🎉 Use coupon MYXERO to enjoy 20% recurring discount on any plan. View Pricing
XeroWP
HT Security

HT Security

5/5 (1 ratings) 100 active installs Updated Mar 15, 2026
cveheadersmaintenancesecurityvulnerabilities
Download v1.5.0
Plugin settings page with all security options

Plugin settings page with all security options

HT Security is a complete security suite for WordPress, offering multiple layers of protection for your website.

Important – External Service:
This plugin queries the National Vulnerability Database (NVD) API to check for known CVE vulnerabilities. Requests are made to:
* API URL: https://services.nvd.nist.gov/rest/json/cves/2.0
* Terms of Use: https://nvd.nist.gov/general/legal-disclaimer
* Privacy Policy: https://www.nist.gov/privacy-policy
* Frequency: Automatic check every 12 hours or manual on-demand
* Data sent: Name and version of WordPress/installed plugins (no personal data is sent)

The NVD API query is essential for the plugin’s CVE vulnerability detection functionality.

Key Features

  • Security Headers – HSTS, X-Frame-Options, Content-Security-Policy, and more
  • Login Alerts – Email notifications for successful and failed login attempts with rate limiting
  • Core Integrity Check – Verify WordPress core files against official checksums with 24h cache
  • CVE Vulnerability Detection – Check WordPress Core and active plugins against NVD database
  • User Enumeration Protection – Block user enumeration via REST API and author parameters
  • Maintenance Mode – Maintenance mode with authorized IP whitelist (IPv4, IPv6, CIDR support)
  • File Permissions Audit – Audit and automatic correction of critical file permissions
  • Plugin Security Indicators – Visual badges on plugins page showing vulnerability status

CVE Detection Features

  • Integration with NVD (National Vulnerability Database) API 2.0
  • Check WordPress Core and active plugins for known vulnerabilities
  • Intelligent batch processing with rate limiting
  • 8 layers of anti-false-positive validation
  • Vulnerability badges on plugins page (enable/disable option)
  • Dismissible alerts per user
  • Email notification when vulnerabilities are detected
  • Automatic check every 12 hours
  • NVD API Key support (increased rate limit)

Security Improvements in v1.5.0

  • IP Spoofing Fix – Properly detects real IP behind Cloudflare, proxies, and load balancers
  • Capability Check Fix – Authorization verified before processing
  • Rate Limiting by IP – More granular rate limiting for login alerts
  • Input Validation – Maximum length validation for feedback form

Supported Languages

  • English (US) – 100%
  • English (UK) – 100%
  • Português do Brasil – 100%
  • Português de Portugal – 100%
  • Español – 100%

License

This plugin is licensed under the GNU General Public License v2.0 or later. For more information, visit https://www.gnu.org/licenses/gpl-2.0.html.