Skip to main content
The Security page is a five-tab suite covering login protection, server hardening, core file integrity, and two-factor authentication. A separate Security Scanner page provides proactive threat detection with malware scanning, CVE lookups, SSL monitoring, and core version checks.

Status cards

The Overview tab displays six status cards — one per feature. Each card shows an On (green) or Off badge so you can assess your security posture at a glance.
FeatureWhat the card shows when active
Admin URLThe custom login slug (e.g. /my-secret-login)
Login LimiterThe configured max-attempts threshold
IP BlocklistNumber of blocked IPs / CIDR ranges
XML-RPC”Disabled”
Hide WP Version”Version hidden”
Two-Factor Auth”TOTP active”
Below the cards, the tab shows your current WordPress version and locale with a link to the Integrity tab where you can verify core files.

Security Suite tabs

Login security

Custom admin URL, login attempt limiter, and lockout log.

Security hardening

Disable XML-RPC, hide WordPress version, and manage the IP blocklist.

Core file integrity

Compare every wp-admin and wp-includes file against official wordpress.org checksums.

Two-factor authentication

TOTP-based 2FA per admin account with QR code setup and backup codes.

Security Scanner

The Security Scanner is a separate page (accessible from the System section of the sidebar) with four tabs of its own: Overview, Malware Scanner, Vulnerabilities, and SSL & Core.

Security scanner

Malware detection, CVE vulnerability checks, SSL certificate monitoring, and PHP/core version status — available since v2.7.0.

Build docs developers (and LLMs) love

Get started for freeTalk to us