Plugin Features

Protect your WordPress site against all malware and hackers attacks.

Hide your website identity from any attack such as XSS, XSRF, SQL Injection, brute-force, etc.

No file and directory change!

No file and directory is being changed anywhere, everything is processed virtually! The plugin code use URL rewrite techniques and WordPress filters to apply all internal functionality and features. Everything is done automatically, there's no user intervention require at all.

100% compatible with other Plugins & Themes

Compatible with any WordPress plugins and themes, once deployed it will not break any functionality or features other codes provide to your site.

WordPress MultiSite Compatible

Support MultiSIte environment. Can work with per site set-up (individual settings) or globally (superadmin settings)

Custom login URL

All sites receive hits on login page with boots trying brute force attempts, requiring a high processing CPU power due to number of attempts. This conclude to a global site speed decrease and response time. Blocking default login URL, boots will hit just a 404 error page which is being cached, so no resurce is being used.

Compatible with any host / server

Tested and 100% compatible with different hosting server configuration basted on Linux and Windows operating system.

Nginx Compatible

The PRO version come with full Nginx support, which run on LEMP stacks. Advanced rewrite queries engine included, which provide the most efficient and light data.

Automatic / Manual Rewrite deploy

The rewrite data are automatically deployed on server for Apache and IIS server types. If this is not possible, a graphically interface is available which drive through he process of rewrite file update. If need, automatic rewrite updates can be turned off through plugin settings.

Block rewrite (default) paths

The plugin not only allow to change default urls of you WordPress, but it hide/block defaults! Many similar code, just change the slugs, but the default are still accessible.

Individual Plugin URL customization

Change Plugins Folder path and individual plugin url with custom data. Optionally block default urls from being accessible from outside.

Meta clean-up

HTML Meta clean-up for Meta Generator, wlwmanifest, feed_links, rsd_link, adjacent_posts_rel, profile link, canonical link

Change admin-ajax-php

The admin-ajax.php is the default input for WordPress AJAX calls. This functionality allow to change to something else and block default.

Settings Import / Export

Easy settings migration and plugin set-up through an import / export functionality

PHP mod_rewrite and web.config compatible

Seamless integration with existing Apache mod_rewrite or IIS web.config PHP extensions to provide fast and efficient URL's changes.

Default WordPress directories change

Change and block default WordPress directories such as wp-content, wp-include, wp-admin. The new URL's are perfectly safe to be used along existing active theme and plugins. Everything is achieved virtually, no actual folder name is being changed.

Theme url change and clean-up

Theme and child theme styles clean-up and headers remove, to prevent display of theme name, version, author etc No one will know it's a WordPress theme

HTML clean-up

Clean up HTML comments produced by plugins or theme, WordPress core auto-generated classes as page-template-x, format-x, wp-image-x, etc for body, post, images etc

Arbitrary texts replacement

Specific texts in the output html can be replaced with custom data. This works with any html data including inner texts, attributes (classes) and tags.

Headers clean-up

Remove Headers from server responses which include X-Powered-By, X-Pingback etc

XML-RPC API control

Full control over XML-RPC API by changing and block default xml-rpc.php path, disable XML-RPC authentication, remove pingback


JSON REST V1 and V2 API control by disable or block the default url. Disable output the REST API link tag into page header, Disable JSON REST WP RSD endpoint,

CSS Advanced Options

Provide full control over CSS data and related (Html classes and IDs). Combine all assets and inline CSS into a single file, post-processing for comments remove, minify, Classes and IDs replacements within CSS assets and HTML.

JavaScript Processing

The JavaScript module support JS assets and inline code concatenation into a single file, code cleanup, minify, JavaScript variables replacement.

Block access to default core files.

Block direct access to any of WordPress root files as license.txt, wp-load.php, wp-settings.php. Individual file access/ restrict is available.

Resources HTML output change

Emoji disable, styles and scripts resources clean-up, remove version from the URL's, remove ID attribute

.. and many more

Install the plugin now and take advantage of latest security techniques.

Scroll to top