WordPress Simple Security Firewall

WordPress Simple Firewall was mainly developed to help sites protect against login bots and brute force attacks.

The plugin helps developers setup various protection mechanisms in place, so the WP admin panel will be more unreachable for hackers and bots.

Installation:

Unpack and upload it to the /wp-content/plugins/ directory.

Activate the plugin through the 'Plugins' menu in WordPress.

What is new in this release:

• FEATURE:
• Admin Access Restriction Areas - Restrict access to certain WordPress areas and functionality to Administrators with the Admin Access key.
• ADDED:
• Admin Access Restriction Area - Plugins. You can now restrict access to certain Plugin actions - activate, install, update, delete.
• Admin Access Restriction Area - Themes. You can now restrict access to certain Theme actions - activate, install, update, delete.
• Admin Access Restriction Area - Pages/Post. You can now restrict access to certain Page/Post actions - Create/Edit, Publish, Delete.

What is new in version 4.7.4:

• ADDED:
• Integrated protection against 2x RevSlider vulnerabilities (Local File Include and Arbitrary File Upload).
• CHANGED:
• Reverted the flushing of Permalinks/Rewrite rules in case this is a problem for some.

What is new in version 4.7.1:

• UPDATED:
• Underlying plugin code improvements.
• Options page user interface re-design.
• FIX:
• Audit trail time now reflects the user's timezone correctly.
• Better compatibility with BBPress.
• TRANSLATIONS:
• Russian (100%), Czech (70%), Polish (97%)

What is new in version 4.6.0:

• ADDED:
• New feature that displays the last login time for all users on the users listing page (User Management feature must be enabled).
• Completely optional promotional Plugin Badge option - help us promote the plugin and reassure your site visitors at the same time.
• UPDATED:
• Updated Czech(38%) translations.

What is new in version 4.5.0:

• ADDED:
• New feature- GASP Login Protection can now be applied to user registrations - enabled by default (v.0)

What is new in version 4.3.0:

• ADDED:
• New Feature - Rename WP Login Page.
• UI indicators on whether plugins will be automatically updated in the plugins listing.
• IMPROVED:
• Firewall processing code is simplified and more efficient.

What is new in version 4.2.0:

• ADDED:
• Audit Trail Auto Cleaning - default cleans out entries older than 30 days.
• FIXED:
• Various small bug fixes and code cleaning.

What is new in version 4.1.1:

• FIXED:
• Prevention against plugin redirect loops under certain conditions.
• IP whitelisting wasn't working under certain cases.
• IMPROVED:
• Comments Filtering - It now honours the WordPress settings for previously approved comment authors and never filters such comments.
• REMOVED:
• Option to enable GASP Comments Filtering for logged-in users has been completely removed - this reduces plugin options complexity. All logged-in users by-pass all comments filtering.

What is new in version 4.0.0:

• ADDED:
• New Feature - Audit Trail
• Audit Trail options include: Plugins, Themes, Email, WordPress Core, Posts/Pages, WordPress Simple Firewall
• FIXED:
• Full and proper cleanup of plugin options, crons, and databases upon deactivation.
• REMOVED:
• Firewall Log. This is no longer an option and is instead integrated into the "WordPress Simple Firewall" Audit Trail.

What is new in version 3.4.0:

• ADDED:
• Option to limit number of simultaneous sessions per WordPress user login name.

What is new in version 3.3.0:

• ADDED:
• Option to send notification when an administrator user logs in successfully (under User Management menu).
• CHANGED:
• Refactoring for how GET and POST data is retrieved.

What is new in version 3.2.1:

• FIXED:
• Custom Comment Filter message problem when using more than one substitution.

What is new in version 3.1.3:

• Fixed:
• Issue with login cooldown timeouts not being updated where admin access restriction is in place.

What is new in version 3.0.0:

• NEW FEATURE:
• User Management. Phase 1 - create user sessions to track current and attempted logged in users.
• CHANGED:
• MASSIVE plugin refactoring for better performance and faster, more reliable future development of features.
• ADDED:
• Obscurity Feature - ability to remove the WP Generator meta tag.
• Ability to change user login session length in days.
• Ability to set session idle timeout in hours.
• Ability to lock session to a particular IP address (2-factor auth by IP is separate).
• Ability to view active user sessions.
• Ability to view last page visited for active sessions.
• Ability to view last active time for active sessions.
• Ability to view failed or attempted logins in the past 48hrs.
• Support for GASP login using WooCommerce.

What is new in version 2.6.1:

• ADDED:
• Plugin now installs with default SPAM blacklist.
• Now automatically checks and updates the SPAM blacklist when it's older than 48hrs.
• ENHANCED:
• Comment messages indicate where the SPAM content was found when marking human-based spam messages.

What is new in version 2.6.0:

• FEATURE:
• Added Human SPAM comments filtering - replacement for Akismet that doesn't use or send any data to 3rd party services.
• ENHANCED:
• Two-Factor Login now automatically logs in the user to the admin area without them having to re-login again.
• Added ability to terminate all currently (two-factor) verified logins.
• Spam filter/scanning adds an explanation to the SPAM content to show why a message was filtered.
• FIXES:
• For PHP warnings while in php strict mode.

What is new in version 2.5.2:

• Option to prevent remote posting to the WordPress Login system.

What is new in version 2.4.3:

• ADDED:
• Translations: Spanish, Italian, Turkish. (~15% complete)
• UPDATED:
• Hebrew Translations (100%)

What is new in version 2.4.1:

• ADDED:
• More strings to the translation set for better multilingual support.
• Portuguese (Brazil) translations (~40%).
• UPDATED:
• Hebrew Translations.
• FIXED:
• Automatic cleaning of database logs wasn't actually working as expected. Should now be fixed.

What is new in version 2.3.4:

• FIXED:
• Automatic updating of itself.

What is new in version 2.0.3:

• FIX:
• Accidentally removed the option to toggle "disable file editing". It's back now.

What is new in version 1.9.0:

• New WordPress Automatic Updates Configuration settings.

What is new in version 1.7.0:

• ADDED:
• Preliminary WordPress Multisite (WPMS/WPMU) support.
• CHANGED:
• The Firewall now kicks in on the 'plugins_loaded' hook instead of as the actual firewall plugin is initialized (as a result of WP Multisite support).

What is new in version 1.5.6:

• IMPROVED:
• Whitelist/Blacklist IP range processing to better cater for ranges when saving, with more thorough checking.
• Whitelist/Blacklist IP range processing for 32-bit systems.
• FIXED:
• A bug with Whitelist/Blacklist IP checking.

What is new in version 1.5.1:

• FIXED:
• Bug fix where IP address didn't show in email.
• Attempt to fix problem where update message never hides.

Requirements:

• WordPress 3.2 or higher