plugin-icon

Segurium

Oleh Segurium·
Restore original files, Anti-virus, Malware Scan, Bruteforce protection, Firewall, 2FA, Geo-blocking, and more for free.
Versi
0.1.8
Terakhir diperbarui
Jul 7, 2026
Segurium

Segurium is WordPress security without the bloat. Every hardening surface a site needs to survive the open internet — login protection, geo and IP gating, security headers, integrity verification, malware detection — ships in a single focused plugin. No ad walls, no background processes that chew through your shared-hosting CPU budget.

Behind the simple UI is a high-tech engine. Segurium hashes your files on the server and checks each SHA-256 against a continuously-updated, machine-learning-curated cloud verdict database — so most files are classified by hash alone, the scan is fast, the plugin stays small, and fresh threats are recognised the moment the classifier picks them up. When a file’s hash is not yet known to the cloud, Segurium uploads that file’s bytes for deeper analysis so you don’t get stuck with an unresolved verdict. We do not keep your files in the cloud. Nothing — not a hash, not a byte — is sent before you accept the service disclosure.

What you get on every install

Every feature below ships in the plugin and runs on every install — Free and Pro alike:

  • Two-factor authentication — TOTP apps, email fallback, backup codes, trusted devices, per-role enforcement and grace period.
  • Brute-force protection — Multi-tier lockouts on wp-login.php and XML-RPC, honeypot field, manual IP unlock, optional hCaptcha on login.
  • Geo-blocking — Block login or admin traffic by country using a local binary database (auto-updated), with a confirm-or-revert safety net so you can’t lock yourself out.
  • Firewall — Allow / deny IP rules, CIDR ranges and country-level filters with a single source-of-truth IP list shared across login, admin and request gating.
  • Security headers — Security HTTP response headers, cookie hardening (SameSite/Secure/HttpOnly), and five one-click preset modes.
  • Information Shield — Toggles that hide WordPress version fingerprints, discovery endpoints, asset ?ver= strings, and XML-RPC when you don’t use them.
  • Self-Check security grade — Checks roll up into an A+ to F grade, each with one-click Fix buttons and cross-referenced with external scanners.
  • Migration importer — Import your existing settings from Wordfence, All-In-One Security, Sucuri Security and Solid Security so you don’t lose your hardening when you switch.
  • Disaster recovery — Local encrypted backups can be extracted with a tiny PHP one-liner, even if Segurium is uninstalled.
  • Malware scanner — Full filesystem scan, and a unified “Threats” view across every scan.
  • Real-time and upload scanning — New and modified files are checked automatically; infected uploads are blocked before they land on disk.
  • Scheduled scans — Off / daily / weekly with a locale-aware time picker. A scheduled malware scan automatically chains an integrity scan behind it on the same cadence.
  • Integrity scan — Verify WordPress core, plugins and themes against upstream manifests. Spot tampered, delisted or abandoned components at a glance.
  • Bulk “Fix All” remediation — Queue every detected threat for cleanup in one click on both malware and integrity panels.
  • Auto-fix on detection — When real-time scanning flags a file, Segurium can clean it without waiting for an admin to open the dashboard.
  • Cleanup with encrypted, reversible backups — Before anything is cleaned, the original file is encrypted (AES-256-GCM) and stored locally. Backups are retained for up to 30 days, subject to per-bucket count and size caps. “Show original” and “Restore” are one click away.
  • Embedded support.

How the Pro service tier differs

Cleanups are performed by Segurium’s cloud service and counted against a per-installation quota. The Free service tier covers up to 3 cleanups per rolling 30 days — enough for an occasional incident on a typical site. The Pro service tier raises that quota for sites that need higher cleanup volume (recurring infections, agency portfolios, hosts under sustained attack). The plugin code, the detection engines, and every feature listed above are identical on both tiers; the only difference is the cleanup-quota ceiling enforced server-side.

Privacy by default

  • Scanning is opt-in. Until you explicitly accept the service disclosure on the plugin’s admin page, Segurium doesn’t contact the cloud and doesn’t start scanning.
  • Hash-first, body-on-miss. During a scan, files are checked by SHA-256 first. Only files whose hash is unknown to the cloud have their bytes uploaded for classification, so the volume of content actually leaving your server is small and bounded by what’s new on disk.
  • No telemetry on your visitors. Segurium looks at files and login attempts, not at the people who visit your site.
  • You’re in control of cleanup. Cleaning an infected file is always reliable, with backups.

Designed to stay lean

Segurium ships as a small PHP plugin with no bundled binaries, no vendored third-party scanners, and no hidden background daemons. The heavy lifting — classification, signature curation, integrity manifests — lives in our cloud service, so your WordPress install stays fast and your hosting bill stays flat.

External Services

Segurium connects to external services to keep your WordPress install protected. Each service is disclosed below with the data that is sent and when. Nothing is sent before you accept the service disclosure on the plugin’s admin page.

Segurium Cloud Threat Inspection (cti.segurium.com)

Segurium’s own cloud service provides malware verdicts, integrity manifests, auto-updated geo-location data, trusted-proxy IP ranges, support intake, cleanup files, and a per-installation cleanup quota that gates how many files the cloud will clean in a rolling 30-day window. The service is contacted when:

  • You accept the service disclosure on the plugin’s admin page (a one-time installation registration request is sent: a random commitment hash, your site name, your site URL, your WordPress version, and — if you enabled email alerts — the alert email address you entered).
  • A malware, integrity, real-time or upload scan is running.
  • You request cleanup of a specific infected file (the cleaned bytes are fetched from the cloud by hash; only the SHA-256 of the file you selected is sent in that request).
  • The scheduled GeoIP database update runs (daily).
  • The scheduled trusted-proxies update runs (daily).
  • The scheduled component-inventory ping runs (daily; sends the list of installed plugin/theme slugs and versions and your WordPress version, so we can spot tampered, delisted or abandoned components).
  • You submit a support request, false-positive report or missed-malware report from the plugin’s admin pages (the data you typed, plus the file bytes you attached, are sent).
  • You change a settings group (a settings snapshot of that area is sent so the cloud side stays in sync).
  • A brute-force lockout, geo-block or other security event fires (a small JSON payload with the event type, your site URL, your domain, your WordPress / PHP / plugin versions, and a SHA-256 hash of the username — never the username itself or the password — is sent).
  • You activate or deactivate the plugin (a one-line plugin_activated / plugin_deactivated ping is sent so the cloud side knows the install is no longer reachable; the deactivation ping is skipped entirely if you never accepted the service disclosure).

Data sent during scans: SHA-256 hashes of files on your server, file paths relative to your WordPress installation, file sizes, file modification times, plugin and theme version strings, and your WordPress version. For files whose SHA-256 is not yet known to the cloud verdict database, the file’s bytes are also uploaded so the file can be classified. This applies to malware scans and to real-time / upload scanning.

The cloud service is operated by Segurium, S.L. Each request from your installation is identified by a random installation identifier (IID) issued at registration time; we do not store or send any WordPress user data, content, or visitor information.

Freemius (api.freemius.com, checkout.freemius.com, wp.freemius.com)

Segurium uses the Freemius WordPress SDK (bundled in freemius/) to handle license activation, paid-plan checkout, and account management for the Pro plan. The SDK ships in anonymous mode: on activation Segurium tells the SDK to skip the connect prompt, so no request is sent to Freemius and no telemetry is collected from your install.

Freemius servers are contacted only when:

  • You explicitly click an upgrade or “Manage billing” button in the Segurium account page and complete the checkout on checkout.freemius.com.
  • You activate, sync or deactivate a Pro license through the account page (the SDK posts the licence key, your site URL, your WordPress / PHP versions, and the plugin version to api.freemius.com).

If you never visit the account page or never enter a licence, no request is ever made to Freemius from your site.

Freemius is operated by Freemius, Inc.

hCaptcha (js.hcaptcha.com, hcaptcha.com) — OPTIONAL

If, and only if, you enable hCaptcha on the brute-force-protection settings page and provide your own hCaptcha site key and secret key, Segurium will:

  • Load the hCaptcha JavaScript from https://js.hcaptcha.com/1/api.js on the wp-login.php page so the challenge can render.
  • Send the hCaptcha token and the visitor’s IP address to https://hcaptcha.com/siteverify to verify the challenge on login attempts.

hCaptcha is off by default. Until you enable it, no hCaptcha scripts or requests are loaded. hCaptcha is provided by Intuition Machines, Inc.; their terms and privacy policy apply when you enable the feature.

Source Code of Bundled Libraries

Segurium ships the Freemius WordPress SDK in freemius/ for licensing, checkout and support flows. A small number of files inside that SDK (freemius/assets/js/jquery.form.js and freemius/assets/js/postmessage.js) are minified upstream and shipped as-is. The unminified source for the entire SDK is published under GPL-3.0 at:

  • https://github.com/Freemius/wordpress-sdk

The SDK version bundled with this release is recorded in freemius/start.php ($this_sdk_version).

Gratisdi paket berbayar
Diuji hingga
WordPress 7.0.1
Plugin ini tersedia untuk diunduh untuk diinstal di situs .