Site Lockdown Security

Site Lockdown Security helps WordPress administrators, agencies, and support teams keep websites cleaner, safer, easier to audit, and better protected from unwanted file changes. Site Lockdown Security combines file auditing, Site Lock protection, Watch Dog file change monitoring, WordPress core integrity checks, infection scanning, cleanup tools, setup guidance, email alerts, scheduled security reporting, and white label branding into one practical WordPress security suite. Unlike most WordPress security plugins, Site Lockdown Security includes built-in White Label Branding. Agencies, developers, and support providers can customize the plugin experience with their own brand colors, icons, banners, email imagery, and plugin presentation. White label settings can be exported and imported between sites, making this especially useful for teams managing multiple client websites. Use Site Lockdown Security to review leftover plugin folders, abandoned theme files, old uploads, temporary files, suspicious scripts, modified files, unexpected core files, unsafe permissions, and other items that can create clutter or security risk. Site Lockdown Security is designed for administrators who want clear visibility into what exists on the server and simple tools to help protect WordPress after the site is clean and stable. Key Features

• Site Lock to make important WordPress files and folders read-only
• Watch Dog baseline scans for new, modified, and deleted files
• WordPress core integrity checks using official WordPress.org checksums
• Infection scanning for suspicious file content
• Scheduled scans and automated security reports
• File change, core change, software health, risk review, infection scan, plugin update, and security digest email notifications
• Real email preview tools for individual alert types
• Unique White Label Branding options for agencies, developers, and support teams
• White Label import and export for moving branding settings between sites
• White Label reset to restore the default Site Lockdown theme
• Custom branding text, colors, icons, dark icons, banners, and email imagery
• Abandoned file and folder review tools
• File preview, download, approve, ignore, delete, and bulk actions
• Recommended setup guide with progress tracking
• Cleanup tools for old backups, temporary files, logs, cache files, and abandoned folders
• Plugin Refresher and Theme Refresher tools for reinstalling clean WordPress.org copies
• Permissions Check for important WordPress files and folders
• Software Health checks for outdated or potentially abandoned plugins and themes
• Risk Review checks for common local site risk signals
• Security tools for permissions, XML-RPC, author scans, debug exposure, blacklist status, SSL information, and more
• Branded admin interface with responsive AJAX navigation

Site Lock Site Lock helps prevent unwanted file additions, injected scripts, unauthorized edits, and accidental deletions by locking selected WordPress files and folders. You can unlock the site when legitimate updates or maintenance are needed, then apply Site Lock again when finished. Site Lock is useful after a site has been cleaned, audited, updated, or stabilized and you want to reduce the chance of future unexpected file changes. Watch Dog Watch Dog creates a trusted baseline of your site files and compares future scans against that baseline. It reports new, modified, and deleted files so administrators can quickly review changes after updates, maintenance, cleanup work, or suspicious activity. Watch Dog includes file change monitoring, baseline rebuilding, review actions, scheduled scans, and email alerts when changes are detected. Watch Dog Baseline Storage Watch Dog stores protected baseline data under: wp-content/uploads/site-lock/watch-dog/ This keeps baseline data outside the plugin folder so it is not removed during plugin updates. Sites updating from older versions automatically migrate Watch Dog baseline storage from the previous location: wp-content/uploads/guard-dog/watch-dog/ After a successful migration, the old storage folder is safely removed and the new Watch Dog storage path remains excluded from Site Lock so baseline files can continue to be updated when needed. Core Check Core Check compares installed WordPress core files against the official WordPress.org checksum API. It reports modified, missing, unreadable, or unexpected files in WordPress core areas so administrators can review potential core file integrity problems. Infection Scanner The infection scanner reviews site files for suspicious patterns commonly associated with malware, backdoors, obfuscated scripts, spam injections, and unwanted code. Scans can be run manually or scheduled, and results can be included in reports and notifications. Email Notifications Site Lockdown Security includes configurable email alerts for important security events and scheduled checks. Supported notification types include:

• Plugin Update Notification
• Security Snapshot Digest
• Scheduled Infection Scan
• Automated Security Report
• File Change Notification
• Core Change Notification
• Software Health Alert
• Risk Review Alert

Each individual alert includes a preview option so administrators can review the email layout before using it. The global email notification settings form allows administrators to set the default frequency and recipient email for alerts in one place. White Label Branding White Label Branding is one of the standout features of Site Lockdown Security and is not commonly found in WordPress security plugins. Agencies, developers, maintenance providers, and support teams can customize the security plugin experience so it better matches their own brand or client-facing service. Administrators can customize branding text, colors, icons, dark icons, banners, and email imagery. White Label settings can be exported to a JSON file and imported on another site, making it easier to reuse the same branding across multiple installations. The Reset Settings option restores the default Site Lockdown theme and brings back the default support contact button when branding is returned to its original values. Plugin Refresher Plugin Refresher helps reinstall fresh copies of WordPress.org plugins. This can be useful when a plugin may have been modified, corrupted, or affected by suspicious files. Site Lockdown Security uses native WordPress upgrade handling for safer refresh workflows and supports both individual and bulk plugin refreshes. Theme Refresher Theme Refresher helps reinstall fresh copies of WordPress.org themes. It includes version information, update status, WordPress.org availability detection, and support for individual or bulk theme refresh workflows. Permissions Check Permissions Check reviews important WordPress files and folders and compares current permissions against recommended values. It helps identify writable files, risky permissions, and items that may need attention. When Site Lock protects a file or folder, permissions results account for that protected status. Software Health Software Health checks installed plugins and themes for maintenance signals that may indicate abandoned or outdated software. It helps administrators identify items that may need updates, replacement, removal, or closer review. Risk Review Risk Review checks local site risk signals and common security configuration concerns. It includes severity sorting, ignore/include controls, scheduled checks, and optional email alerts. Setup Guide The Setup Guide helps administrators complete recommended Site Lockdown Security settings. Setup items include Site Lock, scheduled infection scans, automated reports, file change baselines, file change notifications, core change notifications, software health alerts, and risk review alerts. Progress tracking helps administrators see which recommended protection steps are complete.

8.0

• Added unique White Label Branding options designed for agencies, developers, support providers, and client maintenance teams.
• Added White Label settings export so current branding options can be downloaded as a JSON file.
• Added White Label settings import so saved branding options can be restored or moved to another site.
• Added custom branding support for text, colors, icons, dark icons, banners, and email imagery.
• Improved White Label reset behavior so resetting settings restores the default Site Lockdown theme.
• Fixed White Label reset behavior so the Site Lockdown support contact button displays again after settings return to defaults.
• Added safer validation and sanitization for imported White Label settings.
• Fixed a WordPress security coding standards warning for White Label settings sanitization.
• Improved White Label settings saving performance by avoiding unnecessary option updates when settings have not changed.
• Improved White Label asset cache handling so cache versions are only refreshed when branding image assets change.
• Moved Watch Dog protected baseline storage from wp-content/uploads/guard-dog/watch-dog/ to wp-content/uploads/site-lock/watch-dog/.
• Added automatic Watch Dog baseline storage migration for sites updating from the older Guard Dog storage path.
• Added safe cleanup for the old Watch Dog storage folder after the baseline is successfully moved and verified.
• Updated Site Lock exclusions so the new Watch Dog baseline storage folder remains writable while uploads are protected.
• Improved Watch Dog storage exclusions so baseline files are not reported as suspicious upload files.
• Restored the animated magic.webp asset and added targeted cache busting for that image only.
• Improved email alert preview modals with cleaner close button styling.
• Improved email notification Save and Preview button alignment.
• Removed the Preview button from the global email notification settings form.
• Improved individual email alert previews so each preview better matches the real notification type being sent.
• Improved preview email font rendering so modal previews look closer to the actual delivered emails.
• Added preview layouts for plugin update, security snapshot digest, scheduled infection scan, automated security report, file change, core change, software health, and risk review emails.
• Fixed JavaScript and PHP syntax validation issues found during testing.
• Added additional admin styling refinements for email notification controls.

7.7.4

• Improved AJAX loading when navigating between tabs
• Fixed page reload on plugin and theme refresher tabs
• Added LOCKED status to table items when they are locked
• Fixed security report generation
• Fixed some styling issues on many buttons

7.7.3

• Style corrections

7.7.2

• New CSS methods for WordPress 7.0

7.7.1

• Fixed ManageWP connection

7.7

• Made WordPress 7.0 ready

7.6

• Massive overhaul of infection scanner
• Added infection scan results to security report

7.5.2

• Made correction to Site Lock error on SiteGround servers

7.5.1

• Fix Site Lock critical error issue on sites with large file counts

7.5

• Added a new Setup Guide page with recommended Site Lockdown security setup steps, progress tracking, completion percentage, and quick actions.
• Added setup cards for Auto Site Lock, Folder & File Audit, Scheduled Infection Scans, Automated Security Reports, File Change Baseline, File Change Notifications, Core Change Notifications, Software Health Alerts, and Risk Review Alerts.
• Added dismiss, undo, completed, recommended, and dismissed states for Setup Guide items with live AJAX progress updates.
• Added a recommended setup banner when setup is incomplete, plus automatic redirect to the Setup Guide after plugin activation.
• Added a global Email Notification Settings form to apply the same notification frequency and recipient email for all alert notifications.
• Added a combined Site Lockdown Security Summary digest to reduce multiple scheduled alert emails being sent at the same time.
• Added a new Watch Dog Software Health tool to identify installed plugins and themes that may no longer be maintained.
• Added scheduled Software Health checks with optional email alerts.
• Added Software Health delete actions for abandoned plugins and themes, including bulk delete support with safety checks.
• Added a new Watch Dog Risk Review tool for local site risk checks.
• Added scheduled Risk Review checks with optional email alerts.
• Added Risk Review severity sorting, ignore/include controls, and bulk ignore/include actions.
• Added direct Setup Guide actions for enabling Auto Site Lock and building the File Change Baseline without leaving the Setup Guide page.
• Added Watch Dog Defense as the updated Watch Dog section label with a new four-card layout.
• Updated plugin navigation labels, including Hub, Audit, Secure, Watch Dog, Tools, and Scan.
• Updated Site Lockdown left admin submenu labels for clearer section naming.
• Removed Dashboard from the Site Lockdown left admin submenu and made the main Site Lockdown menu open the Hub/dashboard tab.
• Updated Audit and Tools dropdowns into cleaner two-column layouts.
• Standardized Site Lockdown admin styling with consistent purple accents, green action buttons, card borders, shadows, and branded layouts.
• Standardized Save Settings button styling across plugin admin pages.
• Removed folder path and copy button clutter from Site Lock folder/file cards.
• Added Site Lock modal behavior for blocked plugin uploads when the uploads folder is locked.
• Updated permissions results so Site Lock-protected files and folders are not flagged as high risk.
• Added Protected by Site Lock status handling for locked files and folders.
• Improved permissions results layout by removing extra columns, improving permission number display, and prioritizing actionable results.
• Added Lock buttons for permission entries that are not already protected by Site Lock.
• Added bulk Ignore All support for non-core root files.
• Added Delete All support for orphaned plugin and theme folders.
• Disabled Delete All actions when Site Lock is active for protected areas.
• Improved Watch Dog baseline rebuilding so existing baselines are reused safely, replacements are built before old baselines are removed, and only one baseline file is kept at a time.
• Improved Watch Dog baseline storage compatibility with locked uploads folders, FTP filesystem transports, and Site Lock exclusions.
• Kept Watch Dog baseline storage in wp-content/uploads/guard-dog/watch-dog/ while keeping the uploads root locked.
• Updated Watch Dog scans to exclude media files and ZIP archives while keeping uploaded PHP, JS, and other non-media files visible.
• Fixed Watch Dog review actions so deleting or approving detected files immediately refreshes counts and tables without a full browser tab reload.
• Confirmed core, plugin, theme, upload, and delete actions rebuild the Watch Dog baseline immediately without relying on the auto-rebuild cron fallback.
• Added translator comment fixes and Plugin Check compatibility improvements.

7.1

• Added Plugin Refresher tool to securely refresh WordPress.org plugins with clean copies.
• Added queued native WordPress upgrader process for safer and more reliable plugin refreshes.
• Added bulk plugin refresh support with selectable plugins.
• Added individual plugin refresh support with branded progress feedback.
• Added branded Bulk Refresh Running window with progress tracking.
• Added refreshed count, remaining count, percentage complete, and progress bar to bulk refresh progress.
• Added navigation protection during bulk refreshes to help prevent users from leaving before completion.
• Added automatic window close behavior once refresh processes complete.
• Added installed version and available version details to the Plugin Refresher table.
• Added Update column to show whether each plugin is current or needs an update.
• Added Last Updated column using WordPress.org plugin data.
• Added separate manual refresh/install table for plugins not available on WordPress.org.
• Added stronger detection for WordPress.org plugin availability.
• Added Theme Refresher tool to securely refresh WordPress.org themes with clean copies.
• Added queued native WordPress upgrader process for safer and more reliable theme refreshes.
• Added bulk theme refresh support with selectable themes.
• Added individual theme refresh support with branded progress feedback.
• Added installed version and available version details to the Theme Refresher table.
• Added Update column to show whether each theme is current or needs an update.
• Added Last Updated column using WordPress.org theme data.
• Added separate manual refresh/install table for themes not available on WordPress.org.
• Added stronger detection for WordPress.org theme availability.
• Added Theme Refresher card to the main Tools page.
• Added Theme Refresher item to the Tools dropdown menu.
• Added Permissions Check tool to review important WordPress file and folder permissions.
• Added Permissions Check card to the main Tools page.
• Added Permissions Check item to the Tools dropdown menu.
• Added permission status counts for Good, Needs Attention, and High Risk items.
• Added current and recommended permission values to the Permissions Check table.
• Added Actions column to the Permissions Check table.
• Added permission repair actions for files and folders that can be safely updated.
• Added 403-safe fallback handling for permission repair requests blocked by admin-ajax.php.
• Added special handling for wp-config.php permission checks.
• Added support for detecting wp-config.php in the WordPress root or parent directory.
• Added High Risk status for wp-config.php when permissions are not set to 0644.
• Added High Risk status for unsafe writable files.
• Added Needs Attention status for folders that are not using recommended permissions.
• Added sorting to show High Risk items first, then Needs Attention, then Good.
• Improved Plugin Refresher table styling and layout.
• Improved Plugin Refresher helper text to better explain its infection-cleanup purpose.
• Improved bulk refresh messaging and completion behavior.
• Improved button hover styling so text and icons remain readable.
• Improved Theme Refresher table styling and layout to match Plugin Refresher.
• Improved Watch Dog baseline exclusion handling.
• Improved dashboard badge icon contrast.
• Improved Tools page card layout for a cleaner six-tool grid.
• Improved Plugin Check compatibility by adding missing translator comments.
• Improved Plugin Check compatibility by escaping settings page output.
• Improved Plugin Check compatibility by sanitizing request values.
• Improved Plugin Check compatibility by cleaning nonce handling warnings.
• Improved Plugin Check compatibility by cleaning prefix and naming warnings.
• Removed unnecessary summary stat cards from the Plugin Refresher page.
• Removed plugin folder slugs from the Plugin Refresher table for a cleaner interface.
• Removed Recommended Baseline card from Permissions Check.
• Removed bottom “No obvious world-writable wp-content items found” card from Permissions Check.
• Excluded Support Plugin - WP Fix It from the manual fresh install list.
• Excluded Site Lockdown Security from the Plugin Refresher table.
• Changed inactive status icons from a dash to an X.
• Changed Permissions Checker text to Permissions Check.
• Changed Blacklist Checker text to Blacklist Check.
• Changed SSL Checker text to SSL Information.
• Reordered navigation so Scanner appears after Tools in both the top menu and WordPress admin side menu.
• Reordered Tools menu items so File Finder & Remover appears after Theme Refresher.
• Added File Finder & Remover card ordering improvements on the main Tools page.
• Fixed scanner success messages so they only display on the Scanner page.
• Fixed Watch Dog handling for wp-config.php review actions.
• Fixed wp-config.php exclusion saving and detection behavior.
• Fixed Site Lock menu icon hover color behavior.
• Fixed Theme Refresher fatal error caused by loading WordPress theme install functions more than once.
• Fixed visible translator comment text appearing on the dashboard.
• Fixed mixed line ending warnings across plugin files.
• Improved PHPCS compliance across refreshed plugin files.

7.0

• Added Watch Dog File Change Monitor.
• Added trusted file baseline creation and rebuild workflow.
• Added file change scanning for new, modified, and deleted files.
• Added scheduled Watch Dog file change scans.
• Added branded email alerts when file changes are detected.
• Added Watch Dog detected changes review table with view, download, approve, delete, and bulk actions.
• Added file details modal with readable size and modified date values.
• Added expandable file paths for long detected file paths.
• Added baseline exclusions for folders, individual files, wildcards, and server paths.
• Added protected Watch Dog baseline storage under wp-content/uploads/guard-dog/watch-dog/.
• Added Site Lock compatibility for Watch Dog storage while Site Lock is enabled.
• Added automatic internal exclusions for Watch Dog storage, report helpers, and error_log files.
• Added AJAX actions and loading overlays for baseline creation, baseline deletion, baseline rebuilds, and change scans.
• Added scan completion scrolling and success confirmation messages.
• Added Watch Dog Core Check.
• Added WordPress core file verification against the official WordPress.org checksum API.
• Added detection for modified, missing, unreadable, and unexpected WordPress core files.
• Added Core Check review actions to view, download, delete, and ignore reported files.
• Added scheduled Core Check scans.
• Added branded Core Check email alerts when core issues are found.
• Added dedicated Core Check settings for scan frequency, email alerts, and recipient.
• Updated Watch Dog navigation with File Change Monitor and Core Check tools.
• Improved Watch Dog styling, buttons, cards, status badges, modals, and admin workflow.
• Improved AJAX navigation and pagination handling.
• Improved compatibility with Plugin Check security and coding standard recommendations.

6.8

• Now compatible with hosting environments that auto lock WordPress core files.
• Improved site lock conditions to isolate certain folders and files.

6.7

• Removed Site Lock status in admin bar on site frontend.
• Added bulk database actions to infection scanner.
• Added select file actions to file remover tool.

6.6

• Fixed auto lock/unlock with MainWP.

6.5

• Made plugin code run only in admin area where needed.

6.4

• Fixed styling issue on scanner page.

6.3

• Added a database infection scanner to find harmful data.
• Added a setting to disable the admin bar Site Lock status display.

6.2

• Corrected typo in plugin description.

6.1

• Added AJAX loading content notice.

6.0

• Changed user interface to AJAX for faster navigation on Site Lockdown pages.
• Added SSL checker tool to get details about the site SSL certificate.
• Improved infection scanner and added saved previous scan view.
• Made all tables responsive on all screen sizes.
• Improved blacklist checker tool.

5.6

• Added scheduled infection scans emailed directly to designated email addresses.

5.5

• Added additional lock exceptions for folders that need write permissions.

5.4

• Improved API REST endpoint call for cache bypass.

5.3

• Fixed permissions issue with Site Lock and MainWP.

5.2

• Added integration with MainWP to manage Site Lock during remote updates.

5.1

• Added a plugin refresher to reinstall fresh plugins when the current version is corrupted.

5.0

• Added an all-new Tools section to expand WordPress site auditing capabilities.
• Introduced the Find & Remove Files tool for locating, filtering, and deleting unwanted or suspicious files.
• Added a built-in Blacklist Checker to scan URLs, domains, and site status against major reputation lists.
• Added internal optimizations for future feature expansion.

4.9.2

• Can now exclude single plugins from Site Lock.

4.9.1

• Added new infection patterns to reduce false positives.

4.9

• Added new infection patterns to find bad files.

4.8

• Added new infection patterns to find bad files.

4.7

• Improved scanner performance.

4.6

• Added new infection patterns to find bad files.

4.5

• Temporarily removed MainWP integration to correct timeout issues during updates.

4.4

• Added new infection patterns to find bad files.

4.3

• Set up MainWP bridge for unlock/relock when running updates.

4.2

• Minor style changes.

4.1

• Added Site Lock Auto Enable.
• Added automated security reports.

4.0

• Rebranded plugin as a full security suite.

3.7

• Updated infection scanner patterns.

3.6

• Added infection scanner for site files.

3.5

• Fixed bulk delete action.
• Updated button styling.

3.4.4

• Fixed report fatal error.

3.4.3

• Fixed report hyperlinks.

3.4.2

• Fixed font styling on report download.

3.4.1

• Fixed typo.

3.4

• Added ability to download folder audit and security report.

3.3

• Added per-folder lock exclusion.
• Added new UI on main menu.

3.2

• Added locked item count to dashboard display.

3.1

• Fixed Site Health issue when Site Lock is on.

3.0

• Added user security settings to lock down account attacks.

2.9.4

• Added Site Lock under Tools menu.
• Added area for new settings tab.
• Added dropdown to security tab.
• Added style changes.

2.9.3

• Corrected bulk delete actions.

2.9.2

• Enhanced Site Lock conditioning.

2.9.1

• Fixed conflict with WP Rollback.

2.9

• Added view file action buttons.

2.8

• UI improvements.

2.7

• Fixed security header defaults.

2.6

• Fixed bulk ignore and delete functions.

2.5

• Added security area to lock folders and files and set security headers.

2.0

• New UI.

1.3.1

• Improved plugin header and descriptions.
• Added Author URI and GPL license URI.
• Enhanced escaping for better security compliance.

1.3.0

• Added auditing of wp-content and WordPress root folder.
• Improved error handling for unreadable directories.

1.2.0

• Added uploads and themes auditing.
• Improved plugin rows to match the Plugins screen exactly.

1.0.0

• Initial release. Added plugin folder auditing.