Fonctionnalité Plugin — Free

WordPress Security — Protect your site in a few clicks

Every day, thousands of WordPress sites are targeted by automated attacks. Exposed versions, open XML-RPC, user enumeration: all entry points for bots. WP Swiss Knife applies security best practices recommended by experts in one click, without touching the code.

Download the plugin View pricing

What this feature does

Hide WordPress version

Removes the version number from the source code, RSS feeds and HTTP headers to prevent scanners from identifying known vulnerabilities in your version.

Disable XML-RPC and REST API

Blocks XML-RPC requests (brute-force and DDoS attack vector) and restricts the REST API to logged-in users only.

Custom login URL

Replace /wp-login.php with a secret URL of your choice. Bots targeting the default URL will receive a 404 error.

Login attempt limiting

Automatically blocks an IP address after a configurable number of failed attempts, with progressive ban duration.

Sensitive file protection

Blocks direct access to wp-config.php, .htaccess, readme.html, xmlrpc.php files and sensitive directories via server rules.

HTTP security headers (Pro)

Configures HSTS, Content-Security-Policy, Permissions-Policy, X-Frame-Options and X-Content-Type-Options to protect against clickjacking, XSS and injections.

Gratuit vs Pro

Commencez gratuitement, passez à la version supérieure quand vous êtes prêt.

Included for free

  • Hide WordPress version
  • Disable XML-RPC
  • Restrict REST API to logged-in users
  • Disable comments
  • Block user enumeration
  • Custom login URL
  • Login attempt limiting
  • Generic error messages
  • Sensitive file protection
  • Force HTTPS

Pro features

  • reCAPTCHA v3 on login form
  • HSTS headers with configurable duration
  • Customizable Content-Security-Policy
  • Granular Permissions-Policy

How it works

1

Enable protections

Check the desired security options from the plugin's Security tab. Each setting comes with a clear explanation.

2

Customize your rules

Set your secret login URL, the number of allowed attempts and the HTTP headers to enable based on your needs.

3

Your site is protected

Rules are applied instantly. Check the login logs to verify that attacks are properly blocked.

Frequently asked questions

No. Each option is independent and can be disabled at any time. The plugin checks compatibility before applying changes and offers a safe mode in case of issues.
Yes. The custom URL works with all popular cache plugins. Simply make sure to exclude your new URL from caching rules.
After a configurable number of failed attempts (default 5), the IP address is temporarily blocked. The blocking duration increases progressively in case of repeated offenses.
No. reCAPTCHA v3 works in the background without any user interaction. It assigns an invisible trust score and only blocks bots.
Yes, the plugin injects headers via PHP, which works on all hosts. For Apache, .htaccess rules are also generated for better performance.

Also discover

Activity Logs — Track everything happening on your site

Record logins, plugin actions and modifications on your WordPress site. Export to CSV, JSON or PDF. Advanced filters.

Learn more

Security Audit — Score and remote configuration

Get a security score /100 for each site, check SSL and vulnerable plugins, configure security remotely from the portal.

Learn more

Maintenance Mode — Pause your site in one click

Enable an elegant maintenance mode with custom page, admin exceptions and temporary password access. Simple and free.

Learn more

Ready to try?

Téléchargez le plugin gratuitement et activez cette fonctionnalité en quelques clics.

Download the plugin View pricing