plugin-icon

HT Security

Door WPFastSec·
Complete Security Suite: Security Headers, CVE Detection, Core Integrity Check, Login Alerts, and Maintenance Mode.
cve
headers
maintenance
Beoordelingen
5
Versie
1.5.0
Actieve installaties
100
Laatst bijgewerkt
Mar 15, 2026

HT Security is a complete security suite for WordPress, offering multiple layers of protection for your website.

Important – External Service: This plugin queries the National Vulnerability Database (NVD) API to check for known CVE vulnerabilities. Requests are made to: * API URL: https://services.nvd.nist.gov/rest/json/cves/2.0 * Terms of Use: https://nvd.nist.gov/general/legal-disclaimer * Privacy Policy: https://www.nist.gov/privacy-policy * Frequency: Automatic check every 12 hours or manual on-demand * Data sent: Name and version of WordPress/installed plugins (no personal data is sent)

The NVD API query is essential for the plugin’s CVE vulnerability detection functionality.

Key Features

  • Security Headers – HSTS, X-Frame-Options, Content-Security-Policy, and more
  • Login Alerts – Email notifications for successful and failed login attempts with rate limiting
  • Core Integrity Check – Verify WordPress core files against official checksums with 24h cache
  • CVE Vulnerability Detection – Check WordPress Core and active plugins against NVD database
  • User Enumeration Protection – Block user enumeration via REST API and author parameters
  • Maintenance Mode – Maintenance mode with authorized IP whitelist (IPv4, IPv6, CIDR support)
  • File Permissions Audit – Audit and automatic correction of critical file permissions
  • Plugin Security Indicators – Visual badges on plugins page showing vulnerability status

CVE Detection Features

  • Integration with NVD (National Vulnerability Database) API 2.0
  • Check WordPress Core and active plugins for known vulnerabilities
  • Intelligent batch processing with rate limiting
  • 8 layers of anti-false-positive validation
  • Vulnerability badges on plugins page (enable/disable option)
  • Dismissible alerts per user
  • Email notification when vulnerabilities are detected
  • Automatic check every 12 hours
  • NVD API Key support (increased rate limit)

Security Improvements in v1.5.0

  • IP Spoofing Fix – Properly detects real IP behind Cloudflare, proxies, and load balancers
  • Capability Check Fix – Authorization verified before processing
  • Rate Limiting by IP – More granular rate limiting for login alerts
  • Input Validation – Maximum length validation for feedback form

Supported Languages

  • English (US) – 100%
  • English (UK) – 100%
  • Português do Brasil – 100%
  • Português de Portugal – 100%
  • Español – 100%

License

This plugin is licensed under the GNU General Public License v2.0 or later. For more information, visit https://www.gnu.org/licenses/gpl-2.0.html.

Gratisvoor betaalde abonnementen
Aan de slag
Door te installeren, ga je akkoord met de Servicevoorwaarden van WordPress.com en de voorwaarden voor plugins van derden.
Getest tot
WordPress 6.9.4
Deze plugin kan worden gedownload, zodat je hem op je kan gebruiken.
Downloaden