Title: SiteLock Security – WP Hardening, Login Security & Malware Scans Author: SiteLock Published: 2 mai 2013 Last modified: 7 aprilie 2026 --- Caută module ![](https://ps.w.org/sitelock/assets/banner-772x250.png?rev=3500997) ![](https://ps.w.org/sitelock/assets/icon.svg?rev=3500997) # SiteLock Security – WP Hardening, Login Security & Malware Scans De [SiteLock](https://profiles.wordpress.org/sitelocksecurity/) [Descarcă](https://downloads.wordpress.org/plugin/sitelock.5.1.1.zip) * [Detalii](https://ro.wordpress.org/plugins/sitelock/#description) * [Recenzii](https://ro.wordpress.org/plugins/sitelock/#reviews) * [Instalare](https://ro.wordpress.org/plugins/sitelock/#installation) * [Dezvoltare](https://ro.wordpress.org/plugins/sitelock/#developers) [Suport](https://wordpress.org/support/plugin/sitelock/) ## Descriere > **🌟 Completely redesigned in Version 5.0 — now even stronger with 2FA in 5.1 > 🌟** > The SiteLock WordPress plugin was recently rebuilt with three goals: make it faster, > make it clearer and move the heavy work to the cloud. We built a cloudfirst architecture, > modernized UI, expanded security controls and stripped out everything that didn’t > need to be there. Our latest 5.1 release builds on that foundation with TwoFactor > Authentication (2FA) to strengthen login security and give you tighter control > over access. > **The big changes:** > – 🔒 Enhanced WordPress-specific hardening and login security > controls – ☁️ Cloud-powered scanning architecture for zero performance impact – > 🩺 New Site Health interface that shows you what matters in one view – ⚡ Streamlined > controls (fewer clicks to get protected) – ✨ Modern codebase built for the WordPress > you’re actually using today – 🔢 Two-Factor Authentication (2FA) now available > for stronger login protection > If you used the old plugin: this is a different tool. If you’re new: you’re starting > with the cleanest, fastest version of the plugin. Your website deserves protection that’s simple, fast and built for WordPress. SiteLock WordPress Security focuses on the everyday controls that matter most and helps you establish a secure baseline in minutes — WordPress-specific hardening, login protection with Two-Factor Authentication (2FA) and a clear Site Health dashboard that keeps you in control without slowing your site down. It’s lightweight, action-first protection that complements your host defenses: essential safeguards run inside WordPress while deeper checks happen securely in the SiteLock cloud. Skip heavy on-server scans and alert fatigue — run on-demand checks when you need extra assurance, so you can ship updates with confidence. #### Security that grows with you Our goal is straightforward: maintain a strong baseline with minimal overhead while giving you clear visibility and room to grow as your needs evolve. And because security is never static, this plugin keeps pace. Two-Factor Authentication (2FA) is now available to strengthen login security with an extra layer of protection. #### Commercial plugin This plugin is free but offers additional paid commercial upgrades or support. ### What’s included #### WordPress Hardening: Cut common attack paths in just a few clicks * Disable directory listing * Restrict PHP execution in upload folders * Limit unsafe script types * Force strong configuration defaults to close risky gaps _All options are toggle-based and reversible — safe to enable, easy to test and lightweight on performance._ #### Login Security: Protect what matters most — your access * **Two-Factor Authentication (2FA)**: Add a second layer of verification to protect admin access * **Brute-force defense**: Blocks repeated failed logins and temporarily locks abusive IPs * **Password policy prompts**: Encourage stronger credentials without breaking workflows * **Session timeouts**: Automatically end idle sessions to prevent account hijacks * **Activity awareness**: View recent logins and admin changes in the **Activity Log** #### Site Health & Cloud Checks: Clarity without noise * **Site Health Dashboard**: Surface key signals in one view — WordPress hardening status, last scan timestamp and actionable indicators * **Cloud Checks**: Connect your free SiteLock account to enable recurring off- server checks (Webpage Scan, SSL Verification, Email Reputation and more) * **Scan Now**: Run on-demand checks after updates or changes for instant assurance— no heavy, always-on local scanners * **Activity Log**: Track what’s happening across your WordPress admin. See admin/ login events at a glance making it easy to spot anomalies early and keep accountability clear #### Why Choose SiteLock WordPress Security? * **Lightweight by design**: All high-impact protections, no unnecessary load * **Real visibility**: Know your security posture in seconds with Site Health * **Cloud-powered assurance**: Checks run off-server, protecting performance * **Flexible setup**: Use standalone or connect a SiteLock account for added layers * **Strong login protection**: Two-Factor Authentication (2FA) alongside brute- force defense and session controls * **Trusted heritage**: From the global leader in SMB website security backed by continuous innovation and research * **Aligned to WordPress**: Designed to stay out of your way and keep performance priorities intact #### Who It’s For * Small businesses & startups * Portfolio & personal brand sites * WooCommerce shops & small e-commerce * Agencies & website maintenance services * Freelance developers & web designers * Bloggers, creators & publishers * Community & membership sites * Nonprofits & educational sites _If you manage a WordPress website, SiteLock gives you confidence and control whether you run one site or hundreds._ #### Can I Fix an Already-Infected Site with This Plugin? The plugin focuses on prevention, posture and visibility — not full malware removal. It isn’t designed to fully clean up sites that were infected before it was active. If your site is already compromised, act quickly, we recommend: * Restoring from a clean backup if available * Remove malicious files manually or with professional help * For urgent assistance, consider [SiteLock 911 – Emergency Malware Removal](https://www.sitelock.com/products/fix-hacked-site/) for rapid cleanup * For ongoing defense, consider [choosing a comprehensive SiteLock plan](https://www.sitelock.com/pricing/) #### Don’t Know Where To Start? Try This Here are common first moves teams take with SiteLock. Order isn’t enforced — choose what fits your site and workflow: * Enable WordPress hardening that matches your hosting and theme setup * Turn on Login Security controls: brute-force lockouts, session timeouts, and password-hygiene prompts * Connect a free SiteLock account, then use Scan Now to run an on-demand check after plugin/theme updates * Review the Activity Log after major changes to spot unexpected admin/login events quickly Make one change at a time, validate and roll back any toggle that conflicts with your stack. #### Need Help with Setup or Fixes? * Visit [Help Center – WordPress](https://www.sitelock.com/help-center/?topics=wordpress-plugin) for plugin specific help * For broader topics explore the [SiteLock Help Center](https://www.sitelock.com/help-center/) #### Security Protecting our customers and systems is a top priority, and we take security very seriously. If you believe you’ve found a security vulnerability in the SiteLock WordPress plugin, please let us know at vuln-reporting@sitelock.com before sharing any details publicly. ## Capturi ecran * [[ * **Dashboard** — overview with Site Health * [[ * **Login Security** — 2FA, brute force defense, password hygiene and session timeouts * [[ * **WordPress Hardening** — one-click toggles for secure defaults * [[ * **Activity Log** — recent admin/login events at a glance * [[ * **Cloud Checks** — on-demand and recurring scans from the SiteLock cloud ## Instalare #### Getting Started 1. In Plugins Add New, search “SiteLock Security”, then Install and Activate 2. Open SiteLock from the left menu 3. Choose your setup path: a. Use free baseline protections (no account required) or b. Connect your SiteLock account (or create one) to enable cloud checks and add broader protections (optional) 4. Toggle the WordPress hardening and login protections that fit your site 5. After you’ve connected a SiteLock account (free tier supported), Scan Now runs an on-demand check and recurring scans run by default to keep your site monitored at all times ## Întrebări frecvente ### Will this slow my site? No, the plugin is designed to be lightweight. SiteLock security scans run in the SiteLock cloud, so both recurring scans and on-demand checks are processed off-site, keeping the resource impact on your WordPress site minimal. Locally, the plugin applies optional website hardening and login hygiene. These actions are event-driven with negligible impact on typical page loads. Bottom line: cloud-powered scanning plus low-overhead local controls deliver ongoing monitoring with minimal footprint in WordPress. ### Does this plugin run constant background scans? No. The plugin focuses on low-impact protections and on-demand checks you control. ### Where do I see results inside WordPress? The Site Health view shows status at-a-glance. The Cloud Services panel shows your latest cloud scan status and findings. For full history, use your SiteLock dashboard. ### Can I use the plugin without a SiteLock account? Yes, you can use the free plugin features without an account. Core hardening and login security work out of the box. Connect a free SiteLock account to unlock Site Health, Scan Now and recurring Cloud Checks. Paid SiteLock plans add deeper malware and vulnerability scans. ### What happens if I disconnect my SiteLock account? Local protections continue to work. Cloud scans, if configured, will continue to operate but data will not be pulled into the plugin unless they’re connected with a license key. ### What’s included in the free SiteLock tier vs paid? The free plugin includes WordPress Hardening and Login Security. Connect a free SiteLock account to unlock the Site Health view, enable recurring Email Reputation Scan, SSL Monitoring, Webpage and Vulnerability scans + Scan Now on-demand checks. Paid plans add SMART File and SMART Database scans. ### Can I safely disable features? Yes. Every hardening toggle is reversible — disable and retest anytime. ### Does this replace my firewall or CDN? No. This plugin sets your on-site baseline. For active blocking and performance protection, connect a full SiteLock plan to enable the SiteLock Firewall (WAF) and CDN. ### What about Two-Factor Authentication (2FA)? Enhanced protection is here — Two-Factor Authentication (2FA) is now available. It adds an extra verification step on top of our existing login protections and works with authenticator apps like Google Authenticator and Microsoft Authenticator. ### Will 2FA be required or optional? For security, 2FA is required for all accounts. Users have a 7-day enrollment window to complete setup. ### What changes does this plugin make that could affect my site? Nothing changes until you enable a setting. Login features don’t alter your theme or content. Some hardening options intentionally tighten execution rules and may impact edge cases, for example: – Deny Access to Unsafe Script Extensions: blocks execution of unexpected script types (phtml, phar, cgi, pl, py, asp, aspx, jsp). If your site needs one of these, don’t enable this toggle. – Harden Writable Directories: blocks PHP execution in /wp-content/uploads. Plugins/themes that execute PHP there may stop working. **Best practice**: enable settings gradually, test and revert any toggle that conflicts with your stack. ### What is the Site Health view? It’s a simple, low-impact status view of key checks. ### What is “Scan Now”? An on-demand check for key items — useful after you update plugins/themes or change configuration. It does not perform heavy on-server scans. ## Recenzii ![](https://secure.gravatar.com/avatar/bae40eae49c504b6c3ffe6af6c0a1284ada87b8ccfd63e21eea1e4f0d6f51153? s=60&d=retro&r=g) ### 󠀁[SiteLock Security WordPress Plugin](https://wordpress.org/support/topic/sitelock-security-wordpress-plugin/)󠁿 [Seb](https://profiles.wordpress.org/seby416/) 15 ianuarie 2026 The SiteLock Security WordPress plugin is a lightweight WordPress security tool aimed at giving site owners essential protections with minimal performance impact. It focuses on baseline hardening (e.g., blocking unsafe scripts and tightening directory permissions) and login security (e.g., brute-force protection, session timeouts, and strong password enforcement) right from your WordPress dashboard. Cloud-powered scans and on-demand checks help you monitor your site’s status without consuming server resources. ![](https://secure.gravatar.com/avatar/f91b97884b72c24ca2f9de8e3f8e2b868c8fe324e8a64103eddfb5c6488174b5? s=60&d=retro&r=g) ### 󠀁[SSL verification not working](https://wordpress.org/support/topic/ssl-verification-not-working/)󠁿 [wujanowski](https://profiles.wordpress.org/wujanowski/) 6 decembrie 2023 Since the start of the service SiteLock is not able to connect to my (verified) domain and verify the SSL certificate. Support reactions are far from satisfying. ![](https://secure.gravatar.com/avatar/c31540dbd48bbb368e69ec20d87170c91d2c86b8791b40cf38a9af1f647cf419? s=60&d=retro&r=g) ### 󠀁[Bad product, worse customer support](https://wordpress.org/support/topic/bad-product-worse-customer-support/)󠁿 [oliverrealize](https://profiles.wordpress.org/oliverrealize/) 3 ianuarie 2019 1 răspuns They will show false positives for Google Analytics tag, then charge you to remove it, then send you an email saying they were wrong and it was a false positive and that they didn’t actually remove any malware, but won’t refund your money. ![](https://secure.gravatar.com/avatar/9db99afc3eb55bd00b25244530e2eb334fe3d1b765f97662783b01798d41ba72? s=60&d=retro&r=g) ### 󠀁[I’m thankful when SiteLock warns me about a malicious site](https://wordpress.org/support/topic/im-thankful-when-sitelock-warns-me-about-a-malicious-site/)󠁿 [kcampana](https://profiles.wordpress.org/kcampana/) 24 aprilie 2017 With my extensive travels, festival reviews and listing of nearly 1,000 Ohio festivals, it’s impossible for me to constantly check the safety of the thousands of outgoing links found on my website. That’s why I’m thankful when SiteLock warns me about a malicious site so that I can quickly remove the bad link before my readers click on it. ![](https://secure.gravatar.com/avatar/72295600a43d31544050ad2bccdc1677cfdef4b33d1c5a5493a0811633fdbc19? s=60&d=retro&r=g) ### 󠀁[Definitely understand customer service](https://wordpress.org/support/topic/definitely-understand-customer-service/)󠁿 [ahorowitz](https://profiles.wordpress.org/ahorowitz/) 18 aprilie 2017 SiteLock employees definitely understand customer service. When I signed up for Sitelock’s website security service, I was also in the middle of changing web hosting companies, transferring my domain name and getting my website redesigned in the wake of my previous website having been hacked and rendered useless. Steve (my SiteLock security consultant) went the extra mile and helped with some things that weren’t even his responsibility. ![](https://secure.gravatar.com/avatar/3d0d0319bd1075dd0a57b64dbc9b6b6c84248ec0777a6285ca147efa32f3114c? s=60&d=retro&r=g) ### 󠀁[Our site is secure!!](https://wordpress.org/support/topic/our-site-is-secure/)󠁿 [jkinskey](https://profiles.wordpress.org/jkinskey/) 7 aprilie 2017 Our website had been compromised previously, each time causing reduced search engine traffic and a lot of time and money to fix the issues. And, we still could not figure out how it was happening. The SiteLock engineers found the holes and thoroughly cleaned our site. Now with SiteLock’s daily scanning…, our site is secure!! [ Citește toate cele 14 recenzii ](https://wordpress.org/support/plugin/sitelock/reviews/) ## Contributori și dezvoltatori „SiteLock Security – WP Hardening, Login Security & Malware Scans” este un software open-source. La acest modul au contribuit următoarele persoane. Contributori * [ SiteLock ](https://profiles.wordpress.org/sitelocksecurity/) * [ SiteLock ](https://profiles.wordpress.org/sitelock/) * [ tlow ](https://profiles.wordpress.org/tlow/) „SiteLock Security – WP Hardening, Login Security & Malware Scans” a fost tradus în 5 locale. Mulțumim [traducătorilor](https://translate.wordpress.org/projects/wp-plugins/sitelock/contributors) pentru contribuția lor. [Tradu „SiteLock Security – WP Hardening, Login Security & Malware Scans” în limba ta.](https://translate.wordpress.org/projects/wp-plugins/sitelock) ### Te interesează dezvoltarea? [Răsfoiește codul](https://plugins.trac.wordpress.org/browser/sitelock/), vezi [depozitarul SVN](https://plugins.svn.wordpress.org/sitelock/), sau abonează-te la [jurnalul de dezvoltare](https://plugins.trac.wordpress.org/log/sitelock/) prin [RSS](https://plugins.trac.wordpress.org/log/sitelock/?limit=100&mode=stop_on_copy&format=rss). ## Istoric modificări #### 5.1.1 _Release Date April 7, 2026_ * Feature: New SiteLock branding #### 5.1.0 _Release Date February 19, 2026_ * Feature: Added new Two-Factor Authentication (2FA) functionality to improve login security * Fix: Improved license key validation flow * Fix: Improved WordPress hardening handling to prevent .htaccess update issues * Fix: Improved report data freshness, including last scan and next scheduled scan date handling * Fix: Minor UI improvements * Perf: Reduce database queries and standardize admin enqueue logic #### 5.0.3 _Release Date February 11, 2026_ * Security: Improved admin permission checks for restricted functions #### 5.0.2 _Release Date December 12, 2025_ * Feature: Queue new cloud scans directly from plugin * Fix: Support license key activation on subdirectory installs * Fix: Minor admin UI improvements * Fix: Improve admin load times #### 5.0.1 _Release Date November 10, 2025_ * Security updates. #### 5.0.0 _Release Date November 4, 2025_ **Enhancements** * License key–based connection flow (SSO-compatible) replacing legacy auth. * Full UI redesign aligned with SiteLock dashboard + WordPress admin standards. * WordPress Hardening features: - Disable directory listing. - Block execution of unsafe script extensions. - Basic XSS / SQL Injection request filtering. - Block PHP execution inside writable asset directories (e.g. ‘wp-content/uploads’). * Login Security features: - Login lockout (rate limiting after repeated failures). - Forced logout time controls by role. - Password strength enforcement (new users & password changes). - Login Activity Log (role-aware). - Admin Audit Log (tracks privilege & role changes). * In-dashboard Security Report providing an overview of your latest SiteLock security scans. * Site Health score indicator in wp-admin. * Improved signup flow for new users. **Deprecated** * SiteLock Trust Seal HTML embed. * Post scanning functionality (legacy). * Admin Dashboard Widget, Admin Bar dropdown. * Post editor metaboxes. * WAF & CDN settings panel (SiteLock Dashboard preferred). **Migration / Upgrade Notes** * After updating, go to: SiteLock > Settings > SiteLock Plan & License and enter your new license key (required going forward). #### 4.2.4 _Release Date July 31, 2024_ * This release improves compatibility with WordPress 6.6. * Now requires a minimum PHP version of 7.2. #### 4.2.3 _Release Date October 12, 2023_ * This release improves compatibility with WordPress 6.3. * Now requires a minimum PHP version of 7.0. #### 4.2.2 _Release Date October 28, 2022_ * Security updates. #### 4.2.0 _Release Date July 6, 2022_ * Updated to support WordPress 6.0. * SiteLock WordPress Plugin provides complete website security management without leaving WordPress. #### 4.1.0 _Release date: November 9, 2020_ * Updated to support PHP 7.4 and WordPress 5.5. * Support for new SiteLock API improvements. * Better error handling for sites without an active subscription. * Fixed PHP notices. * Regained access to our account, so we can continue providing updates! #### 4.0.5 _Release date: April 20, 2017_ * Resolved minor PHP warning message. #### 4.0.4 _Release date: December 8, 2016_ * Resolves bug with badge settings. #### 4.0.3 _Release date: December 6, 2016_ * This release improves compatibility with WordPress 4.7. #### 4.0.2 _Release date: December 3, 2016_ * Restores missing file needed for source code scan. ## Meta * Versiunea **5.1.1** * Ultima actualizare **Acum o săptămână** * Instalări active: **1.000+** * Versiune WordPress ** 3.8 sau mai recentă ** * Testat până la **6.9.4** * Versiune PHP ** 8.0 sau mai recentă ** * Limbi * [Danish](https://da.wordpress.org/plugins/sitelock/), [Dutch](https://nl.wordpress.org/plugins/sitelock/), [English (South Africa)](https://en-za.wordpress.org/plugins/sitelock/), [English (UK)](https://en-gb.wordpress.org/plugins/sitelock/), [English (US)](https://wordpress.org/plugins/sitelock/) și [Russian](https://ru.wordpress.org/plugins/sitelock/). * [Tradu în limba ta](https://translate.wordpress.org/projects/wp-plugins/sitelock) * Etichete * [login security](https://ro.wordpress.org/plugins/tags/login-security/)[malware scan](https://ro.wordpress.org/plugins/tags/malware-scan/) [site health](https://ro.wordpress.org/plugins/tags/site-health/)[vulnerability scanner](https://ro.wordpress.org/plugins/tags/vulnerability-scanner/) [wordpress security](https://ro.wordpress.org/plugins/tags/wordpress-security/) * [Vizualizare avansată](https://ro.wordpress.org/plugins/sitelock/advanced/) ## Evaluări 3.4 din 5 stele. * [ 8 5 – recenzii (stele) ](https://wordpress.org/support/plugin/sitelock/reviews/?filter=5) * [ 0 4 – recenzii (stele) ](https://wordpress.org/support/plugin/sitelock/reviews/?filter=4) * [ 0 3 – recenzii (stele) ](https://wordpress.org/support/plugin/sitelock/reviews/?filter=3) * [ 1 2 – recenzie (stele) ](https://wordpress.org/support/plugin/sitelock/reviews/?filter=2) * [ 5 1 – recenzii (stele) ](https://wordpress.org/support/plugin/sitelock/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/sitelock/reviews/#new-post) [Vezi toate recenziile](https://wordpress.org/support/plugin/sitelock/reviews/) ## Contributori * [ SiteLock ](https://profiles.wordpress.org/sitelocksecurity/) * [ SiteLock ](https://profiles.wordpress.org/sitelock/) * [ tlow ](https://profiles.wordpress.org/tlow/) ## Suport Ai ceva de zis? Ai nevoie de ajutor? [Vezi forumul pentru suport](https://wordpress.org/support/plugin/sitelock/)