Admin Tools for WordPress

Emergency Off-Line switch

Put your site securely off-line in the case of an attack

Core

Pro

Master Password

Prevent that client from breaking their site by »doing nothing«

Core

Pro

Password protect WP administration

Protect access to your WordPress administration (wp-admin) directory with a username and password.

Core

Pro

Customize Permissions

ACL: fine-grained permissions, controlling which Admin Tools features each user can access.

Core

Pro

Change File & Folder Permissions

Easily change the permissions of all files and folders on your server. Permissions are fully customizable.

Core

Pro

On-the-fly link rewrite

Automatically rewrite links to point to your new site. Optionally convert HTTP links to HTTPS.

Core

Pro

Update WordPress salts

Update the WordPress salts in wp-config.php for maximum security when you create copies of sites.

Core

Pro

Password expiration

Force users to change their passwords at a regular interval you define. You can choose which roles this policy applies to.

Core

Pro

Post auto-save optimization

Choose how often WordPress auto-saves posts as you edit them and how many revisions of each post it will keep.

Core

Pro

WordPress trash interval

Choose when WordPress will permanently delete posts, pages, attachments and comments from the trash bin. Or have it skip the trash bin altogether.

Core

Pro

Manage WordPress hidden features

Easily manage WordPress features which are normally only accessible by editing the wp-config.php file such as: disable file editing, WordPress debug mode and debug log, JavaScript concatenation, memory limit and WordPress page caching.

Core

Pro

Repair and optimise tables

Repair and optimise all of your site's database tables

Core

Pro

URL redirection

Redirect old URLs or make your own URL shortener.

Core

Pro

Malware detection

Monitor your site for changed or added PHP files and assess their potential for malicious behaviour.

Core

Pro

Settings import / export

Easily duplicate Admin Tools settings between your WordPress sites.

Core

Pro

.htaccess Maker

Disable directory listings

Core

Pro

Protect against common file injection attacks

Core

Pro

Disable PHP Easter Eggs

Core

Pro

Block access to security-sensitive files

Block web access to files such as htaccess.txt, php.ini, wp-config-sample.php or readme.html in your site's root

Core

Pro

Protect against clickjacking

Core

Pro

Reduce MIME type security risks

Core

Pro

Reflected XSS prevention

Core

Pro

Remove Apache and PHP version signature

Core

Pro

Prevent content transformation

Core

Pro

Block specific user agents

Core

Pro

Block direct access to arbitrary PHP files

Protection against direct access to PHP files. It can even block access to uploaded hacking scripts, mitigating the attack.

Core

Pro

Force index.php parsing before index.html

Core

Pro

Optimise expiration time

(good for SEO)

Core

Pro

Compress static resources

Automatically compress static resources such as images, CSS, JS

Core

Pro

Redirect index.php to site root

Core

Pro

Redirect www / non-www

Redirect www to non-www, or non-www to www site, e.g. http://example.com to http://www.example.com

Core

Pro

Redirect old domain name to new domain name

Core

Pro

Force HTTPS for specific URLs

Force HTTPS even when WordPress doesn't let you to

Core

Pro

HSTS header

Increase HTTPS security by telling browsers to never access the unprotected HTTP version of your site.

Core

Pro

Disable HTTP methods TRACE and TRACK

Protect your site against XST attacks

Core

Pro

Control the Cross-Origin Resource Sharing (CORS) policy of your site

Core

Pro

Control if and what ETags will be sent

Optimize client-side caching of your site's content, especially when it's behind a load balancer.

Core

Pro

Web Application Firewall

Customised exceptions

Make specific URLs or URL patterns exempt from firewall protection

Core

Pro

Full logging of security exceptions

Core

Pro

E-Mail Notification at security exception

Send out an email when a security exception occurrs

Core

Pro

IP black-listing

Prevent access to your site by specific IP addresses or blocks of IP addresses

Core

Pro

Administrator IP whitelist

Only allow access to your site's administrator section by specific blocks of IP addresses

Core

Pro

Administrator secret URL parameter.

You can only access the administration (wp-admin) pages if you append ?secretWord to the URL. The secret word is customisable.

Core

Pro

Change administrator login URL

(e.g. use http://www.example.com/mylogin instead of http://www.example.com/wp-login)

Core

Pro

Away schedule

Prevent logging into wp-admin during a preset period every day, e.g. when you're definitely asleep.

Core

Pro

SQLiShield protection

Against SQL injection attacks

Core

Pro

Remote File Inclusion block

(RFIShield)

Core

Pro

Remote PHP protocol block

(PHPShield)

Core

Pro

Direct File Inclusion shield

(DFIShield)

Core

Pro

Uploads scanner

(UploadShield)

Core

Pro

Anti-spam filtering

Based on Bad Words list

Core

Pro

Custom login error message

Don't tell the bad guys if a certain username exists on your site or not

Core

Pro

Remove RSS links

Core

Pro

Remove blog client links

Core

Pro

Change login session duration

Core

Pro

Disable editing users' properties

Prevent Administrator / Super Administrator accounts from being edited.

Core

Pro

Block email domains from user registration

Core

Pro

Hide/customise generator meta tag

Core

Pro

Project Honeypot's HTTP:BL integration

Integration with Project Honeypot's HTTP:BL anti-spam / anti-hacker IP blocking directory

Core

Pro

Auto-ban IPs

Auto-ban IPs causing excessive security exceptions (fully customisable)

Core

Pro

Login E-Mail Notification

Send email on successful or failed administrator login

Core

Pro

Customisable email templates and rate throttling for Admin Tools emails

Core

Pro