Admin Tools for WordPress

Emergency Off-Line switch

Put your site securely off-line in the case of an attack

Master Password

Prevent that client from breaking their site by »doing nothing«

Customize Permissions

ACL: fine-grained permissions, controlling which Admin Tools features each user can access.

Password protect WP administration

Protect access to your wp-admin directory with a username and password.

Change File & Folder Permissions

Easily change the permissions of all files and folders on your server. Permissions are fully customizable.

On-the-fly link rewrite

Automatically rewrite links to point to your new site. Optionally convert HTTP links to HTTPS.

Update WordPress salts

Update the WordPress salts in wp-config.php for maximum security when you create copies of sites.

Password expiration

Force users to change their passwords at a regular interval you define. You can choose which roles this policy applies to.

Post auto-save optimization

Choose how often WordPress auto-saves posts as you edit them and how many revisions of each post it will keep.

WordPress trash interval

Choose when WordPress will permanently delete posts, pages, attachments and comments from the trash bin. Or have it skip the trash bin altogether.

Manage WordPress hidden features

Easily manage WordPress features which are normally only accessible by editing the wp-config.php file such as: disable file editing, WordPress debug mode and debug log, JavaScript concatenation, memory limit and WordPress page caching.

Repair and optimise tables

Repair and optimise all of your site's tables.

URL redirection

Redirect old URLs or make your own URL shortener with features far beyond Joomla!'s

Malware detection

Monitor your site for changed or added PHP files and assess their potential for malicious behaviour

Settings import / export

Easily duplicate Admin Tools settings between your WordPress sites.

.htaccess and web.config Maker

Disable directory listings

Protect against common file injection attacks

Disable PHP Easter Eggs

Block access to security-sensitive files

Block web access to files such as htaccess.txt, php.ini, wp-config-sample.php or readme.html in your site's root

Protect against clickjacking

Reduce MIME type security risks

Reflected XSS prevention

Remove Apache and PHP version signature

Prevent content transformation

Block specific user agents

Block direct access to PHP files

Protection against direct access to PHP files. It can even block access to uploaded hacking scripts, mitigating the attack.

Force index.php parsing before index.html

Optimise expiration time

(good for SEO)

Compress static resources

Automatically compress static resources such as images, CSS, JS

Redirect index.php to site root

Redirect www / non-www

Redirect www to non-www, or non-www to www site, e.g. http://example.com to http://www.example.com

Redirect old domain name to new domain name

Force HTTPS for specific URLs

Force HTTPS even when WordPress doesn't let you to

Force HSTS header

Increase HTTPS security by telling browsers to never access the unprotected HTTP version of your site.

Disable HTTP methods TRACE and TRACK

Protect your site against XST attacks

Control the Cross-Origin Resource Sharing (CORS) policy of your site

Control if and what ETags will be sent

Optimize client-side caching of your site's content, especially when it's behind a load balancer.

Web Application Firewall

Customised exceptions

Down to the component, view or query string level

Full logging of blocked requests

E-Mail Notification at security exception

Send out an email when a security exception occurrs

IP deny list

Prevent access to your site by specific IP addresses or blocks of IP addresses

Administrator IP exclusive allow list

Only allow access to your site's administrator section by specific blocks of IP addresses

Change administrator login URL

(e.g. use http://www.example.com/mylogin instead of http://www.example.com/wp-login)

Away schedule

Prevent logging into wp-admin during a preset period every day, e.g. when you're definitely asleep.

SQLiShield protection

Catch and prevent most SQL injection attacks

Remote File Inclusion block

(RFIShield)

Remote PHP protocol block

(PHPShield)

Uploads scanner

(UploadShield)

Anti-spam filtering

Based on Bad Words list

Custom login error message

Don't tell the bad guys if a certain username exists on your site or not

Remove RSS links

Remove blog client links

Change login session duration

Disable editing users' properties

Prevent Administrator / Super Administrator accounts from being edited.

Block email domains from user registration

Hide/customise generator meta tag

Project Honeypot's HTTP:BL integration

Integration with Project Honeypot's HTTP:BL anti-spam / anti-hacker IP blocking directory

Auto-ban IPs

Auto-ban IPs causing excessive security exceptions (fully customisable)

Login E-Mail Notification

Send email on successful or failed administrator login

Customisable email templates and rate throttling for Admin Tools emails