA method (Authenticator App, Email, or Recovery Codes). 5. **Test 2FA:** Log out and log in to verify the 2FA prompt appears below the login form. 6. **Multisite (Super Admins):** Enable network-wide 2FA enforcement for all users. ## Screenshots * [[ * Dashboard: Overview of your site’s security status, including CAPTCHA and 2FA settings. * [[ * System Details: Clear report of your site’s version, themes, and more. * [[ * Security Headers: Overview of active HTTP security headers. * [[ * CAPTCHA Settings: Configure Cloudflare Turnstile and enable CAPTCHA for forms. * [[ * Two-Factor Authentication: Configure 2FA methods and view recovery codes. * [[ * [[ * [[ * [[ * [[ ## Installation 1. Go to “Plugins” > “Add New,” search for “SecurelyWP,” click “Install Now” and “ Activate.” 2. Or upload the plugin ZIP file via “Plugins” > “Add New” > “Upload Plugin.” 3. Automatic Protection: Most features start protecting your site immediately upon activation. 4. Optional CAPTCHA Setup: Go to SecurelyWP > CAPTCHA Settings and add your Cloudflare Turnstile keys. 5. Optional 2FA Setup: Go to “Profile” > “Two-Factor Authentication” to configure 2FA. 6. Check Dashboard: Visit “SecurelyWP” to view site health, scan for risks, or configure settings. ## FAQ ### Do I need to configure anything after installing SecurelyWP? Most features work automatically. For CAPTCHA, add Cloudflare Turnstile keys. For 2FA, configure under “Profile” > “Two-Factor Authentication.” ### Will this plugin slow down my site? No, SecurelyWP is lightweight and won’t affect performance. ### Does it work with my theme or other plugins? Yes, SecurelyWP works with any theme and most plugins. ### What if my site doesn’t have HTTPS? “Force HTTPS” requires SSL. Other features, including 2FA, work fine without HTTPS. ### Can I use SecurelyWP on a multisite? Yes, including signup forms for CAPTCHA and network-wide 2FA. ### Where do I get Cloudflare Turnstile keys? Sign up at Cloudflare, add your site, and create a Turnstile widget. ### How do I set up 2FA for my account? Go to “Profile” > “Two-Factor Authentication,” enable your preferred methods, and follow setup instructions. ## Reviews There are no reviews for this plugin. ## Contributors & Developers “SecurelyWP – all-in-one security” is open source software. The following people have contributed to this plugin. Contributors * [ SecurelyWP ](https://profiles.wordpress.org/securelywp/) * [ Ashar ](https://profiles.wordpress.org/mdashar/) [Translate “SecurelyWP – all-in-one security” into your language.](https://translate.wordpress.org/projects/wp-plugins/securelywp) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/securelywp/), check out the [SVN repository](https://plugins.svn.wordpress.org/securelywp/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/securelywp/) by [RSS](https://plugins.trac.wordpress.org/log/securelywp/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.0.9 * Added comprehensive cache purging system with admin bar button. * Added support for purging WordPress internal cache, object cache, transients, and opcode cache. * Added detection and purging of popular caching plugin caches (WP Super Cache, W3 Total Cache, LiteSpeed Cache, WP Rocket, etc.). * Added browser cache refresh functionality with asset versioning. #### 1.0.8 * Added Firewall. #### 1.0.7 * Added Two-Factor Authentication (2FA) with Authenticator App (TOTP), Email 2FA, and Recovery Codes. * Added per-user 2FA settings under Profile for all roles. * Added multisite support for network-wide 2FA enforcement by super admins. * Added 2FA form below WordPress login with verification. #### 1.0.6 * Added CAPTCHA Protection using Cloudflare Turnstile for forms. #### 1.0.5 * Added Security Headers feature with industry-standard HTTP headers. #### 1.0.4 * Added Hide WordPress Version * Added Disable PHP Execution in Uploads Folder * Added Prevent User Enumeration * Added Detect & Warn About “admin” Username * Added Disable File Editing in Dashboard * Added Force HTTPS for Login & Admin * Added Basic Brute Force Protection * Added System Details * Major features released ## Meta * Version **1.0.10** * Last updated **5 شهور ago** * Active installations **20+** * WordPress version ** 5.0 or higher ** * Tested up to **6.8.5** * Language * [English (US)](https://wordpress.org/plugins/securelywp/) * Tags * [captcha](https://ary.wordpress.org/plugins/tags/captcha/)[headers](https://ary.wordpress.org/plugins/tags/headers/) [security](https://ary.wordpress.org/plugins/tags/security/) * [Advanced View](https://ary.wordpress.org/plugins/securelywp/advanced/) ## Ratings No reviews have been submitted yet. [Your review](https://wordpress.org/support/plugin/securelywp/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/securelywp/reviews/) ## Contributors * [ SecurelyWP ](https://profiles.wordpress.org/securelywp/) * [ Ashar ](https://profiles.wordpress.org/mdashar/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/securelywp/)