Description
Every day, thousands of WordPress sites are hacked. Most security plugins offer protection, but they come with a massive cost: they slow down your server with bloated features and complex settings.
Protector is different. It is a lightweight, AI-ready security layer that turns your WordPress site into a digital fortress without compromising speed.
Whether you are trying to recover a hacked site or proactively defend your business, Protector delivers enterprise-grade security that anyone can configure. With our new 1-Click Security Overview Dashboard, you can activate all recommended protections and block 98% of automated attacks in under 8 seconds.
📖 Read the Official Documentation here
🦠 Malware Threat Scanner & Auto-Repair
Don’t just find malware; destroy it. Our deep, recursive local scanner verifies your WordPress integrity without crashing your server:
* Core Integrity Verification: Cross-references all Core files against the official WordPress.org checksums.
* Advanced Pattern Detection: Detects suspicious code patterns (like eval, base64_decode, shell_exec) hidden in your files.
* 1-Click Auto-Repair: Found a modified core file? Click “Repair” and Protector will automatically fetch a clean, original version directly from the official WP SVN and overwrite the infected file.
🛡️ Login Fortress (Brute-Force Protection)
Hackers relentlessly target the wp-login.php page. We make it disappear.
* Secret Login URL: Hide wp-login.php completely. Any unauthorized attempt will be instantly redirected to a custom URL of your choice.
* Smart Honeypots: Inject invisible fields into your login and comment forms to trap and block spam/brute-force bots automatically.
* Block Username Scanning: Prevent attackers from discovering your admin usernames via ?author=1 enumeration.
🔒 1-Click Site Hardening
Lock down common vulnerabilities instantly:
* Security Headers: Protect against XSS, Clickjacking, and MIME-Sniffing attacks with a single toggle.
* XML-RPC Control: Disable XML-RPC completely to eliminate one of the biggest brute-force attack vectors on WordPress.
* Version Obfuscation: Hide your WordPress version from the source code so hackers can’t target known exploits.
* Restrict REST API: Block public access to endpoints that expose sensitive user data.
📊 Live Attack Log
Peace of mind you can actually see. Monitor every blocked attack, triggered honeypot, and deleted malware in real-time straight from your dashboard.
🚀 Upgrade to KloxStudios Pro
Need absolute maximum power? Protector integrates seamlessly with the KloxStudios Cloud AI. Pro users unlock Cloud AI Malware Verification for 3rd-party plugins/themes, Automatic IP Lockouts, Instant Admin Login Alerts (Email & Webhook), and 2FA.
Screenshots
1-Click Security Dashboard: See your live protection status and activate shields instantly. 
Login Fortress: Configure your secret login URL and deploy invisible honeypot traps. 
Site Hardening: Fortify your WordPress installation against XSS and XML-RPC attacks with simple toggles. 
Advanced Protection: Unlock enterprise-grade tools like IP Lockouts and 2FA (Pro features). 
Malware Threat Scanner: Run deep server scans, detect infected files, and verify core integrity. 
Live Attack Log: Watch the firewall work in real-time as it blocks malicious IPs and bot networks.
Installation
You don’t need a PhD in cybersecurity to secure your site.
- Upload the
protector-securityfolder to the/wp-content/plugins/directory (or install directly via the WP Plugin directory). - Activate the plugin through the ‘Plugins’ menu in WordPress.
- Navigate to the new “Protector” menu in your dashboard.
- Click the massive yellow “Activate Full Protection Now” button on the dashboard for instant, 1-click security.
For detailed configuration guides, visit our Official Documentation.
FAQ
-
How do I use the secret login URL?
-
- Go to the “Protector” menu > “Login Fortress” tab.
- Toggle the ‘Change your secret login URL’ option.
- Set your ‘Secret Login Term’ (e.g.,
mysecretaccess). - Save changes and use your new login URL:
yoursite.com/wp-login.php?mysecretaccess.
-
What if I forget my secret term and get locked out?
-
Don’t panic! You can temporarily disable the plugin by renaming the
protector-securityfolder insidewp-content/plugins/via FTP or your hosting File Manager. This will instantly restore the defaultwp-login.phpaccess. -
Will the Malware Scanner slow down my site?
-
No! The scanner uses AJAX-based asynchronous batch processing. This means it scans your files in small chunks, preventing server timeouts and CPU spikes, even on massive websites with thousands of files.
Reviews
Contributors & Developers
“Protector – Malware Removal, Firewall & Core Repair” is open source software. The following people have contributed to this plugin.
Contributors
Translate “Protector – Malware Removal, Firewall & Core Repair” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
4.0.0
- Major Overhaul: Complete UI/UX redesign with a new Security Overview Dashboard.
- New: Malware Threat Scanner (verifies WP core files and detects suspicious patterns).
- New: Auto-Repair modified Core files directly from WordPress.org SVN.
- New: Login & Comment Honeypots to trap spam and brute-force bots.
- New: Site Hardening options (Security Headers, Disable XML-RPC, Restrict REST API).
- New: Live Attack Log to monitor blocked threats in real-time.
- New: Quick Setup – Secure your site in 1-click.
- Performance: AJAX-based batch scanning to prevent server timeouts on large sites.
- Security: Added Pro Add-on architecture readiness.
2.7.3
- Fix: Resolved “Too Many Redirects” error by switching to wp_redirect.
- Security: Added data sanitization and escaping for all inputs.
- Performance: Removed all external CSS/JS dependencies (FontAwesome/Grids).
2.6.0
- New Security Algorithm.
2.5.0
- Layout improvements and new security features.