plugin-icon

HT Security

By WPFastSec·
Complete Security Suite: Security Headers, CVE Detection, Core Integrity Check, Login Alerts, and Maintenance Mode.
cve
headers
maintenance
Ratings
5
Version
1.5.0
Active installations
100
Last updated
Mar 15, 2026

HT Security is a complete security suite for WordPress, offering multiple layers of protection for your website.

Important – External Service: This plugin queries the National Vulnerability Database (NVD) API to check for known CVE vulnerabilities. Requests are made to: * API URL: https://services.nvd.nist.gov/rest/json/cves/2.0 * Terms of Use: https://nvd.nist.gov/general/legal-disclaimer * Privacy Policy: https://www.nist.gov/privacy-policy * Frequency: Automatic check every 12 hours or manual on-demand * Data sent: Name and version of WordPress/installed plugins (no personal data is sent)

The NVD API query is essential for the plugin’s CVE vulnerability detection functionality.

Key Features

  • Security Headers – HSTS, X-Frame-Options, Content-Security-Policy, and more
  • Login Alerts – Email notifications for successful and failed login attempts with rate limiting
  • Core Integrity Check – Verify WordPress core files against official checksums with 24h cache
  • CVE Vulnerability Detection – Check WordPress Core and active plugins against NVD database
  • User Enumeration Protection – Block user enumeration via REST API and author parameters
  • Maintenance Mode – Maintenance mode with authorized IP whitelist (IPv4, IPv6, CIDR support)
  • File Permissions Audit – Audit and automatic correction of critical file permissions
  • Plugin Security Indicators – Visual badges on plugins page showing vulnerability status

CVE Detection Features

  • Integration with NVD (National Vulnerability Database) API 2.0
  • Check WordPress Core and active plugins for known vulnerabilities
  • Intelligent batch processing with rate limiting
  • 8 layers of anti-false-positive validation
  • Vulnerability badges on plugins page (enable/disable option)
  • Dismissible alerts per user
  • Email notification when vulnerabilities are detected
  • Automatic check every 12 hours
  • NVD API Key support (increased rate limit)

Security Improvements in v1.5.0

  • IP Spoofing Fix – Properly detects real IP behind Cloudflare, proxies, and load balancers
  • Capability Check Fix – Authorization verified before processing
  • Rate Limiting by IP – More granular rate limiting for login alerts
  • Input Validation – Maximum length validation for feedback form

Supported Languages

  • English (US) – 100%
  • English (UK) – 100%
  • Português do Brasil – 100%
  • Português de Portugal – 100%
  • Español – 100%

License

This plugin is licensed under the GNU General Public License v2.0 or later. For more information, visit https://www.gnu.org/licenses/gpl-2.0.html.

Freeon paid plans
Get started
By installing, you agree to WordPress.com Terms of Service and Third-Party plugin Terms.
Tested up to
WordPress 6.9.4
This plugin is available for download for your site.
Download