🛡️ Ultimate Security — Security, 2FA, Anti-bot, IP & Login Protection and More

Ultimate Security transforms your WordPress site into a fortress. Preventing bad actors from your site and keep it secure. https://www.youtube.com/watch?v=g8qy4Ayr1Ko 🚨 The Problem Every WordPress Site Faces Did you know that 90,000 WordPress sites are hacked every minute? Most security plugins either overwhelm you with complexity or lock essential features behind expensive paywalls. You shouldn't have to choose between security and simplicity. ✅ The Solution: Ultimate Security Ultimate Security is a WordPress security plugin that gives you website-level protection with beginner-friendly controls. Built by WordPress professionals who were tired of bloated alternatives. ✨ Set up complete protection in under 3 minutes ✨ Zero ongoing costs—own your security forever ✨ Your data stays on YOUR server ✨ Modular design—activate only what you need ✨ Performance-optimized plugin won't slow down your site ✅ Stay informed with comprehensive logging and reporting:

• Visual dashboard shows WordPress status in real-time
• Issues, Critical Threats, Security status directly from dashboard
• File integrity check for modified, unknown files

✅ Login

• Active login session settings for users.
• Login URL masking hides your admin area completely.
• Apply robust password policy for all users.
• Email Two Factor authentication for extra security
• Enable Authenticator application for your users,

✅ Security:

• Anti-bot settings such as reCAPTCHA, Cloudflare Turnstile.
• Limit login attempts for your users
• WordPress salt change option. Apply new salts from WordPress.org API.
• URL guard monitors all your URLS and helps your block/allow specific URL logs.
• Keep everything up to date using our update manager policies.

✅ Access Restrictions:

• Allow/block IP addresses to your WordPress site
• Geographic restrictions - block or allow specific countries
• Bot restrictions - control which bots can access your site
• Redirect blocked visitors or show custom block messages

✅ Site Hardening:

• Content protection - disable right-click, text selection, and image dragging
• WordPress hardening - hide version, disable XML-RPC, file editing
• API privacy controls - restrict REST API access
• Security keys rotation from WordPress.org API

✅ Monitoring & Tools:

• Security Score meter - track your site's security level
• Site health overview and diagnostics
• Activity log for all security events
• Error notifications for PHP issues
• Test mode to preview security rules before enforcing
• Backup/restore your security settings
• Database cleanup and optimization

📊 Results from Our Users "After installing Ultimate Security, brute force attempts dropped to zero." - Sarah M., Agency Owner "Finally, a security plugin that doesn't require you to be a developer to configure." - Mike T., Small Business Owner "The session management alone is worth it." - Jennifer K., E-commerce Manager 🚀 Quick Start Guide

• Installation (2 minutes)
• Upload the plugin files to /wp-content/plugins/ultimate-security
• Activate the plugin through the 'Plugins' menu
• Navigate to Ultimate Security in your admin menu
• Configure the security settings as per your requirements

🔐 Whether you're a beginner or a seasoned admin, this plugin gives you a modular, lightweight, and privacy-first way to take back control of your site's security. 💬 Need Help? Got a question? Need help using the plugin? Ask your questions directly in the plugin support section. You can mail us to support@wpultimatesecurity.com 🔗 External Services Disclosure Cloudflare Turnstile What is sent: The visitor’s Turnstile response token and your site’s secret key. When it’s sent: Only when a user submits a form protected by Turnstile (login, registration, comment, etc.). Service used: Cloudflare Turnstile Verification API — https://challenges.cloudflare.com/turnstile/v0/siteverify Data sent: Token string and secret key; Cloudflare may record the visitor’s IP address, user‑agent, and behavioural signals per their policy. Privacy Policy: https://www.cloudflare.com/privacypolicy/ Google reCAPTCHA What is sent: The visitor’s reCAPTCHA response token and your site’s secret key. When it’s sent: Only when a user submits a form protected by reCAPTCHA. Service used: Google reCAPTCHA API — https://www.google.com/recaptcha/api/siteverify Data sent: Token string and secret key; Google may collect device, browser, and usage data as described in their policy. Privacy Policy: https://policies.google.com/privacy Privacy Policy Ultimate Security respects your privacy and puts you in control of your data. We use PostHog to collect limited, anonymous telemetry data only after you give explicit consent. This information helps us quickly identify technical issues, improve plugin stability, and enhance the overall user experience. No automatic data collection. By default, Ultimate Security and PostHog do not collect or transmit any data. Consent first. Telemetry begins only after you opt in via the admin notice inside WordPress. What we collect. We may gather non-identifiable, technical information (such as plugin version, WordPress version, PHP version, and basic usage events). No personal data or sensitive information is collected. Why we collect. This telemetry helps us troubleshoot problems faster, prioritize improvements, and maintain compatibility across different environments. Your control. You may opt out at any time. Disabling telemetry stops all further data collection immediately. Transparency. Integrating PostHog does not and will never initiate data collection without your confirmation.

1.0.15

• Improvement: Conflict management between applied settings.
• Improvement: UI improvements to existing settings pages. Making it more intuitive to use.
• Fix: Multiple bug fixes to dashboard. You should get more accurate results now.
• Fix: New deactivation URL was not saving after deactiviting-activating plugin.

1.0.14

• Fix: Email 2fa codes where not being sent properly.
• Fix: 2fa code page after login were showing a flickering effect.

1.0.13

• New: Completely new user interface for better usability.

1.0.12

• New: Added a new security meter to keep an score of your website's security. Each security feauture you enable adds a point to your meter and gives you a score.
• Improvement: Improved modal design for better UI/UX.

1.0.11

• Fix: Bug fixes for minor UI issues.

1.0.10

• Security Fix: Unauthenticated AJAX actions are now removed. Making it much more secure.
• Security Fix: Uauthenticated REST routes are secured via admin permission check.

1.0.9

• Fix: Dashboard was showing the emergenct deactivation URL everytime.

1.0.8

• New: IPv6 support for IP restriction.
• Improvements: Human readable values for better understanding in "activity log".
• improvements: Plugin size reduction by using much more efficient code.
• Fix: Issue regarding resetting 2FA for users.
• Fix: Password policy was not being applied for new users.

1.0.7

• New: Introducing a brand new option in our plugin "Activity Log".
• New: Improved dashboard design to make it more useful.
• Fix: Nonce issues regarding our plugin.
• Fix: Turnstile was not properly showing up on comment forms.

1.0.6

• Fix: Fixed an issue with the custom login setup.
• Fix: Email 2fa authentication login was asking for the OTP twice.
• Fix: Feedback form email wasn't being sent.
• Improvement: Much more organized menu for easier navigation.
• Improvement: Code improvements for better performance.

1.0.5

• Fix: Request logs page was not showing up.
• Fix: There was an issue with the URL guard SQL request not showing up properly.
• Improvement: Code improvements for better performance.

1.0.4

• Design change and updated settings page.