Ultimate Security – Login Protection, 2FA, CAPTCHA & Hardening
Ultimate Security protects your WordPress site from brute force attacks, unauthorized access, and bots. Lightweight, modular, and privacy-focused.
Key Features
Security Dashboard Overview to keep an on everything from one place
- Instantly see how protected your site is with our 5-tier scoring system:
- Catch critical threats before they become problems. The dashboard surfaces security issues, outdated software, and misconfigurations — prioritized by severity so you know what to tackle
- Monitor failed login attempts and see who’s currently online. Spot brute-force patterns in real time and take action instantly.
Two-Factor Authentication
* Email OTP verification
* Google Authenticator, Authy, Microsoft Authenticator (TOTP/HOTP)
* 2FA status dashboard
Login Protection
* Custom login URL (hide wp-admin)
* Login attempt limits
* Password policy enforcement
* Session management
Bot Protection
* Google reCAPTCHA v2/v3
* Cloudflare Turnstile
* Protect login, registration, comments, WooCommerce
Security Hardening
* Security keys rotation
* Auto-update controls
* Site health monitoring
Content Protection
* Right-click disable
* Text selection control
* Image drag prevention
Tools
* Security Score dashboard
* Settings backup/restore
* Test mode for previewing rules
External Services
This plugin connects to external services:
Cloudflare Turnstile
- When: Turnstile CAPTCHA enabled
- Sends: Response token, site secret key
- URL: https://challenges.cloudflare.com/turnstile/v0/siteverify
- Privacy: https://www.cloudflare.com/privacypolicy/
Google reCAPTCHA
- When: reCAPTCHA enabled
- Sends: Response token, site secret key
- URL: https://www.google.com/recaptcha/api/siteverify
- Privacy: https://policies.google.com/privacy
WordPress.org Salt API
- When: Security keys rotation requested
- Sends: Request for random salt strings
- URL: https://api.wordpress.org/secret-key/1.1/salt/