Security Control by Reflecters

Security Control by Reflecters secures WordPress by detecting new devices, blocking them with a password overlay, and alerting users with sirens and banners.

Key Features

• New Device Detection: Identifies new devices using a secure cookie-based system.
• Siren Password Overlay: Blocks new devices with a full-screen password prompt (default password: 2210).
• Broadcast Alerts: Notifies all admin, editor, and author users with a siren sound and warning banner when a new device logs in.
• Master Admin Control: Only the designated master admin can manage settings, block/unblock users, or reset trusted devices.
• IP Blocking: Temporarily blocks IPs after multiple failed password attempts.
• Email Notifications: Sends alerts to admins, editors, and authors for new device logins, blocks, or trusted devices (configurable).
• Trusted Device Management: Allows users to trust their devices after verification and admins to manage trusted devices.
• Customizable Siren: Upload custom MP3 audio for the siren alert.
• Security Headers: Adds X-Frame-Options, X-Content-Type-Options, and Referrer-Policy headers for admin pages.

This plugin is ideal for WordPress sites needing robust security for multi-user environments, ensuring only trusted devices access the admin area while keeping authorized users informed of potential threats.

Additional Notes

• Default Password: The default siren stop password is 2210. Change it in the settings for security.
• Security: The plugin uses nonces for AJAX security, secure cookies for device tracking, and hashes passwords client-side before transmission.
• Performance: Uses transients for temporary data (new device detection, IP blocking) to minimize database load.
• Compatibility: Tested with WordPress 6.8. Requires PHP 7.4+ for modern features like typed arrays.

For support, contact Reflecters at [email protected] or visit https://reflecters.com.