{"id":99633,"date":"2019-03-11T10:45:52","date_gmt":"2019-03-11T10:45:52","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/secuplug\/"},"modified":"2026-05-25T23:46:44","modified_gmt":"2026-05-25T23:46:44","slug":"secuplug","status":"publish","type":"plugin","link":"https:\/\/srd.wordpress.org\/plugins\/secuplug\/","author":20856797,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"2.0.0","stable_tag":"2.0.0","tested":"7.0","requires":"4.9","requires_php":"7.4","requires_plugins":null,"header_name":"SecureFusion","header_author":"codeplusdev <contact@fyndsoft.com>","header_description":"Security plugin for wordpress.","assets_banners_color":"6a9999","last_updated":"2026-05-25 23:46:44","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/fyndsoft.com\/portfolio\/securefusion","header_author_uri":"https:\/\/profiles.wordpress.org\/codeplusdev\/","rating":5,"author_block_rating":0,"active_installs":10,"downloads":3272,"num_ratings":2,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.2.0":{"tag":"1.2.0","author":"ugurbicer","date":"2019-03-13 06:51:39"},"1.2.1":{"tag":"1.2.1","author":"ugurbicer","date":"2019-03-13 10:27:12"},"1.2.10":{"tag":"1.2.10","author":"ugurbicer","date":"2019-04-11 22:55:35"},"1.2.11":{"tag":"1.2.11","author":"ugurbicer","date":"2019-04-11 23:03:51"},"1.2.2":{"tag":"1.2.2","author":"ugurbicer","date":"2019-03-14 04:36:29"},"1.2.3":{"tag":"1.2.3","author":"ugurbicer","date":"2019-03-14 09:33:10"},"1.2.4":{"tag":"1.2.4","author":"ugurbicer","date":"2019-03-19 05:31:42"},"1.2.6":{"tag":"1.2.6","author":"ugurbicer","date":"2019-03-19 13:55:53"},"1.2.7":{"tag":"1.2.7","author":"ugurbicer","date":"2019-03-19 14:49:55"},"1.2.8":{"tag":"1.2.8","author":"ugurbicer","date":"2019-04-06 15:57:23"},"1.2.9":{"tag":"1.2.9","author":"ugurbicer","date":"2019-04-11 02:15:05"},"1.3":{"tag":"1.3","author":"ugurbicer","date":"2019-06-13 21:11:21"},"1.3.1":{"tag":"1.3.1","author":"ugurbicer","date":"2019-06-24 16:41:23"},"1.3.2":{"tag":"1.3.2","author":"ugurbicer","date":"2019-08-28 13:55:43"},"1.3.3":{"tag":"1.3.3","author":"ugurbicer","date":"2020-03-19 01:26:41"},"1.3.4":{"tag":"1.3.4","author":"ugurbicer","date":"2020-04-03 12:24:59"},"1.3.4.2":{"tag":"1.3.4.2","author":"ugurbicer","date":"2020-04-04 20:30:27"},"1.3.4.3":{"tag":"1.3.4.3","author":"ugurbicer","date":"2020-04-04 20:35:49"},"1.3.5":{"tag":"1.3.5","author":"ugurbicer","date":"2020-05-19 04:28:57"},"1.3.6":{"tag":"1.3.6","author":"ugurbicer","date":"2023-07-29 20:23:35"},"1.3.7":{"tag":"1.3.7","author":"ugurbicer","date":"2023-08-18 15:53:56"},"1.3.7.1":{"tag":"1.3.7.1","author":"ugurbicer","date":"2023-08-18 16:00:16"},"1.3.8":{"tag":"1.3.8","author":"ugurbicer","date":"2023-08-22 01:01:10"},"1.4.0":{"tag":"1.4.0","author":"ugurbicer","date":"2024-01-19 04:44:22"},"1.4.1":{"tag":"1.4.1","author":"codeplusdev","date":"2025-06-03 16:21:48"},"1.4.2":{"tag":"1.4.2","author":"codeplusdev","date":"2025-09-22 21:58:19"},"1.4.3":{"tag":"1.4.3","author":"codeplusdev","date":"2025-09-23 02:47:03"},"1.4.4":{"tag":"1.4.4","author":"codeplusdev","date":"2025-11-21 00:10:54"},"2.0.0":{"tag":"2.0.0","author":"codeplusdev","date":"2026-05-25 23:46:44"}},"upgrade_notice":[],"ratings":{"1":0,"2":0,"3":0,"4":0,"5":2},"assets_icons":{"icon.svg":{"filename":"icon.svg","revision":3366075,"resolution":false,"location":"assets","locale":false}},"assets_banners":{"banner-772x250.png":{"filename":"banner-772x250.png","revision":3366075,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.2.0","1.2.1","1.2.10","1.2.11","1.2.2","1.2.3","1.2.4","1.2.6","1.2.7","1.2.8","1.2.9","1.3","1.3.1","1.3.2","1.3.3","1.3.4","1.3.4.2","1.3.4.3","1.3.5","1.3.6","1.3.7","1.3.7.1","1.3.8","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","2.0.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3548402,"resolution":"1","location":"assets","locale":"","width":1280,"height":720},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3548402,"resolution":"2","location":"assets","locale":"","width":1280,"height":720},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3548402,"resolution":"3","location":"assets","locale":"","width":1280,"height":720},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3548402,"resolution":"4","location":"assets","locale":"","width":1280,"height":720},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3548402,"resolution":"5","location":"assets","locale":"","width":1280,"height":720},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3548402,"resolution":"6","location":"assets","locale":"","width":1280,"height":720}},"screenshots":{"1":"The WordPress Comments list integration allowing admins to block spam IPs and ranges directly.","2":"The IP Rules management screen for manually blocking or whitelisting specific IPs and CIDR ranges.","3":"The Failed and Successful Login Attempts log showing active filters and toolbar actions.","4":"The SecureFusion dashboard overview screen showing status cards for active modules and graphs of security events.","5":"The Security settings panel showing custom login URL configurations and CSP headers control.","6":"The IP Ranges management screen showing subnet CIDR blocks and the \"View IPs\" modal popup."}},"plugin_section":[],"plugin_tags":[2656,1174,600,1536,6558],"plugin_category":[54],"plugin_contributors":[221520,175572],"plugin_business_model":[],"class_list":["post-99633","plugin","type-plugin","status-publish","hentry","plugin_tags-anti-spam","plugin_tags-firewall","plugin_tags-security","plugin_tags-ssl","plugin_tags-xml-rpc","plugin_category-security-and-spam-protection","plugin_contributors-codeplusdev","plugin_contributors-ugurbicer","plugin_committers-codeplusdev","plugin_committers-ugurbicer"],"banners":{"banner":"https:\/\/ps.w.org\/secuplug\/assets\/banner-772x250.png?rev=3366075","banner_2x":false,"banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":"https:\/\/ps.w.org\/secuplug\/assets\/icon.svg?rev=3366075","icon":"https:\/\/ps.w.org\/secuplug\/assets\/icon.svg?rev=3366075","icon_2x":false,"generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/secuplug\/assets\/screenshot-1.png?rev=3548402","caption":"The WordPress Comments list integration allowing admins to block spam IPs and ranges directly."},{"src":"https:\/\/ps.w.org\/secuplug\/assets\/screenshot-2.png?rev=3548402","caption":"The IP Rules management screen for manually blocking or whitelisting specific IPs and CIDR ranges."},{"src":"https:\/\/ps.w.org\/secuplug\/assets\/screenshot-3.png?rev=3548402","caption":"The Failed and Successful Login Attempts log showing active filters and toolbar actions."},{"src":"https:\/\/ps.w.org\/secuplug\/assets\/screenshot-4.png?rev=3548402","caption":"The SecureFusion dashboard overview screen showing status cards for active modules and graphs of security events."},{"src":"https:\/\/ps.w.org\/secuplug\/assets\/screenshot-5.png?rev=3548402","caption":"The Security settings panel showing custom login URL configurations and CSP headers control."},{"src":"https:\/\/ps.w.org\/secuplug\/assets\/screenshot-6.png?rev=3548402","caption":"The IP Ranges management screen showing subnet CIDR blocks and the \"View IPs\" modal popup."}],"raw_content":"<!--section=description-->\n<p>Are you tired of bloated security plugins that slow down your website and clutter your database?<\/p>\n\n<p>SecureFusion is designed for WordPress site administrators, developers, and agency owners who demand lightweight, robust, and performance-optimized protection. It acts as an active shield against brute-force attacks, remote XML-RPC exploits, and malicious injections, while keeping your loading speeds lightning fast.<\/p>\n\n<p>SecureFusion helps you enforce strict Content Security Policies (CSP), hide standard administrative entry points, block automated traffic clusters, track successful\/failed logins, block spam comment IPs directly, and monitor unauthorized access patterns via a clean, modern dashboard.<\/p>\n\n<h3>Features<\/h3>\n\n<h4>1. Login Protection &amp; Interactive Monitoring<\/h4>\n\n<ul>\n<li><strong>Failed Login Attempts Log:<\/strong> Visually tracks unauthorized login attempts, displaying timestamps, IP addresses, and lockouts.<\/li>\n<li><strong>IP Range Clustering (\/24 Subnets):<\/strong> Groups attacking IPs into standard \/24 subnets. Admins can view individual subnet IPs and copy the CIDR lists to a firewall or Cloudflare blacklist.<\/li>\n<li><strong>Custom Login URL:<\/strong> Obfuscates <code>wp-login.php<\/code> and <code>wp-admin<\/code> access by changing it to a secret URL, stopping automated bots instantly.<\/li>\n<li><strong>Brute-Force Lockout:<\/strong> Restricts login attempts and locks out offending IPs.<\/li>\n<li><strong>Modify Login Errors:<\/strong> Alters generic authentication errors so hackers cannot verify whether they got the username or password correct.<\/li>\n<\/ul>\n\n<h4>2. Firewall &amp; Active Guard<\/h4>\n\n<ul>\n<li><strong>Filter Bad Requests:<\/strong> Screens URL requests to block XSS, CSRF, and code injection attempts before they reach your theme or database.<\/li>\n<li><strong>REST API Control:<\/strong> Restricts public endpoint scraping, preventing attackers from harvesting user lists or plugin info.<\/li>\n<li><strong>Content Security Policy (CSP):<\/strong> Easily configure and inject headers to control script, style, and media execution sources in the client browser.<\/li>\n<\/ul>\n\n<h4>3. XML-RPC Shield<\/h4>\n\n<ul>\n<li><strong>DDoS Amplification Defense:<\/strong> Fully disable XML-RPC, or selectively disable pingbacks, preventing your server from participating in DDoS botnets.<\/li>\n<li><strong>XML-RPC Login Protection:<\/strong> Specifically blocks remote credentials verification through XML-RPC.<\/li>\n<\/ul>\n\n<h4>4. Enforced SSL \/ HTTPS<\/h4>\n\n<ul>\n<li><strong>Secure Protocol Redirection:<\/strong> Forces HTTP to HTTPS redirection across admin screens, login pages, or the entire site to guarantee secure data transmission.<\/li>\n<\/ul>\n\n<h4>5. Comments IP Blocking &amp; Bulk Shield<\/h4>\n\n<ul>\n<li><strong>Individual Commenter IP Blocking:<\/strong> Block or unblock comment author IP addresses directly from the WordPress Comments list page.<\/li>\n<li><strong>Bulk Spam IP Blocking:<\/strong> Instantly block all IP addresses associated with spam comments currently in the Spam directory.<\/li>\n<li><strong>Smart CIDR Range Calculation:<\/strong> Option to block entire \/24 IPv4 subnets or \/64 IPv6 ranges of spam comments automatically based on IP distribution to stop persistent spam networks.<\/li>\n<\/ul>\n\n<h4>6. IP Spoofing Prevention &amp; Successful Login Tracking<\/h4>\n\n<ul>\n<li><strong>Successful Login Logging:<\/strong> Tracks successful logins to audit administrator and user access alongside failed login attempts.<\/li>\n<li><strong>IP Spoofing Prevention:<\/strong> Performs strict public vs. private IP checks on client headers (like HTTP_X_FORWARDED_FOR) to prevent attackers from spoofing their IP addresses when behind load balancers or proxies.<\/li>\n<\/ul>\n\n<p>For complete information, please visit our website <a href=\"https:\/\/fyndsoft.com\/securefusion\">the SecureFusion website<\/a>.<\/p>\n\n<h3>Credits<\/h3>\n\n<p>This plugin bundles and\/or utilizes the following third-party libraries:<\/p>\n\n<ul>\n<li><p><strong>Chart.js<\/strong> (v4.5.1)<\/p>\n\n<ul>\n<li>License: MIT<\/li>\n<li>License URI: https:\/\/github.com\/chartjs\/Chart.js\/blob\/master\/LICENSE.md<\/li>\n<li>Source: https:\/\/www.chartjs.org<\/li>\n<\/ul><\/li>\n<li><p><strong>persist-admin-notices-dismissal<\/strong><\/p>\n\n<ul>\n<li>License: GPLv3<\/li>\n<li>Source: https:\/\/github.com\/collizo4sky\/persist-admin-notices-dismissal<\/li>\n<\/ul><\/li>\n<li><p><strong>wasp<\/strong><\/p>\n\n<ul>\n<li>License: GPLv3<\/li>\n<li>Source: https:\/\/github.com\/uuur86\/wasp<\/li>\n<\/ul><\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Download and unzip the plugin into your WordPress plugins directory (usually <code>\/wp-content\/plugins\/<\/code>).<\/li>\n<li>Activate the plugin through the 'Plugins' menu in your WordPress Admin.<\/li>\n<li>Go to the Plugin's settings page and then it's up to you.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<p>If you have any questions, you can post <a href=\"https:\/\/wordpress.org\/support\/plugin\/secuplug\/\">a support request<\/a><\/p>\n\n<!--section=changelog-->\n<h4>2.0.0<\/h4>\n\n<ul>\n<li>Added: Comments Block module to block spam IPs directly from the edit-comments.php screen.<\/li>\n<li>Added: Support for bulk blocking spam comments and calculating CIDR subnets (IPv4 \/24 and IPv6 \/64).<\/li>\n<li>Added: Successful Login tracking to the Security Log.<\/li>\n<li>Added: Security log page with interactive filters, search, and CSV\/JSON export.<\/li>\n<li>Added: IP Range subnet grouping and manual IP\/CIDR blocking rules.<\/li>\n<li>Improved: Client IP detection with private\/public IP checking to prevent IP spoofing.<\/li>\n<li>Improved: Upgraded CSP configurations to use interactive tag-inputs with common presets (Google Fonts, Cloudflare, etc.).<\/li>\n<li>Updated: Text Domain to secuplug to match the plugin slug.<\/li>\n<li>Updated: Wasp library to v3.0.0<\/li>\n<li>Added: Intrusion log table to track and list unauthorized access attempts<\/li>\n<li>Added: New Content Security Policy (CSP) control fields<\/li>\n<li>Fixed: Issues related to missing CSP directives<\/li>\n<\/ul>\n\n<h4>1.4.4<\/h4>\n\n<ul>\n<li>Fixed: Fixed a PHP Fatal Error during initial plugin activation<\/li>\n<\/ul>\n\n<h4>1.4.3<\/h4>\n\n<ul>\n<li>Fixed: CSP bugs and optimized<\/li>\n<li>Fixed: Prevented cache plugins from corrupting header assignments<\/li>\n<\/ul>\n\n<h4>1.4.2<\/h4>\n\n<ul>\n<li>Fixed: The issue that caused the 500 error in Apache 2.4 has been resolved. htaccess is no longer used.<\/li>\n<li>Added: New CSP features<\/li>\n<li>Updated: Header settings in the firewall properties are now supported for NGINX and LiteSpeed servers.<\/li>\n<\/ul>\n\n<h4>1.4.1<\/h4>\n\n<ul>\n<li>Tested on the latest WordPress version<\/li>\n<\/ul>\n\n<h4>1.4.0<\/h4>\n\n<ul>\n<li>Added: Updates default settings on activate<\/li>\n<li>Updated: Dashboard and settings pages have been redesigned <\/li>\n<\/ul>\n\n<h4>1.3.8<\/h4>\n\n<ul>\n<li>Fixed: a bug in the 'Filter Bad Requests' feature that was preventing login. Users can now log in without issues.<\/li>\n<li>Updated: dashboard design and new plugin logo<\/li>\n<\/ul>\n\n<h4>1.3.7.1<\/h4>\n\n<ul>\n<li>Hotfix: deleted test codes<\/li>\n<\/ul>\n\n<h4>1.3.7<\/h4>\n\n<ul>\n<li>Fixed: \"Filter Bad Requests\" block cookie problem<\/li>\n<li>Added: Custom cookie and request regex fields added along with the Advanced tab.<\/li>\n<\/ul>\n\n<h4>1.3.6<\/h4>\n\n<ul>\n<li>Updated: Plugin name to \"SecureFusion\"<\/li>\n<li>Added: Auto settings migration code<\/li>\n<li>Added: Block IP address feature on failed login<\/li>\n<\/ul>\n\n<h4>1.3.5<\/h4>\n\n<ul>\n<li>Added: New firewall settings<\/li>\n<li>Updated: Disable Rest API feature will disable only the users service and the main service anymore. (Plugin issues are solved)<\/li>\n<\/ul>\n\n<h4>1.3.4.1<\/h4>\n\n<ul>\n<li>An incomplete and forgotten cookie security code that led to a problem has been disabled.<\/li>\n<\/ul>\n\n<h4>1.3.4<\/h4>\n\n<ul>\n<li>Added new firewall features<\/li>\n<\/ul>\n\n<h4>1.3.3<\/h4>\n\n<ul>\n<li>Fixed errors in js files<\/li>\n<\/ul>\n\n<h4>1.3.2<\/h4>\n\n<ul>\n<li>Fixed https and login page protect issues on admin-ajax.php<\/li>\n<\/ul>\n\n<h4>1.3.1<\/h4>\n\n<ul>\n<li>Fixed an exceptional case in the \"hide admin login url\" link.<\/li>\n<li>Added warning for no valid SSL certificate on the settings page<\/li>\n<li>Improved user experience for admin settings form<\/li>\n<\/ul>\n\n<h4>1.3<\/h4>\n\n<ul>\n<li>Improved SSL \/ HTTPS implementation<\/li>\n<li>Added settings notification<\/li>\n<li>Removed useless Run the scanner menu for now<\/li>\n<li>Visual enhancements<\/li>\n<\/ul>\n\n<h4>1.2.11<\/h4>\n\n<ul>\n<li>fixed access denied issue when changing schema https to http on admin page<\/li>\n<\/ul>\n\n<h4>1.2.10<\/h4>\n\n<ul>\n<li>testing for version 1.2.11<\/li>\n<\/ul>\n\n<h4>1.2.9<\/h4>\n\n<ul>\n<li>Fixed auto loading of fix ssl js file without enabling it<\/li>\n<li>Fixed SSL URL replacement and redirection<\/li>\n<li>Added ssl enable and force SSL options<\/li>\n<li>Added self pingback disable feature<\/li>\n<li>Visual enhancements<\/li>\n<\/ul>\n\n<h4>1.2.8<\/h4>\n\n<ul>\n<li>Fixed some HTTPS issues in wp-admin and wp-login<\/li>\n<\/ul>\n\n<h4>1.2.7<\/h4>\n\n<ul>\n<li>fixed infinite redirection<\/li>\n<\/ul>\n\n<h4>1.2.6<\/h4>\n\n<ul>\n<li>fixed admin auth-fallback login screen issue<\/li>\n<li>fixed some typos<\/li>\n<li>some minor changes<\/li>\n<\/ul>\n\n<h4>1.2.4<\/h4>\n\n<ul>\n<li>fixed https redirect<\/li>\n<\/ul>\n\n<h4>1.2.3<\/h4>\n\n<ul>\n<li>fixed https issue<\/li>\n<\/ul>\n\n<h4>1.2.1<\/h4>\n\n<ul>\n<li>Fixed some issues<\/li>\n<\/ul>\n\n<h4>1.2.0<\/h4>\n\n<ul>\n<li>Added composer autoload<\/li>\n<li>Fixed some typos<\/li>\n<li>added new functions to wp_common trait<\/li>\n<\/ul>","raw_excerpt":"Lightweight, high-performance security suite. Protects from brute-force logins, DDoS pingbacks, bad request injections, and manages CSP headers.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/srd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/99633","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/srd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/srd.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/srd.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=99633"}],"author":[{"embeddable":true,"href":"https:\/\/srd.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/codeplusdev"}],"wp:attachment":[{"href":"https:\/\/srd.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=99633"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/srd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=99633"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/srd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=99633"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/srd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=99633"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/srd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=99633"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/srd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=99633"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}