Plugin0 - Build Features & Discover WordPress Plugins with AI
Explore
Home Plugins wordshield
WordPress Security Plugin – WordShield logo

WordPress Security Plugin – WordShield

by Store Prose on WordPress.org

A lightweight WordPress security plugin to prevent brute force attacks and disable XML-RPC.

(1)
Disable XML-RPC.

Disable XML-RPC.

A lightweight WordPress security plugin to prevent brute force attacks and disable XML-RPC.

What can you do with WordShield?

  • Brute Force Protection
  • Disable XML-RPC API exploits
  • Change default Login URL –Planned
  • Add Security Headers –Planned
  • Content Protection –Planned
  • Login Security –Planned
  • Hide Generator Tags
  • Disable PHP Editing

Future Roadmap

  • Stop user enumerations.
  • Request rate throttler.
  • Prevent comment spam.
  • IP Ban.
  • Prevent code execution.
  • 2FA
  • Backup & Restore.
  • Support for multisite.
  • Logs, Notifications, and more!

Note:

The current version of the WordShield Security plugin does not work in a multisite environment.

Advantages of WordShield Security Plugin

  • Lean Code— Unlike most other Security Plugins, WordShield focuses on the core functionalities and has zero bloat.
  • Ultrafast— This lightweight plugin adds negligible overhead to your website. Each new release is tested for performance before making it available for general use.
  • It added only 0.004 seconds of execution time in our internal performance profiling tests.*
  • Failsafe— This WordPress security plugin does not modify any core file. It does not alter the .htaccess file as well. With easy-to-use recovery options, you can be sure that your WordPress website will never break.
  • Best Practices— WordShield follows WordPress best practices and respects the coding standards.
  • Maintenance & Support— WordShield has a planned roadmap for the future. It is well-supported and updated for compatibility with each WordPress upgrade.

How to Limit Login Attempts in WordPress?

You can limit login attempts to your WordPress website using the WordShield security plugin. You can prevent Brute Force attacks with the following steps:

  • Open the settings screen after installing and activating the plugin.
  • Navigate to the Brute Force tab on the settings screen.
  • Set the maximum number of invalid attempts you want to allow for each user.
  • Set the time (in minutes) you want to lock a user account after exceeding the maximum number of invalid attempts.
  • If you do not want to prevent Brute Force attacks, select 0 for both of these settings.
  • Save the settings.

👉 The WordShield security plugin informs the user about the remaining retries before the account becomes locked.
👉 If an account gets locked, WordShield informs the user about the time to wait before trying to log in again.
👉 You can customize the default error messages in any language by keying in the message in the 2 optional fields.
👉 Use %%MINUTES_LEFT%% to show the time in minutes in your custom message. Use %%ATTEMPTS_LEFT%% to show the number of retries left in your custom message.

How to disable XML-RPC API exploits?

XML-RPC is enabled by default in every WordPress installation. While XML-RPC is necessary for certain services and plugins like Jetpack, it can make websites vulnerable to remote code injection.

You can protect your website from the XML-RPC vulnerability as follows:

  • Open the settings screen after installing and activating the plugin.
  • Navigate to the XML-RPC tab on the settings screen.
  • Check the Disable XML-RPC checkbox to disable XML-RPC completely.
  • If you are using JetPack, you can select the Enable Jetpack access so that the Jetpack plugin continues to work seamlessly.
  • If you need specific IPs to access XML-RPC API, key in the comma-separated list of IPs in the Whitelisted IPs field.
  • Save the settings.

How to Hide the Generator tags in WordPress?

WordPress and WooCommerce generator tags let the potential attackers can easily identify the specific version of WordPress (or WooCommerce) you are using. This, in turn, exposes technical vulnerabilities thereby making your site more susceptible to hacking attempts.

You can hide the generator tags in WordPress by the following steps.

  • Open the settings screen after installing and activating the plugin.
  • Navigate to the Extras tab on the settings screen.
  • Select the checkbox Remove Generator tags.
  • Save the settings.

How to disable PHP editing?

You can disable PHP editing to prevent accidental changes in plugins and themes causing a complete system crash.

You can disable PHP editing with the following steps:

  • Open the settings screen after installing and activating the plugin.
  • Navigate to the Extras tab on the settings screen.
  • Select the checkbox Disable PHP editing.
  • Select the checkbox Disable theme change if you want to hide the Appearance menu as well.
  • Save the settings.
Active installations0+
Weekly downloads
6-33.33%
Version1.1.1
Last updated1/23/2025
WordPress version5.0
Tested up to6.7.2
PHP version7.2
Tags
Brute Forcedisable xml-rpcsecurity

Related Plugins

wPadlock logo

wPadlock

wPadlock adds an additional PIN field to your login page and provides additional security against brute-force attacks

0+
Security Checker for Themes logo

Security Checker for Themes

Analyze your WordPress theme's PHP code for issues, security vulnerabilities, and adherence to coding standards with a detailed report and score.

0+
WM Secure and Optimize logo

WM Secure and Optimize

One place for site security and site performance. Secure and optimize your site to perform better. WM Secure and Optimize

0+