plugin-icon

HT Security

Автор: WPFastSec·
Complete Security Suite: Security Headers, CVE Detection, Core Integrity Check, Login Alerts, and Maintenance Mode.
cve
headers
maintenance
Рейтинги
5
Версия
1.5.0
Активные установки
100
Последние изменения
Mar 15, 2026

HT Security is a complete security suite for WordPress, offering multiple layers of protection for your website.

Important — External Service: This plugin queries the National Vulnerability Database (NVD) API to check for known CVE vulnerabilities. Requests are made to: * API URL: https://services.nvd.nist.gov/rest/json/cves/2.0 * Terms of Use: https://nvd.nist.gov/general/legal-disclaimer * Privacy Policy: https://www.nist.gov/privacy-policy * Frequency: Automatic check every 12 hours or manual on-demand * Data sent: Name and version of WordPress/installed plugins (no personal data is sent)

The NVD API query is essential for the plugin’s CVE vulnerability detection functionality.

Key Features

  • Security Headers — HSTS, X-Frame-Options, Content-Security-Policy, and more
  • Login Alerts — Email notifications for successful and failed login attempts with rate limiting
  • Core Integrity Check — Verify WordPress core files against official checksums with 24h cache
  • CVE Vulnerability Detection — Check WordPress Core and active plugins against NVD database
  • User Enumeration Protection — Block user enumeration via REST API and author parameters
  • Maintenance Mode — Maintenance mode with authorized IP whitelist (IPv4, IPv6, CIDR support)
  • File Permissions Audit — Audit and automatic correction of critical file permissions
  • Plugin Security Indicators — Visual badges on plugins page showing vulnerability status

CVE Detection Features

  • Integration with NVD (National Vulnerability Database) API 2.0
  • Check WordPress Core and active plugins for known vulnerabilities
  • Intelligent batch processing with rate limiting
  • 8 layers of anti-false-positive validation
  • Vulnerability badges on plugins page (enable/disable option)
  • Dismissible alerts per user
  • Email notification when vulnerabilities are detected
  • Automatic check every 12 hours
  • NVD API Key support (increased rate limit)

Security Improvements in v1.5.0

  • IP Spoofing Fix — Properly detects real IP behind Cloudflare, proxies, and load balancers
  • Capability Check Fix — Authorization verified before processing
  • Rate Limiting by IP — More granular rate limiting for login alerts
  • Input Validation — Maximum length validation for feedback form

Supported Languages

  • English (US) — 100%
  • English (UK) — 100%
  • Português do Brasil — 100%
  • Português de Portugal — 100%
  • Español — 100%

License

This plugin is licensed under the GNU General Public License v2.0 or later. For more information, visit https://www.gnu.org/licenses/gpl-2.0.html.

Бесплатнов платных тарифах
Начало работы
Устанавливая, вы принимаете условия предоставления услуг WordPress.com и условия стороннего разработчика плагина.
Проверено на
WordPress 6.9.4
Этот плагин можно скачать и использовать при .
Загрузить