TotalWeb – Security, Firewall & Malware Scanner

TotalWeb offers a multi-layered approach to WordPress security, combining advanced protection mechanisms with an intuitive administrative interface. From real-time monitoring to proactive threat detection and prevention, TotalWeb empowers website administrators to maintain a secure online presence.

Features

1. Login Security

• Login Attempt Tracking: Monitors and logs all login attempts, both successful and failed, including IP addresses and usernames.
• Two-Factor Authentication (2FA): Enhances login security using TOTP-based 2FA with WooCommerce support.
• IP and User Lockouts: Automatically locks IP addresses and users after a configurable number of failed login attempts.
• Login Log Management: View, filter, bulk delete, and export login attempt logs to CSV.

2. CAPTCHA Integration

• Multi-form CAPTCHA Protection: Adds CAPTCHA to:
  • Login Form
  • Registration Form
  • Lost Password Form
  • Reset Password Form
  • Comment Form
  • WooCommerce Forms
• Supported CAPTCHA Types: reCAPTCHA v2, reCAPTCHA v3, hCaptcha, and Math CAPTCHA.
• Contact Form 7 Integration: Seamlessly injects CAPTCHA into CF7 forms.

3. File and Database Security

• Comprehensive File Scanning: Scans core files, plugins, and themes for modifications, new files, and deletions.
• Scheduled & On-Demand Scans: Run daily scheduled scans or manual scans anytime.
• Customizable Monitoring: Configure file types, exclusions, and email alerts.
• REST API Integration: Initiate scans and check status programmatically.
• MD5 Hash Verification: Detects unauthorized file changes.
• Database Backup & Restore: Perform manual or automated backups and restore previous versions.
• Database Prefix Change: Enhances security by changing the WP database prefix.
• SQL Injection Protection: Blocks suspicious queries and monitors DB activity.
• Query Monitoring: Detects and blocks suspicious SQL patterns.
• WordPress Hardening: Disable insecure WP features such as:
  • File Editor
  • Unfiltered HTML (non-admins)
  • XML-RPC
  • Force SSL
  • Hide WP version
  • Block PHP execution in uploads
  • Block dangerous file types
  • Protect sensitive files (e.g., wp-config.php, .htaccess)
• REST API Controls: Manage security settings and logs via API.

4. Malware Scanner

• Malicious Code Detection: Scans core, themes, plugins, and uploads for malware signatures.
• Manual & Scheduled Scans: Flexible scanning options.
• Issue Tracking: Detects modified, missing, unknown, and infected files.
• Email Reports: Sends alerts when malware is detected.

5. Firewall

• Web Application Firewall (WAF): Supports custom regex rules and ModSecurity CRS patterns.
• IP Blacklist/Whitelist: Block malicious IPs or allow trusted ones.
• Geo-Blocking: Restrict access by country.
• Rate Limiting & DDoS Protection: Limits requests per IP.
• Comment Spam IP Monitoring: Auto-blocks frequent spam IPs.
• Bad Bot Protection: Blocks known scrapers and bots.
• Smart 404 Blocking: Blocks IPs generating excessive 404 errors.
• General Firewall Options:
  • Disable RSS/ATOM feeds
  • Block proxy comment submissions
  • Advanced string filtering
  • Enable 6G Firewall rules
  • Block unauthorized REST requests
  • Block blank user-agent or referrer POST requests

6. Redirects

• Custom 301 Redirects: Manage permanent redirect rules.
• Admin Interface: Add, edit, and delete redirects easily.
• URL Validation: Prevents duplicates and formatting issues.

7. Security Hardening

• HTTP Security Headers: Configure:
  • HSTS
  • X-Frame-Options
  • Content Security Policy (CSP)
  • Referrer-Policy
• Role-Based Access Restrictions: Limit access to specific plugin features.
• One-Click Setup Wizard: Apply recommended hardening automatically.

8. Audit Logging

• Logs:
  • Logins (success/failure)
  • User profile changes
  • Role/capability changes
  • Plugin/theme activation/deactivation/updates
  • Theme switches
• Daily summaries.
• Email alerts for important events.
• Dashboard widget with recent events.
• REST API access to logs.