Title: Security Optimizer – The All-In-One Protection Plugin Author: SiteGround Published: 5 сар 31, 2021 Last modified: 3 сар 31, 2026 --- Search plugins ![](https://ps.w.org/sg-security/assets/banner-772x250.png?rev=2971855) ![](https://ps.w.org/sg-security/assets/icon-256x256.gif?rev=2971855) # Security Optimizer – The All-In-One Protection Plugin By [SiteGround](https://profiles.wordpress.org/siteground/) [Download](https://downloads.wordpress.org/plugin/sg-security.1.6.0.zip) * [Details](https://mn.wordpress.org/plugins/sg-security/#description) * [Reviews](https://mn.wordpress.org/plugins/sg-security/#reviews) * [Installation](https://mn.wordpress.org/plugins/sg-security/#installation) * [Development](https://mn.wordpress.org/plugins/sg-security/#developers) [Support](https://wordpress.org/support/plugin/sg-security/) ## Description **Bulletproof your website security in a few clicks against a range of security breaches, including brute-force attacks, malware threats and bots, with our free WordPress security plugin – Security Optimizer.** Proactively monitor your site’s security to detect any suspicious activity and take immediate actions to protect your site and prevent further damage with these essential features: * Enable **2FA (Two-Factor Authentication)** for an extra layer of website security * Set **Limit Login Attempts** to deter malicious login attempts and brute-force attacks * Change your default login URL to **Custom Login URL** to avoid attacks * Activate **Advanced XSS Protection** to fortify your website against malicious attacks * **Lock and Protect System Folders** to ensure no unauthorized or malicious scripts can be executed in your system folders * **Disable Themes & Plugins Editor** to safeguard your website from unauthorized access via the WordPress editor * **Hide WordPress Version** effortlessly, keeping it hidden from prying eyes * Use **Activity Log** to monitor your site and quickly prevent malicious actions * **Post-Hack Actions** to take immediate actions and prevent further damages Developed by the website security experts at [SiteGround](https://www.siteground.com/wordpress-plugins/siteground-security) and trusted by over 900,000 webmasters for its robust security shield and ease of use to safeguard WordPress applications from possible attacks on any hosting platform. #### AWARDS: [Monster Awards 2022](https://www.templatemonster.com/awards/winners-2022/): Best WordPress Security Plugin 🥇 [Monster Awards 2021](https://www.templatemonster.com/awards/winners-2021/): Best WordPress Security Plugin 🥇 #### Plugin Video #### Plugin Tutorial Unveil the vast array of features and unleash the full potential of our security plugin in our [Security Optimizer Tutorial](https://www.siteground.com/tutorials/wordpress/sg-security/). ### SITE PROTECTION FEATURES Safeguard your WordPress application using our powerful site security toolset. Our comprehensive features are specifically designed to strengthen your website’s defenses against malware, exploits, and various malicious activities. With these tools at your disposal, you can ensure the utmost bot, malware and brute force protection for your website: #### Lock and Protect System Folders Ensure the maximum security for your application’s system folders by preventing the execution of any unauthorized or malicious scripts. The Lock and Protect System Folders feature acts as a powerful shield against potential threats. #### Hide WordPress Version Protect your website from mass attacks by hiding the WordPress version, which helps to mitigate version-specific vulnerabilities. #### Disable Themes & Plugins Editor Enhance the security of your WordPress admin area by disabling the Themes & Plugins Editor, preventing potential coding errors and unauthorized access through the editor. #### Disable XML-RPC Mitigate potential security risks by disabling the XML-RPC protocol, which has been exploited in various attacks. Please note that disabling XML-RPC will restrict WordPress from communicating with third-party systems. We recommend enabling this feature unless you have a specific need for it. #### Disable RSS and ATOM Feeds Prevent content scraping and specific attacks on your site by disabling RSS and ATOM feeds. Unless you have readers accessing your site via RSS readers, it is recommended to keep this feature enabled. #### Advanced XSS Protection Add an extra layer of website security against cross-site scripting (XSS) attacks by enabling Advanced XSS Protection, bolstering the overall security of your website. #### Delete Default Readme.html Eliminate potential vulnerabilities by deleting the default readme.txt file, which contains information about your website. By removing this file, you reduce the risk of your site being listed in vulnerable sites targeted by hackers. ### Login Security #### Custom Login Url Personalize your login URL to thwart potential attacks and create a strong entry point. Bid farewell to the default login URL and embrace a bespoke path of your choosing. Additionally, you have the freedom to modify the default sign-up URL as well. #### Login Access Restrict login page access to specific IP addresses or IP ranges, effectively thwarting malicious login attempts and deterring brute force attacks. #### 2FA (Two-Factor Authentication) Immerse your website in an impenetrable shield of security with 2FA. This formidable feature demands that all admin users furnish a unique token, generated exclusively through the Google Authentication application, during the login process. #### Disable Common Usernames Don’t fall victim to predictable security breaches! The use of common usernames, such as ‘admin,’ poses a significant threat to the integrity of your website. Activate this option to disable the creation of common usernames. If any weak usernames already exist, we’ll prompt you to provide new, stronger alternatives. #### Limit Login Attempts Maintain control over unauthorized access attempts with Limit Login Attempts. Set a specific threshold for the number of login failures users can endure before consequences arise. After reaching the limit, the IP address associated with the unsuccessful login attempts will be blocked for one hour. Persistent failures will result in longer restrictions, starting with 24 hours and escalating to a week. ### ACTIVITY MONITORING Monitor your website and login page for unauthorized visitors and brute force attempts to prevent malicious actions #### Activity Log The Activity Log page provides you with a comprehensive view of the activities performed by registered, unknown, and blocked visitors. It allows you to closely monitor any suspicious behavior and take appropriate actions in case of a compromised user, plugin, or hacking attempt. You can leverage the quick tools available to swiftly block future attempts. #### Weekly Security Reports Receive a weekly traffic summary for your website directly to your inbox. This ** Weekly Security Report** compiles data on both bot and human traffic, along with details about blocked login and visit attempts to proactively monitor traffic and promptly identify suspicious activity. ### POST-HACK ACTIONS Take immediate measures to protect your website if you suspect a compromise and prevent further damage. Here, you’ll find convenient solutions to address the situation effectively: #### Reinstall All Free Plugins In the event of a hack, utilizing the Reinstall All Free Plugins feature can help mitigate potential harm. This action reinstalls all of your free plugins, reducing the likelihood of additional exploits or the reuse of malicious code. #### Log Out All Users To prevent any further unauthorized activities by users or attackers, you can choose to log out all users instantly using the Log Out All Users feature. #### Force Password Reset By enforcing a password reset, you can ensure that all users are prompted to change their passwords during their next login. This not only strengthens the security of their accounts but also immediately logs out all currently logged-in users. ### Requirements * WordPress 4.7 * PHP 7.0 * Working .htaccess file ### Data Collection Collection of technical data is optional and is [listed here](https://www.siteground.com/kb/what-information-wp-plugins-collect). This data is collected only for technical analysis, improvements and the possibility to contact the plugin user in case urgent issues need to be fixed (for example a critical security release that needs to be communicated to site owners). The plugin user can manage their preferences within the WP admin to control the collection of technical data. We advise opting in for this data collection, as it can enhance the plugin’s performance. You may find more information on data collection in our [Plugins Privacy Notice](https://www.siteground.com/viewtos/siteground_plugins_privacy_notice). ## Screenshots * [[ * [[ * [[ * [[ * [[ ## Installation #### Automatic Installation 1. Go to Plugins -> Add New 2. Search for “Security Optimizer by SiteGround” 3. Click on the Install button under the Security Optimizer by SiteGround plugin 4. Once the plugin is installed, click on the Activate plugin link #### Manual Installation 1. Login to the WordPress admin panel and go to Plugins -> Add New 2. Select the ‘Upload’ menu 3. Click the ‘Choose File’ button and point your browser to the sg-security.zip file you’ve downloaded 4. Click the ‘Install Now’ button 5. Go to Plugins -> Installed Plugins and click the ‘Activate’ link under the WordPress Security Optimizer by SiteGround listing ## Reviews ![](https://secure.gravatar.com/avatar/d0033d93efc0a12337b61e86c29f485aff5f9c5e1e7935e041f8d160fa3d56f4? s=60&d=retro&r=g) ### 󠀁[Works great](https://wordpress.org/support/topic/works-great-9017/)󠁿 [GregW](https://profiles.wordpress.org/gwmbox/) 3 сар 28, 2026 Easy to install and use. It provides more than login protection, it provides file protection, active logging, disabling file access, change the login url and so on. All whilst being a small non resource hogging solution. Much better and complete than all the small brute force login attempt plugins available that I have tested extensively. ![](https://secure.gravatar.com/avatar/8579766b6d72e5418a421a8384a91082ceb807ec62516fdc15f447918bf70712? s=60&d=retro&r=g) ### 󠀁[Good Security Control](https://wordpress.org/support/topic/helpful-security-tool-2/)󠁿 [sahara8](https://profiles.wordpress.org/sahara8/) 3 сар 13, 2026 1 reply Installed it to improve my site security. The interface is simple, and most features work well. Had to tweak a few settings, but nothing complicated. Overall, pretty useful plugin. tnx devs. ![](https://secure.gravatar.com/avatar/34556a094a7ba3a09df6253de7f2cffd063c2f4b9043e1b5f867c3554ddd05bd? s=60&d=retro&r=g) ### 󠀁[sgs_whitelist_wp_content custom filter doesn’t work](https://wordpress.org/support/topic/sgs_whitelist_wp_content-custom-filter-doesnt-work/)󠁿 [Apple.WP-Dev](https://profiles.wordpress.org/red-apple/) 2 сар 2, 2026 1 reply This plugin seems to be designed for SiteGround hosting only. I am using SiteGround, and the plugin works well except for the file whitelisting feature. I applied the sgs_whitelist_wp_content custom filter from the SiteGround documentation; while it resolved the Apache error, the file is still being blocked. This is a known issue for myself and others, specifically regarding the TranslatePress trp-ajax.php file. ![](https://secure.gravatar.com/avatar/fed9b48f6dc7a865dacb6140fb71c52f8e06388f8f79eab68209a3cc0fd822f2? s=60&d=retro&r=g) ### 󠀁[Horrible. Clashes with everything. Breaches GDPR](https://wordpress.org/support/topic/horrible-breaches-gdpr/)󠁿 [dongermibbs](https://profiles.wordpress.org/dongermibbs/) 12 сар 25, 2025 1 reply This plugin has caused nothing but endless problems. It clashes with Elementor and Papal payment plugins. Of course, all Siteground do is blame the other companies, as if their plugin is perfect. Worst of all it repeatedly asks you to consent to sending data to Siteground. There is no refusal box. So the box pops up every time you choose a different menu selection. It is a cynical attempt to get you tick the box, and allow them to abuse your data, to make it go away. I intend to report Siteground to the ICO for this invasive demand. ![](https://secure.gravatar.com/avatar/5d44c571551cb0ab1841d352cc0752e7a17c33d031b14342f7fcfeb90d85dc8b? s=60&d=retro&r=g) ### 󠀁[Excellent](https://wordpress.org/support/topic/excellent-14150/)󠁿 [alaidlaw](https://profiles.wordpress.org/alaidlaw/) 12 сар 23, 2025 Excellent easy to follow info ![](https://secure.gravatar.com/avatar/d0523a50aeeb1b462e9d499e86ca538b4d0e9ab95015a631788cbf9eea63b05e? s=60&d=retro&r=g) ### 󠀁[Excellent](https://wordpress.org/support/topic/excellent-14100/)󠁿 [solucionespirita](https://profiles.wordpress.org/solucionespirita/) 10 сар 28, 2025 fulfills its purpose completely, very good [ Read all 153 reviews ](https://wordpress.org/support/plugin/sg-security/reviews/) ## Contributors & Developers “Security Optimizer – The All-In-One Protection Plugin” is open source software. The following people have contributed to this plugin. Contributors * [ SiteGround ](https://profiles.wordpress.org/siteground/) * [ Hristo Pandjarov ](https://profiles.wordpress.org/hristo-sg/) * [ Stanimir Stoyanov ](https://profiles.wordpress.org/sstoqnov/) * [ Stoyan Georgiev ](https://profiles.wordpress.org/stoyangeorgiev/) * [ Elena Chavdarova ](https://profiles.wordpress.org/elenachavdarova/) * [ Ignat Georgiev ](https://profiles.wordpress.org/ignatggeorgiev/) * [ Asparuh Tenev ](https://profiles.wordpress.org/asparuhtenev/) “Security Optimizer – The All-In-One Protection Plugin” has been translated into 12 locales. Thank you to [the translators](https://translate.wordpress.org/projects/wp-plugins/sg-security/contributors) for their contributions. [Translate “Security Optimizer – The All-In-One Protection Plugin” into your language.](https://translate.wordpress.org/projects/wp-plugins/sg-security) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/sg-security/), check out the [SVN repository](https://plugins.svn.wordpress.org/sg-security/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/sg-security/) by [RSS](https://plugins.trac.wordpress.org/log/sg-security/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### Version 1.6.0 Release Date Mar 30th, 2026 * Security improvements * Activity Log improvements * Third-party plugin compatibility improvements #### Version 1.5.9 Release Date Jan 15th, 2026 * Third-party plugin compatibility improvements * Custom URL improvements * Weekly Report improvements * Security Improvements #### Version 1.5.8 Release Date Dec 4th, 2025 * Custom Login improvements * Login Security improvements * Security improvements #### Version 1.5.7 Release Date Nov 21st, 2024 * Translation loading improvements #### Version 1.5.6 Release Date: Oct 9th, 2024 * Custom Login URL improvements * 2FA improvements * Activity Log improvements #### Version 1.5.5 Release Date: Sep 18th, 2024 * Options improvements. * Block Service improvements. #### Version 1.5.4 Release Date: Sep 10th, 2024 * Activity log code improvements. * Salt Shaker code improvements. #### Version 1.5.3 Release Date: Aug 27th, 2024 * Code Improvements. #### Version 1.5.2 Release Date: Aug 1st, 2024 * Improved Custom Login Url handling * Improved Plugins Reinstall actions * Improved Translations * Improved plugin config * Fixed deprecated warnings in custom WP-CLI commands #### Version 1.5.1 Release Date: July 17th, 2024 * Improved Activity log bot detection * Improved Activity log logout handling * Improved 2FA with third-party custom logins * Improved compatibility with third-party plugins * Security improvements related to plugin notices #### Version 1.5.0 Release Date: May 23rd, 2024 * Improved support for PHP 8.2 and 8.3. * Improved plugin configuration. #### Version 1.4.13 Release Date: Mar 27th, 2024 * Plugin optimization. #### Version 1.4.12 Release Date: Feb 20th, 2024 * Bugfixes related to cookies and 2FA #### Version 1.4.11 Release Date: Feb 14th, 2024 * Security improvements related to cookies * Performance improvements #### Version 1.4.10 Release Date: Jan 11th, 2024 * Static assets are now part of the plugin package and load locally. * New users will be prompted to give their consent for the collection of technical data upon their initial use of the plugin. #### Version 1.4.9 Release Date: Dec 12th, 2023 * Improved detection of bots in activity log * Improved feature “Reinstall All Free Plugins” – deactivated plugins no longer get activated after the reinstall. #### Version 1.4.8 Release Date: Nov 22nd, 2023 * Dashboard visuals improvements * Readme file improvements * Weekly Security Report improved translations #### Version 1.4.7 Release Date: Oct 24th, 2023 * Data collection opt out option * Readme file formatting improvements * Plugin name formatting improvements * Weekly Activity Report Sending Schedule Randomisation #### Version 1.4.6 Release Date: Sept 26th, 2023 * Changing the name we use inside the plugin from SiteGround Security to Security Optimizer * Updating data collection process and Introducing a link in the plugin interface to the Plugin Privacy notice #### Version 1.4.5 Release Date: May 4th, 2023 * Improved log cleanup #### Version 1.4.4 Release Date: May 3rd, 2023 * Improved Visitors DB table indexing * Block service restored #### Version 1.4.3 Release Date: Apr 27th, 2023 * Block service temporally disabled #### Version 1.4.2 Release Date: Apr 27th, 2023 * Improved Activity Log process and filters * Improved restricted login response code * Improved PHP 8.2 compatibility * Alternative constant added for non-standard cron job usage #### Version 1.4.1 Release Date: Feb 23rd, 2023 * Internal configuration improvements #### Version 1.4.0 Release Date: Feb 1st, 2023 * Internal configuration changes #### Version 1.3.9 Release Date: Jan 25th, 2023 * Improved Foogra Theme support #### Version 1.3.8 Release Date: Dec 6th, 2022 * Improved Rest response * Improved Settings Page checks * Improved Disable Themes & Plugins Editor #### Version 1.3.7 Release Date: Nov 15th, 2022 * SG Security Dashboard bugfix * Improved 2FA Encryption key validation * Improved Custom Login/Register URL validation * Improved LiteSpeed Cache support * Option to use custom 2FA encryption key filepath #### Version 1.3.6 Release Date: Nov 8th, 2022 * Improved 2FA security with encryption * Improved Access Log filters * New WP-CLI command: reset all users 2FA setup #### Version 1.3.5 Release Date: Oct 18th, 2022 * Improved Custom Login URL * Improved Activity log #### Version 1.3.4 Release Date: Oct 10th, 2022 * Install service fix #### Version 1.3.3 Release Date: Oct 10th, 2022 * New Manage Activity Log option * New filter – Disable activity log * Improved Custom login url * Improved WP-CLI support * Improved Jetpack plugin support * Improved error handling * Minor bug fixes * Legacy code removed #### Version 1.3.2 Release Date: Sept 21st, 2022 * 2FA Backup codes security strengthening #### Version 1.3.1 Release Date: Sept 13th, 2022 * 2FA Authentication Security Strengthening * IP Address detection Security Strengthening #### Version 1.3.0 Release Date: July 14th, 2022 * Brand New Design * Improved 2FA Authentication compatibility with Elementor custom login pages * Improved data collection * Minor fixes #### Version 1.2.9 Release Date: June 20th, 2022 * NEW Filters for “Lock and Protect System Folders” excludes * Improved IP Ranges support * Improved Blocked IP addresses list * Improved Delete the Default Readme.html * Improved 2FA Authentication validation * Improved 2FA Authentication support for “My Account” login * Improved Data Collection * Minor fixes #### Version 1.2.8 Release Date: May 18th, 2022 * Improved plugin security #### Version 1.2.7 Release Date: April 8th, 2022 * Minor bug fixes #### Version 1.2.6 Release Date: April 7th, 2022 * 2FA Refactoring #### Version 1.2.5 Release Date: April 6th, 2022 * 2FA Authentication refactoring * Improved Weekly Emails * HTST service deprecated #### Version 1.2.4 Release Date: March 16th, 2022 * Improved Weekly Emails * Improved Woocommerce Payments plugin support * 2FA Authentication Security Strengthening #### Version 1.2.3 Release Date: March 11th, 2022 * 2FA Authentication Security Strengthening #### Version 1.2.2 Release Date: March 11th, 2022 * 2FA Authentication Security Strengthening #### Version 1.2.1 Release Date: March 9th, 2022 * Improved Weekly reports * Improved HTTP Headers service * Code Refactoring #### Version 1.2.0 Release Date: February 28th, 2022 * NEW – Weekly Reports * Code Refactoring and General Improvements * Improved 2FA user role support * Improved error handling * Improved Limit Login IP Range support * Improved Event log * Improved Phlox theme support * Minor fixes * Improved WP-CLI support * Environment data collection consent added #### Version 1.1.3 Release Date: October 1st, 2021 * Improved Hide WP version functionality #### Version 1.1.2 Release Date: August 20th, 2021 * Improved Custom Login URL functionality * Improved 2FA * Improved success/error messages #### Version 1.1.1 Release Date: August 12th, 2021 * Improved 2FA * Improved logout functionality #### Version 1.1.0 Release Date: July 27th, 2021 * NEW! Added 2FA backup codes to the profile edit page * NEW! Custom login and registration URLs * NEW! Added automatic HSTS headers generation * Improved Disable common usernames functionality * Improved Mass Logout Service * Improved Activity Logging and added custom labeling * Improved Password Reset functionality #### Version 1.0.4 * Improved Limit Login Attempts #### Version 1.0.3 * Fixed rating box bug on safari * Improved RSS & ATOM Feed Disabler service #### Version 1.0.2 * Added filter to configure log lifetime * Added WP CLI support * Improved strings #### Version 1.0.1 * Added defaults on install * Improved translation support * Added cleanup on uninstall #### Version 1.0.0 * First stable release. #### Version 0.1 * Initial release. ## Meta * Version **1.6.0** * Last updated **6 өдөр ago** * Active installations **1+ million** * WordPress version ** 4.7 or higher ** * Tested up to **6.9.4** * PHP version ** 7.0 or higher ** * Languages * [Arabic](https://ar.wordpress.org/plugins/sg-security/), [Dutch](https://nl.wordpress.org/plugins/sg-security/), [English (US)](https://wordpress.org/plugins/sg-security/), [French (France)](https://fr.wordpress.org/plugins/sg-security/), [German](https://de.wordpress.org/plugins/sg-security/), [Italian](https://it.wordpress.org/plugins/sg-security/), [Russian](https://ru.wordpress.org/plugins/sg-security/), [Spanish (Chile)](https://cl.wordpress.org/plugins/sg-security/), [Spanish (Colombia)](https://es-co.wordpress.org/plugins/sg-security/), [Spanish (Ecuador)](https://es-ec.wordpress.org/plugins/sg-security/), [Spanish (Mexico)](https://es-mx.wordpress.org/plugins/sg-security/), [Spanish (Spain)](https://es.wordpress.org/plugins/sg-security/), [Spanish (Venezuela)](https://ve.wordpress.org/plugins/sg-security/). * [Translate into your language](https://translate.wordpress.org/projects/wp-plugins/sg-security) * Tags * [firewall](https://mn.wordpress.org/plugins/tags/firewall/)[login](https://mn.wordpress.org/plugins/tags/login/) [malware scanner](https://mn.wordpress.org/plugins/tags/malware-scanner/)[security](https://mn.wordpress.org/plugins/tags/security/) [web application firewall](https://mn.wordpress.org/plugins/tags/web-application-firewall/) * [Advanced View](https://mn.wordpress.org/plugins/sg-security/advanced/) ## Ratings 4.5 out of 5 stars. * [ 128 5-star reviews ](https://wordpress.org/support/plugin/sg-security/reviews/?filter=5) * [ 5 4-star reviews ](https://wordpress.org/support/plugin/sg-security/reviews/?filter=4) * [ 4 3-star reviews ](https://wordpress.org/support/plugin/sg-security/reviews/?filter=3) * [ 3 2-star reviews ](https://wordpress.org/support/plugin/sg-security/reviews/?filter=2) * [ 13 1-star reviews ](https://wordpress.org/support/plugin/sg-security/reviews/?filter=1) [Add my review](https://wordpress.org/support/plugin/sg-security/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/sg-security/reviews/) ## Contributors * [ SiteGround ](https://profiles.wordpress.org/siteground/) * [ Hristo Pandjarov ](https://profiles.wordpress.org/hristo-sg/) * [ Stanimir Stoyanov ](https://profiles.wordpress.org/sstoqnov/) * [ Stoyan Georgiev ](https://profiles.wordpress.org/stoyangeorgiev/) * [ Elena Chavdarova ](https://profiles.wordpress.org/elenachavdarova/) * [ Ignat Georgiev ](https://profiles.wordpress.org/ignatggeorgiev/) * [ Asparuh Tenev ](https://profiles.wordpress.org/asparuhtenev/) ## Support Issues resolved in last two months: 3 out of 4 [View support forum](https://wordpress.org/support/plugin/sg-security/)