Описание

Webtaru Site Options and Login Security is a comprehensive toolkit for WordPress administrators to manage essential site information, business hours, and visual branding, while simultaneously hardening your site’s security by allowing you to change the default login URL and add CAPTCHA protection.

Features

Security & Privacy

Secure Login Customization: Change your WordPress login URL to a custom slug to prevent brute-force attacks. Includes a secret key cache-bypass query string for cached environments.
CAPTCHA Integration: Support for Google reCAPTCHA v3 and Cloudflare Turnstile to protect your login forms.
Login Attempt Limiter: Prevent brute-force attacks by limiting failed login attempts. Unlock locked-out IPs directly from the dashboard.
Email-Based 2FA: Intercept logins and require verification codes sent via email for administrators or selected roles.
Inactivity Auto-Logout: Monitor idle times and automatically log out inactive users with an elegant countdown warning overlay.
Login Email Alerts: Receive instant email notifications with user, IP, User Agent, Time, and Site URL upon successful logins.
Advanced XSS Protection: Add basic or advanced security headers to protect your site from script injections.
Basic Security Firewall: Automatically block common malicious query strings, SQL injections, and malware patterns.
REST API Restriction: Restrict WP REST API access for unauthorized users to prevent data enumeration.
Disable Common Usernames: Prevent user registration and logins for weak usernames like «admin» to harden security.
Site Hardening: Restrict author archives to prevent username enumeration and improve overall site safety.
Disable XML-RPC: Disable XML-RPC requests to protect against DDoS and external credential verification exploits.
Content Protection: Protect your content by disabling Right-Click, Text Selection, and Copy-Paste globally.

UI & UX Enhancements

Admin Bar Zen Mode: Instantly declutter the admin bar by removing distracting logos, comments, updates, and notices.
Admin Bar Cleanup: Declutter your dashboard by selectively hiding top-level and third-party admin bar nodes.
Dashboard Widgets: Agency-ready dashboard widget showcasing customized business contact and operational details.
Sticky WhatsApp Button: Add a floating WhatsApp contact bubble with customizable placement, numbers, display conditions, and greeting messages.
Sticky Vertical Button: Add a customizable floating side button (e.g. for Feedback or Contact) with customizable styles, IDs, and positions.
Mobile Navigation Bar: Add fixed bottom action navigation buttons specifically optimized for mobile visitors.
Back to Top Button: Smooth scrolling back-to-top button with customizable background/icon colors, shapes, and sizes.
Smooth Inertia Scrolling: Enable customizable fluid mousewheel scrolling speeds and smoothness globally.

Identity & Branding

Logo Management: Manage separate Light and Dark versions of your website logo, and support custom SVG uploads.
Login Page Aesthetics: Completely customize the login page with a custom logo, background image, styling overrides, and a custom error message.
Contact & Social Info: Centralized control of primary and secondary phone numbers, email addresses, fax, maps, and social profiles.
Agency Mode / White-Labeling: White-label the plugin for your clients by renaming the menu page and hiding the default brand icon.

SEO & Communication

Business Hours Scheduler: Manage daily business hours and display them dynamically with «Open/Closed» indicator shortcodes.
Schema.org JSON-LD: Automatically generate local SEO-optimized LocalBusiness Schema JSON-LD markup based on your options.
SMTP Integration: Route all outgoing WordPress emails through a secure SMTP configuration (host, port, security, authorization) and test it with a built-in email tool.
Maintenance Mode: Toggle a professional maintenance page with custom headings, messages, SVG status cogs, contact details, and bypass cookies.
Auto-Alt Text: Automatically fill missing image Alt tags with image titles for improved image search SEO.

Content & Media Management

AJAX Media Replacement: Overwrite and replace media files directly from the attachment details panel or list view while preserving the original URLs and file names.
Post & Page Duplicator: Clone or duplicate posts, pages, or custom post types in one click from dashboard list tables.
Duplicate Menu: Duplicate navigation menus with a single click in the WordPress Menu Editor screen.
External Links Control: Force all external links in post content to open in a new tab (target="_blank") automatically.
Shortcodes & Page Builder Widgets: Built-in Elementor Widget and WPBakery Page Builder element for drag-and-drop dynamic contact info placement.

Admin Workflow & Optimizations

Gutenberg Editor Control: Disable the Gutenberg Block Editor and easily restore the classic visual/text editor interface.
Disable Comments Sitewide: Disable commenting features and references sitewide for posts, pages, and media attachment files.
Disable Theme/Plugin File Editor: Turn off the default theme and plugin editor to protect source code from unauthorized modifications.
Hide Admin Sidebar Menus: Hide specific sidebar menus for non-administrators or standard users.
One-Click Cache Flushing: Flush cache across WP Rocket, LiteSpeed Cache, SG Optimizer, and WP Engine on settings save.
Remove Query Strings: Remove version query strings (?ver=) from CSS and JS files for improved page speed scores.
Copyright Year Shortcode: [wtols_copyright] shortcode that automatically displays and updates the current calendar year.
Custom CSS & JS Injector: Inject custom scripts/styles in the header/footer of front-end pages.
404 Redirection: Redirect all 404 Not Found errors to the home page with temporary 302 redirects to preserve SEO rankings.

Database & Redirection Manager

301/302 Redirect Manager: Create, update, and bulk-delete custom source-to-target URL redirects. Supports importing and exporting redirects via JSON.
Database Optimization: Run database cleanup tasks to purge revisions, drafts, transients, and orphan metadata.
Backup & Restore settings: Export your site options configuration as a JSON file and restore it on any site.

External services

This plugin supports the following third-party services to enhance site security:

Google reCAPTCHA (v3): Used to protect the login form from automated bot attacks.
- Service: Google reCAPTCHA
- Usage: Verification of human users during login.
- Data Sent: User’s IP address and browser interaction signals.
- Privacy Policy: https://policies.google.com/privacy
- Terms of Service: https://policies.google.com/terms
Cloudflare Turnstile: A privacy-focused alternative to CAPTCHA for protecting login forms.
- Service: Cloudflare Turnstile
- Usage: Verification of human users during login.
- Data Sent: Browser and device telemetry.
- Privacy Policy: https://www.cloudflare.com/privacypolicy/
- Terms of Service: https://www.cloudflare.com/website-terms/

Shortcodes

[wtols_phone] — Display primary phone.
[wtols_email] — Display primary email.
[wtols_address] — Display business address.
[wtols_logo] — Display light/dark logo.
[wtols_map] — Display embedded map.
[wtols_social_links] — Display social icons.
[wtols_hours] — Display business hours or open/closed status.
[wtols_contact_card] — Display a complete contact info block.

Скриншоты

Dashboard overview and contact details.
Floating widgets
Login protection and brute force settings.
Workflow Utilities have disable Gutenberg, comment etc.
System and backup options.

Установка

Upload the webtaru-site-options-login-security folder to the /wp-content/plugins/ directory.
Activate the plugin through the ‘Plugins’ menu in WordPress.
Navigate to Webtaru Site Options in your admin menu to configure settings.

Отзывы

rajeshboora 12.05.2026

This is best plugin for those who needs security, login captcha, duplicate page and post and many options in one plugin. You can update phone, mobile number and email from dashboard. It saves your time. Enjoying it!

chiragrohilla 08.05.2026

I’ve been using the WebTaru Site Options & Login Security plugin for a while now, and it has significantly improved my site’s security. The ability to hide the login page and restrict access is a game changer for preventing brute force attacks. It’s very lightweight and doesn’t slow down the site. The interface is user friendly, making it easy to configure even for beginners. Highly recommended for anyone looking to add an extra layer of protection to their WordPress site!

sharmahsr 08.05.2026

I have installed plugin in my website, and found that plugin have many useful features which are daily needs. Login page url change is my one of favourite because it protects website login page from unwanted spammers. Many other features like disabled comments, CTA buttons, deactivate gutenberg, login captcha, duplicate page and post many mores. Love it!

Посмотреть все 3 отзыва

Участники и разработчики

«Webtaru Site Options and Login Security» — проект с открытым исходным кодом. В развитие плагина внесли свой вклад следующие участники:

Aaditya Sharma

Перевести «Webtaru Site Options and Login Security» на ваш язык.

Заинтересованы в разработке?

Посмотрите код, проверьте SVN репозиторий, или подпишитесь на журнал разработки по RSS.

Журнал изменений

2.9

NEW: Updated version to 2.9.
IMPROVED: Expanded and updated readme files with comprehensive documentation for all plugin features, including WPBakery/Elementor integrations, 2FA, auto-logout, and caching bypasses.
IMPROVED: Finalized packaging optimizations and cleanups.

2.8.1

FIX: Changed 404 redirect type from 301 (Permanent) to 302 (Temporary) to prevent browser caching.
FIX: Added programmatic cache-bypass integrations for WP Rocket, LiteSpeed Cache, SG Optimizer, and WP Engine on the custom login page.
NEW: Added Login Secret Key (Cache-Proof) query parameter method as a robust caching-immune alternative.
NEW: Added Caching Instructions Notice in the login settings UI.
NEW: Added custom dynamic menu login URL redirect to support front-end login pages (like WooCommerce /my-account/) without exposing the secret admin login URL.
IMPROVED: Removed global URL filters to prevent conflicts with WooCommerce and multi-user front-end login flows.

2.8.0

NEW: Redesigned Maintenance Mode with a premium dark gradient theme, glowing ambient indicators, rotating SVG status cogs, and active social/phone contact options.
NEW: Inactivity Auto Logout feature that monitors idle time across front/back end, triggers warning countdown modal overlays, and safely redirects to the login screen with a custom notice.

2.7.0

NEW: Heartbeat Control (optimize interval and selectively disable on Frontend, Dashboard, or Editor).
NEW: Email-based 2FA (high-level verification code for custom roles on login).
NEW: Instant Page Prefetching (lightweight, hover-delayed client-side prefetching).
NEW: Maintenance Mode Bypass Key (secure cookie and clean redirection to bypass maintenance screen).
FIX: Removed default WordPress checkmark overlay on custom on/off toggles.
UPDATED: Fully tested up to WordPress 7.0 and PHP 8.2+.
IMPROVED: Codebase sanitation and late-stage escaping audit.

2.6.0

IMPROVED: Full security audit with late-stage escaping for all outputs.
IMPROVED: Enhanced input sanitization for better data integrity.
IMPROVED: PHP 8.2 compatibility fixes.
UPDATED: Tested up to WordPress 6.9.
UPDATED: Plugin tags for better repository visibility.
New: Content Protection (Disable Right-Click, Selection, and Copy-Paste).
New: Auto-Alt Text for missing image Alt tags.
New: Duplicate Menu functionality in the menu editor.
New: Remove Query Strings (?ver=) for improved caching and speed scores.
New: [wtols_copyright] shortcode for automatic copyright year updates.
New: Login Email Alerts with custom email recipient and Site URL support.
New: Basic Security Firewall and REST API Restriction for unauthorized users.
New: Admin Bar Zen Mode for a distraction-free experience.
Improved: Login alert now uses site-configured time format and provides tracking links.

2.5.0

New: Advanced XSS Protection (Basic & Advanced modes).
New: Disable Common Usernames feature with admin dashboard notification.
New: Smooth Scrolling (Fluid Mousewheel) enhancement.
Fix: Sticky Header layout overlap with WordPress admin sidebar.
Fix: Removed incorrect references to SVG Support and Robots.txt Editor.

2.4.0

NEW: Professional Media Replacement module with AJAX upload.
NEW: Full SMTP mail delivery integration with test email capability.
NEW: Admin Bar Cleanup feature to declutter the top admin bar.
IMPROVED: Security hardening and output escaping for WordPress.org compliance.
IMPROVED: Broadened detection for third-party Admin Bar nodes (Forms, Elementor, etc.).
FIXED: Capturing of raw HTML in Admin Bar node titles.
REMOVED: Prohibited update-blocking features for repository standards.

2.3.0

NEW: SVG file upload support with strict XML tag sanitization.
NEW: Maintenance Mode admin bar indicator and search engine visibility alerts.
NEW: Advanced redirect controls (404 to Homepage, Custom Login/Logout redirects).
NEW: «Disable Author Archives» for better security and SEO.
NEW: Automated conditional Log In/Log Out menu items.
NEW: «Open External Links in New Tab» post content filter.
NEW: Admin functionality to manage and overwrite robots.txt output.
IMPROVED: Login UI CSS constrained logo width and fixed background attachment.
IMPROVED: Direct wp-admin access attempts now seamlessly redirect to the homepage.

2.2.6

Refactored and rebranded as «Webtaru Site Options and Login Security».
REMOVED: Prohibited arbitrary code insertion features.
HARDENED: Security through strict input sanitization and late-stage output escaping.
UPDATED: Documentation to disclose external service usage.

1.0.0

Initial release of the rebranded version.

Great plugin for Designers

Excellent Security and Customization Tool!

Great Plugin for Developers