readme.txt — Security Optimizer – The All-In-One Protection Plugin 1.6.1

sg-security / readme.txt

sg-security Last commit date

assets 4 weeks ago core 4 weeks ago templates 4 weeks ago vendor 4 weeks ago react-strings.php 4 weeks ago readme.txt 4 weeks ago sg-security.php 4 weeks ago uninstall.php 4 weeks ago

readme.txt

511 lines

1	=== Security Optimizer - The All-In-One Protection Plugin ===
2	Contributors: Hristo Sg, siteground, sstoqnov, stoyangeorgiev, elenachavdarova, ignatggeorgiev, asparuhtenev
3	Tags: security, firewall, malware scanner, web application firewall, login
4	Requires at least: 4.7
5	Tested up to: 6.9
6	Requires PHP: 7.0
7	Stable tag: 1.6.1
8	License: GPLv3
9	License URI: http://www.gnu.org/licenses/gpl-3.0.html
10
11	Secure your WordPress site from brute-force attacks, threats, malware, and bots. Free to use and easy to set up.
12
13	== Description ==
14
15	Bulletproof your website security in a few clicks against a range of security breaches, including brute-force attacks, malware threats and bots, with our free WordPress security plugin - Security Optimizer.
16
17	Proactively monitor your site’s security to detect any suspicious activity and take immediate actions to protect your site and prevent further damage with these essential features:
18
19	* Enable 2FA (Two-Factor Authentication) for an extra layer of website security
20	* Set Limit Login Attempts to deter malicious login attempts and brute-force attacks
21	* Change your default login URL to Custom Login URL to avoid attacks
22	* Activate Advanced XSS Protection to fortify your website against malicious attacks
23	* Lock and Protect System Folders to ensure no unauthorized or malicious scripts can be executed in your system folders
24	* Disable Themes & Plugins Editor to safeguard your website from unauthorized access via the WordPress editor
25	* Hide WordPress Version effortlessly, keeping it hidden from prying eyes
26	* Use Activity Log to monitor your site and quickly prevent malicious actions
27	* Post-Hack Actions to take immediate actions and prevent further damages
28
29	Developed by the website security experts at [SiteGround](https://www.siteground.com/wordpress-plugins/siteground-security) and trusted by over 900,000 webmasters for its robust security shield and ease of use to safeguard WordPress applications from possible attacks on any hosting platform.
30
31	= AWARDS: =
32
33	[Monster Awards 2022](https://www.templatemonster.com/awards/winners-2022/): Best WordPress Security Plugin 🥇
34	[Monster Awards 2021](https://www.templatemonster.com/awards/winners-2021/): Best WordPress Security Plugin 🥇
35
36	= Plugin Video =
37	[youtube https://www.youtube.com/watch?v=FOheCz7sm9A]
38
39	= Plugin Tutorial =
40
41	Unveil the vast array of features and unleash the full potential of our security plugin in our [Security Optimizer Tutorial](https://www.siteground.com/tutorials/wordpress/sg-security/).
42
43	== SITE PROTECTION FEATURES ==
44
45	Safeguard your WordPress application using our powerful site security toolset. Our comprehensive features are specifically designed to strengthen your website's defenses against malware, exploits, and various malicious activities. With these tools at your disposal, you can ensure the utmost bot, malware and brute force protection for your website:
46
47	= Lock and Protect System Folders =
48
49	Ensure the maximum security for your application's system folders by preventing the execution of any unauthorized or malicious scripts. The Lock and Protect System Folders feature acts as a powerful shield against potential threats.
50
51	= Hide WordPress Version =
52	Protect your website from mass attacks by hiding the WordPress version, which helps to mitigate version-specific vulnerabilities.
53
54	= Disable Themes & Plugins Editor =
55
56	Enhance the security of your WordPress admin area by disabling the Themes & Plugins Editor, preventing potential coding errors and unauthorized access through the editor.
57
58	= Disable XML-RPC =
59
60	Mitigate potential security risks by disabling the XML-RPC protocol, which has been exploited in various attacks. Please note that disabling XML-RPC will restrict WordPress from communicating with third-party systems. We recommend enabling this feature unless you have a specific need for it.
61
62	= Disable RSS and ATOM Feeds =
63
64	Prevent content scraping and specific attacks on your site by disabling RSS and ATOM feeds. Unless you have readers accessing your site via RSS readers, it is recommended to keep this feature enabled.
65
66	= Advanced XSS Protection =
67
68	Add an extra layer of website security against cross-site scripting (XSS) attacks by enabling Advanced XSS Protection, bolstering the overall security of your website.
69
70	= Delete Default Readme.html =
71
72	Eliminate potential vulnerabilities by deleting the default readme.txt file, which contains information about your website. By removing this file, you reduce the risk of your site being listed in vulnerable sites targeted by hackers.
73
74	== Login Security ==
75
76	= Custom Login Url =
77
78	Personalize your login URL to thwart potential attacks and create a strong entry point. Bid farewell to the default login URL and embrace a bespoke path of your choosing. Additionally, you have the freedom to modify the default sign-up URL as well.
79
80	= Login Access =
81
82	Restrict login page access to specific IP addresses or IP ranges, effectively thwarting malicious login attempts and deterring brute force attacks.
83
84	= 2FA (Two-Factor Authentication) =
85
86	Immerse your website in an impenetrable shield of security with 2FA. This formidable feature demands that all admin users furnish a unique token, generated exclusively through the Google Authentication application, during the login process.
87
88	= Disable Common Usernames =
89
90	Don't fall victim to predictable security breaches! The use of common usernames, such as 'admin,' poses a significant threat to the integrity of your website. Activate this option to disable the creation of common usernames. If any weak usernames already exist, we'll prompt you to provide new, stronger alternatives.
91
92	= Limit Login Attempts =
93
94	Maintain control over unauthorized access attempts with Limit Login Attempts. Set a specific threshold for the number of login failures users can endure before consequences arise. After reaching the limit, the IP address associated with the unsuccessful login attempts will be blocked for one hour. Persistent failures will result in longer restrictions, starting with 24 hours and escalating to a week.
95
96	== ACTIVITY MONITORING ==
97
98	Monitor your website and login page for unauthorized visitors and brute force attempts to prevent malicious actions
99
100	= Activity Log =
101
102	The Activity Log page provides you with a comprehensive view of the activities performed by registered, unknown, and blocked visitors. It allows you to closely monitor any suspicious behavior and take appropriate actions in case of a compromised user, plugin, or hacking attempt. You can leverage the quick tools available to swiftly block future attempts.
103
104	= Weekly Security Reports =
105
106	Receive a weekly traffic summary for your website directly to your inbox. This Weekly Security Report compiles data on both bot and human traffic, along with details about blocked login and visit attempts to proactively monitor traffic and promptly identify suspicious activity.
107
108	== POST-HACK ACTIONS ==
109	Take immediate measures to protect your website if you suspect a compromise and prevent further damage. Here, you'll find convenient solutions to address the situation effectively:
110
111	= Reinstall All Free Plugins =
112
113	In the event of a hack, utilizing the Reinstall All Free Plugins feature can help mitigate potential harm. This action reinstalls all of your free plugins, reducing the likelihood of additional exploits or the reuse of malicious code.
114
115	= Log Out All Users =
116
117	To prevent any further unauthorized activities by users or attackers, you can choose to log out all users instantly using the Log Out All Users feature.
118
119	= Force Password Reset =
120
121	By enforcing a password reset, you can ensure that all users are prompted to change their passwords during their next login. This not only strengthens the security of their accounts but also immediately logs out all currently logged-in users.
122
123	## Requirements ##
124	* WordPress 4.7
125	* PHP 7.0
126	* Working .htaccess file
127
128	== Installation ==
129
130	= Automatic Installation =
131
132	1. Go to Plugins -> Add New
133	1. Search for "Security Optimizer by SiteGround"
134	1. Click on the Install button under the Security Optimizer by SiteGround plugin
135	1. Once the plugin is installed, click on the Activate plugin link
136
137	= Manual Installation =
138
139	1. Login to the WordPress admin panel and go to Plugins -> Add New
140	1. Select the 'Upload' menu
141	1. Click the 'Choose File' button and point your browser to the sg-security.zip file you've downloaded
142	1. Click the 'Install Now' button
143	1. Go to Plugins -> Installed Plugins and click the 'Activate' link under the WordPress Security Optimizer by SiteGround listing
144
145	== Changelog ==
146
147	= Version 1.6.1 =
148	Release Date May 5th, 2026
149
150	* Email Service improvements
151
152
153	= Version 1.6.0 =
154	Release Date Mar 30th, 2026
155
156	* Security improvements
157	* Activity Log improvements
158	* Third-party plugin compatibility improvements
159
160	= Version 1.5.9 =
161	Release Date Jan 15th, 2026
162
163	* Third-party plugin compatibility improvements
164	* Custom URL improvements
165	* Weekly Report improvements
166	* Security Improvements
167
168	= Version 1.5.8 =
169	Release Date Dec 4th, 2025
170
171	* Custom Login improvements
172	* Login Security improvements
173	* Security improvements
174
175	= Version 1.5.7 =
176	Release Date Nov 21st, 2024
177
178	* Translation loading improvements
179
180	= Version 1.5.6 =
181	Release Date: Oct 9th, 2024
182
183	* Custom Login URL improvements
184	* 2FA improvements
185	* Activity Log improvements
186
187	= Version 1.5.5 =
188	Release Date: Sep 18th, 2024
189
190	* Options improvements.
191	* Block Service improvements.
192
193	= Version 1.5.4 =
194	Release Date: Sep 10th, 2024
195
196	* Activity log code improvements.
197	* Salt Shaker code improvements.
198
199	= Version 1.5.3 =
200	Release Date: Aug 27th, 2024
201
202	* Code Improvements.
203
204	= Version 1.5.2 =
205	Release Date: Aug 1st, 2024
206
207	* Improved Custom Login Url handling
208	* Improved Plugins Reinstall actions
209	* Improved Translations
210	* Improved plugin config
211	* Fixed deprecated warnings in custom WP-CLI commands
212
213	= Version 1.5.1 =
214	Release Date: July 17th, 2024
215
216	* Improved Activity log bot detection
217	* Improved Activity log logout handling
218	* Improved 2FA with third-party custom logins
219	* Improved compatibility with third-party plugins
220	* Security improvements related to plugin notices
221
222	= Version 1.5.0 =
223	Release Date: May 23rd, 2024
224
225	* Improved support for PHP 8.2 and 8.3.
226	* Improved plugin configuration.
227
228	= Version 1.4.13 =
229
230	Release Date: Mar 27th, 2024
231
232	* Plugin optimization.
233
234	= Version 1.4.12 =
235
236	Release Date: Feb 20th, 2024
237
238	* Bugfixes related to cookies and 2FA
239
240	= Version 1.4.11 =
241
242	Release Date: Feb 14th, 2024
243
244	* Security improvements related to cookies
245	* Performance improvements
246
247	= Version 1.4.10 =
248
249	Release Date: Jan 11th, 2024
250
251	* Static assets are now part of the plugin package and load locally.
252	* New users will be prompted to give their consent for the collection of technical data upon their initial use of the plugin.
253
254	= Version 1.4.9 =
255
256	Release Date: Dec 12th, 2023
257
258	* Improved detection of bots in activity log
259	* Improved feature “Reinstall All Free Plugins” - deactivated plugins no longer get activated after the reinstall.
260
261	= Version 1.4.8 =
262
263	Release Date: Nov 22nd, 2023
264
265	* Dashboard visuals improvements
266	* Readme file improvements
267	* Weekly Security Report improved translations
268
269	= Version 1.4.7 =
270	Release Date: Oct 24th, 2023
271
272	* Data collection opt out option
273	* Readme file formatting improvements
274	* Plugin name formatting improvements
275	* Weekly Activity Report Sending Schedule Randomisation
276
277
278	= Version 1.4.6 =
279	Release Date: Sept 26th, 2023
280
281	* Changing the name we use inside the plugin from SiteGround Security to Security Optimizer
282	* Updating data collection process and Introducing a link in the plugin interface to the Plugin Privacy notice
283
284	= Version 1.4.5 =
285	Release Date: May 4th, 2023
286
287	* Improved log cleanup
288
289	= Version 1.4.4 =
290	Release Date: May 3rd, 2023
291
292	* Improved Visitors DB table indexing
293	* Block service restored
294
295	= Version 1.4.3 =
296	Release Date: Apr 27th, 2023
297
298	* Block service temporally disabled
299
300	= Version 1.4.2 =
301	Release Date: Apr 27th, 2023
302
303	* Improved Activity Log process and filters
304	* Improved restricted login response code
305	* Improved PHP 8.2 compatibility
306	* Alternative constant added for non-standard cron job usage
307
308	= Version 1.4.1 =
309	Release Date: Feb 23rd, 2023
310
311	* Internal configuration improvements
312
313	= Version 1.4.0 =
314	Release Date: Feb 1st, 2023
315
316	* Internal configuration changes
317
318	= Version 1.3.9 =
319	Release Date: Jan 25th, 2023
320
321	* Improved Foogra Theme support
322
323	= Version 1.3.8 =
324	Release Date: Dec 6th, 2022
325
326	* Improved Rest response
327	* Improved Settings Page checks
328	* Improved Disable Themes & Plugins Editor
329
330	= Version 1.3.7 =
331	Release Date: Nov 15th, 2022
332
333	* SG Security Dashboard bugfix
334	* Improved 2FA Encryption key validation
335	* Improved Custom Login/Register URL validation
336	* Improved LiteSpeed Cache support
337	* Option to use custom 2FA encryption key filepath
338
339	= Version 1.3.6 =
340	Release Date: Nov 8th, 2022
341
342	* Improved 2FA security with encryption
343	* Improved Access Log filters
344	* New WP-CLI command: reset all users 2FA setup
345
346	= Version 1.3.5 =
347	Release Date: Oct 18th, 2022
348
349	* Improved Custom Login URL
350	* Improved Activity log
351
352	= Version 1.3.4 =
353	Release Date: Oct 10th, 2022
354
355	* Install service fix
356
357	= Version 1.3.3 =
358	Release Date: Oct 10th, 2022
359
360	* New Manage Activity Log option
361	* New filter - Disable activity log
362	* Improved Custom login url
363	* Improved WP-CLI support
364	* Improved Jetpack plugin support
365	* Improved error handling
366	* Minor bug fixes
367	* Legacy code removed
368
369	= Version 1.3.2 =
370	Release Date: Sept 21st, 2022
371
372	* 2FA Backup codes security strengthening
373
374	= Version 1.3.1 =
375	Release Date: Sept 13th, 2022
376
377	* 2FA Authentication Security Strengthening
378	* IP Address detection Security Strengthening
379
380	= Version 1.3.0 =
381	Release Date: July 14th, 2022
382
383	* Brand New Design
384	* Improved 2FA Authentication compatibility with Elementor custom login pages
385	* Improved data collection
386	* Minor fixes
387
388	= Version 1.2.9 =
389	Release Date: June 20th, 2022
390
391	* NEW Filters for "Lock and Protect System Folders" excludes
392	* Improved IP Ranges support
393	* Improved Blocked IP addresses list
394	* Improved Delete the Default Readme.html
395	* Improved 2FA Authentication validation
396	* Improved 2FA Authentication support for "My Account" login
397	* Improved Data Collection
398	* Minor fixes
399
400	= Version 1.2.8 =
401	Release Date: May 18th, 2022
402
403	* Improved plugin security
404
405	= Version 1.2.7 =
406	Release Date: April 8th, 2022
407
408	* Minor bug fixes
409
410	= Version 1.2.6 =
411	Release Date: April 7th, 2022
412
413	* 2FA Refactoring
414
415	= Version 1.2.5 =
416	Release Date: April 6th, 2022
417
418	* 2FA Authentication refactoring
419	* Improved Weekly Emails
420	* HTST service deprecated
421
422	= Version 1.2.4 =
423	Release Date: March 16th, 2022
424
425	* Improved Weekly Emails
426	* Improved Woocommerce Payments plugin support
427	* 2FA Authentication Security Strengthening
428
429	= Version 1.2.3 =
430	Release Date: March 11th, 2022
431
432	* 2FA Authentication Security Strengthening
433
434	= Version 1.2.2 =
435	Release Date: March 11th, 2022
436
437	* 2FA Authentication Security Strengthening
438
439	= Version 1.2.1 =
440	Release Date: March 9th, 2022
441
442	* Improved Weekly reports
443	* Improved HTTP Headers service
444	* Code Refactoring
445
446	= Version 1.2.0 =
447	Release Date: February 28th, 2022
448
449	* NEW – Weekly Reports
450	* Code Refactoring and General Improvements
451	* Improved 2FA user role support
452	* Improved error handling
453	* Improved Limit Login IP Range support
454	* Improved Event log
455	* Improved Phlox theme support
456	* Minor fixes
457	* Improved WP-CLI support
458	* Environment data collection consent added
459
460	= Version 1.1.3 =
461	Release Date: October 1st, 2021
462	* Improved Hide WP version functionality
463
464	= Version 1.1.2 =
465	Release Date: August 20th, 2021
466	* Improved Custom Login URL functionality
467	* Improved 2FA
468	* Improved success/error messages
469
470	= Version 1.1.1 =
471	Release Date: August 12th, 2021
472	* Improved 2FA
473	* Improved logout functionality
474
475	= Version 1.1.0 =
476	Release Date: July 27th, 2021
477	* NEW! Added 2FA backup codes to the profile edit page
478	* NEW! Custom login and registration URLs
479	* NEW! Added automatic HSTS headers generation
480	* Improved Disable common usernames functionality
481	* Improved Mass Logout Service
482	* Improved Activity Logging and added custom labeling
483	* Improved Password Reset functionality
484
485	= Version 1.0.4 =
486	* Improved Limit Login Attempts
487
488	= Version 1.0.3 =
489	* Fixed rating box bug on safari
490	* Improved RSS & ATOM Feed Disabler service
491
492	= Version 1.0.2 =
493	* Added filter to configure log lifetime
494	* Added WP CLI support
495	* Improved strings
496
497	= Version 1.0.1 =
498	* Added defaults on install
499	* Improved translation support
500	* Added cleanup on uninstall
501
502	= Version 1.0.0 =
503	* First stable release.
504
505	= Version 0.1 =
506	* Initial release.
507
508	## Data Collection ##
509
510	Collection of technical data is optional and is [listed here](https://www.siteground.com/kb/what-information-wp-plugins-collect). This data is collected only for technical analysis, improvements and the possibility to contact the plugin user in case urgent issues need to be fixed (for example a critical security release that needs to be communicated to site owners). The plugin user can manage their preferences within the WP admin to control the collection of technical data. We advise opting in for this data collection, as it can enhance the plugin's performance. You may find more information on data collection in our [Plugins Privacy Notice](https://www.siteground.com/viewtos/siteground_plugins_privacy_notice).
511