Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)
Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate. Really simple, Effective and Performant WordPress Security Really Simple Security is the most lightweight and easy-to-use security plugin for WordPress. It secures your WordPress website with SSL certificate generation, including proper 301 https redirection and SSL enforcement, scanning for possible vulnerabilities, Login Protection and implementing essential WordPress hardening features. We believe that security should have the absolute minimum effect on website performance, user experience and maintainability. Therefore, Really Simple Security is: Lightweight: Every security feature is developed with a modular approach and with performance in mind. Disabled features won’t load any redundant code. Easy-to-use: 1-minute configuration with short onboarding setup. Security Features Easy SSL Migration Migrates your website to HTTPS and enforces SSL in just one click. 301 redirect via PHP or .htaccess Secure cookies Let’s Encrypt: Install an SSL Certificate if your hosting provider supports manual installation. Server Health Check: Your server configuration is every bit as important for your website security. WordPress Hardening Tweak your configuration and keep WordPress fortified and safe by tackling potential weaknesses. Prevent code execution in the uploads folder Prevent login feedback and disable user enumeration Disable XML-RPC Disable directory browsing Username restrictions (block ‘admin’ and public names) and much more.. Vulnerability Detection Get notified when plugins, themes or WP core contain vulnerabilities and need appropriate action. Login Protection Allow or enforce Two-Factor Authentication (2FA) for specific user roles. Users receive a two-factor code via Email. Improve Security with Really Simple Security Pro Protect your site with all essential security features by upgrading to Really Simple Security Pro. Advanced SSL enforcement Mixed Content Scan & Fixer. Detect files that are requested over HTTP and fix them to HTTPS, both Front- and Back-end. Enable HTTP Strict Transport Security and configure your site for the HSTS Preload list. Firewall Really Simple Security Pro includes a performant and efficient WordPress firewall, to stop bots, crawlers and bad actors with IP and username blocks. 404 blocking – Blocks crawlers as they trigger unusual numbers of 404 errors. Region blocking – Only allow/block access to your site from specific regions. Automated and customisable Firewall rules. IP blocklist and allowlist. Security Headers Security headers protect your site visitors against the risk of clickjacking, cross-site-forgery attacks, stealing login credentials and malware. Independent of your Server Configuration, works on Apache, LiteSpeed, NGINX, etc. Protect your website visitors with X-XSS Protection, X-Content-Type-Options, X-Frame-Options, a Referrer Policy and CORS headers. Automatically generate your WordPress-tailored Content Security Policy. Vulnerability Measures When a vulnerability is detected in a plugin, theme or WordPress core you will get notified accordingly. With Vulnerability Measures, you can configure simple but effective measures to make sure that a critical vulnerability won’t remain unattended. Force update: An update process will be tried multiple times until it can be assumed development of a theme or plugin is abandoned. You will be notified during these steps. Quarantine: When a plugin or theme can’t be updated to solve a vulnerability, Really Simple Security can quarantine the plugin. Advanced Site Hardening Choose a custom login URL Automated File Permissions check and fixer Rename and randomize your database prefix Change the debug.log file location to a non-public folder Disable application passwords Control admin creation Disable HTTP methods, reducing HTTP requests Login Protection Secure your website’s login process and user accounts with powerful security measures. Two-Step verification (Email login) 2FA (two factor authentication) with TOTP Passwordless login with passkey login Enforce strong passwords and frequent password change Limit Login Attempts With Limit Login Attempts you can configure a threshold to temporarily or permanently block IP addresses or (non-existing) usernames. You can also throw a CAPTCHA after a failed login (hCaptcha or Google reCaptcha) Access Control Restrict access to your site for specific regions. Add specific IP addresses or IP ranges to the Blocklist or Allowlist. Useful Links Documentation Security Definitions Translate Really Simple Security Issues & pull requests Feature requests Love Really Simple Security? If you want to support the continuing development of this plugin, please consider buying Really Simple Security Pro, which includes some excellent security features and premium support. About Really Simple Plugins Our mission is to make complex WordPress requirements really easy. Really Simple Security is developed by Really Simple Plugins. For generating SSL certificates, Really Simple Security uses the le acme2 PHP Let’s Encrypt client library, thanks to ‘fbett’ for providing it. Vulnerability Detection uses WP Vulnerability, an open-source initiative by Javier Casares. Want to join as a collaborator? We’re on GitHub as well!
Top keywords
- security27×3.54%
- really15×1.97%
- simple15×1.97%
- login14×1.84%
- really simple14×1.84%
- really simple security11×1.44%
- simple security11×1.44%
- wordpress10×1.31%
- vulnerability9×1.18%
- ssl8×1.05%
- site7×0.92%
- website6×0.79%
Persistent Login
Persistent Login keeps users logged into your website, limits the number of active logins allowed at one time and alerts users of new devices logging into their account. Persistent Login: Keep wordpress users logged in forever Persistent Login keeps users logged into your website unless they explicitly choose to log-out. It allows you to limit the number of active logins each user can have, and it alerts users of logins from new devices. Persistent Login requires little set-up, just install and save your users time by keeping them logged into your website securely, avoiding the annoyance of forgetting usernames & passwords. For added security, users can visit their Profile page in the WP Admin area to see how many sessions they have, what device was used and when they were last active. The user can choose to end any session with the click of a button. Persistent Login Selects the ‘Remember Me’ box by default. If left checked, users will be kept logged in for 1 year Each time a user revisits your website, their login is extended to 1 year again Dashboard stats show you how many users are being kept logged in Force log-out all users with the click of a button Users can manage their active sessions from the Profile page in the admin area Support for common plugins out of the box Secure, fast and simple to use! Active Logins Option to limit the number of active logins to 1 per user New logins can be blocked, or the users oldest login ended automatically Manage your own active logins from your Profile page in WP Admin Option to hide the Active Logins section from the WP Admin profile page Login History Notify users of logins from new devices for improved security Set your own email notification message that is sent to users Allow users to see their login history from their Profile page in WP Admin Top Tip Once the plugin is installed, click the End all Sessions button from the Persistent Login settings page to encourage users to login again and be kept logged in forever! Note This plugin honours the ‘Remember Me’ checkbox. It is checked by default, but if it is unchecked the user won’t be remembered. Premium Version There is a premium version of the plugin for those who want more control. Visit persistentlogin.com to learn more. The premium plan offers the following features: Premium Persistent Login Features Hide the ‘Remember Me’ checkbox, so that users are always remembered Manage which user roles have persistent login Set how long users are kept logged in for (up to 400 days) Session management for users: Users can see all logins with Block Editor and Shortcode support Session management for admins: End any users session from the admin area quickly and easily Priority Support direct from within WP admin Premium Active Login Features Control which roles have active login limits applied Select exactly how many active logins users are allowed When the limit is reached: Auto-logout oldest login, let the user decide which session to end, or block the login. Premium Login History Features Allow users to see their login history on the front-end with Block and Shortcode support. Account inavctivity emails: Notify users after a period of time without logging in. Stop users being logged out of WordPress Stop users being logged out of WordPress with Persistent Login plugin. Ensure extended login sessions, reduce frustration for administrators and visitors. By keeping users active, Persistent Login improves user experience, lowers bounce rates, and prevents disruptions. This plugin integrates seamlessly with WordPress to optimise session management without compromising security. Configure your preferences and let the plugin handle everything. You can customise durations for persistent logins and minimise repeated authentication prompts. Ultimately, this tool streamlines WordPress operations, ensures convenience, and provides peace of mind. Stop users being logged out of WordPress by installing today and gain uninterrupted access to your website.