This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

WP Security Optimizer


Prevent hackers to sabotage your rankings in search engines.

Elude attackers that exploits your website and fight Negative SEO attacks made using WPScan and other vulnerability scanner.

An inspection engine monitors the traffic between clients and your Website, enhancing the security of your WordPress installation.

WP Security Optimizer prevents wp-login brute force attacks by monitoring invalid login attempts, block dDoS attack via pingbacks, XMLRPC attack and is able to elude vulnerability scanners;
Specially designed for WPScan where it’s able to induce false-positives and generate an unreadable report full of thousand wrong data.

File Integrity Check (FIC) functionality will notify the administrative user about corrupted and infected PHP files stored into “wp-admin”, “wp-includes” and “uploads” folders.

Analyzing the User-Agent field in the HTTP request headers, disallow access on your Website to the most widespread penetration test and security assessment applications, including: OpenVAS, Nikto, sqlmap, commix, skipfish, whatweb and WPScan.

Useful for finding files that are actually used by developers (such of backup of WordPress’s configuration), page accessible but unlinked and README files that expose version number and reveal potential vulnerabilities.

WP Security Optimizer is able to recognize common probing patterns used to look for vulnerabilities in WordPress, sending security notifications to the email address of blog administrator.

The one thing you should do is activate it using the built-in plugin manager of WordPress. WP Security Optimizer does not require any configuration. Just install it!

From within WordPress

  1. Login to your weblog
  2. Go to Plugins
  3. Select Add New
  4. Search for ‘WP Security Optimizer’
  5. Select Install Now
  6. Activate WP Security Optimizer from your Plugins page.


  1. Download and unzip the plugin
  2. Upload the entire “wp-security-optimizer” directory to the /wp-content/plugins/ directory
  3. Activate the plugin through the Plugins menu in WordPress


  • WP Security Optimizer can block username enumeration made with security assessment toolkit like WPScan
  • Smart features like "Scan Avoidance Technology" ensures false-positives in security scanner that analyze your site
  • WP Security Optimizer will protect you from plugin discovery attack
  • Stay secure against hackers that use themes discovery techniques on your WordPress installation
  • Flooding hacker with fake reply, WP Security Optimizer will temporary hang WPScan client
  • WPScan protection: hacker will obtain an unreadable report with 20700+ wrong data
  • Control Center administration page and menu


دجنبر 12, 2017
It improves security without any configuration from user. Simple to use and very effective, it does what it says.
أبريل 10, 2017
I've downloaded this plugin today, I'm a sysadmin and I could see the effects of the plugin. Helpful
Read all 8 reviews

Contributors & Developers

“WP Security Optimizer” is open source software. The following people have contributed to this plugin.




  • Tweak: WordPress signatures updated


  • Tweak: WordPress signatures updated


  • Tweak: WPScan signatures updated


  • Tweak: WPScan signatures updated


  • Tweak: WPScan signatures updated
  • Add: Donation feature


  • Tweak: File Integrity Check signatures updated


  • Tweak: File Integrity Check signatures updated


  • Tweak: File Integrity Check signatures updated


  • Tweak: Reporting system has been improved
  • Tweak: File Integrity Check signatures updated


  • Tweak: File Integrity Check signatures updated


  • Add: File Integrity Check (FIC) functionality search for PHP scripts saved into “uploads” folder
  • Tweak: Reporting graphs implemented


  • Add: Switchable email alerting settings on WPScan detection
  • Tweak: Directory listing protection enhanced


  • Add: Support for HTTP and HTTPS upstream proxies for brute force attacks. The X-Forwarded-For request header help you to identify the real client IP address


  • Add: File Integrity Check (FIC): A critical functionality for WordPress security. The administrative user will be notified about corrupted and infected PHP files stored into “wp-admin” and “wp-includes” folders


  • Add: Filter for WhatWeb’s default User-Agent


  • Add: Prevents brute force attacks by monitoring invalid login attempts
  • Add: Notifications by email on brute force attacks
  • Add: Attacks Reporting Section in Control Center menu


  • Add: Block brute force and dDoS attack via XML-RPC


  • Tweak: Hide its ‘readme’ file preventing to expose own version number


  • Fix: Fixed logo image path in Control Center menu


  • Add: Control Center administration page and menu


  • Add: E-mail notifications has now geolocation support to trace hacker’s IP


  • Tweak: Does not replace “X-Meta-Generator” header for admin users


  • First public release