Description
Swairish Site Security helps site owners monitor and respond to WordPress security threats from wp-admin.
Free features include:
- Security dashboard with event totals, severity mix, category summaries, and recent events.
- Audit event log with IP address, method, URI, user agent, severity, category, risk score, and context.
- Suspicious HTTP request detection for SQL injection, cross-site scripting, remote code execution, file inclusion, scanner probes, user enumeration, and upload indicators.
- Monitor or block firewall modes with manual IP/CIDR blocklist controls.
- Rate limiting and login brute-force protection.
- Malware and file scanner for suspicious PHP, web-shell indicators, executable uploads, risky permissions, recent executable changes, and WordPress core checksum drift.
- Focused tools for suspicious files, sensitive files, file monitoring, obfuscated PHP, file permissions, core integrity, and quarantine response.
- Quarantine, restore, delete, and selected-finding CSV/JSON export controls.
- Hardening options for XML-RPC, REST API restriction, WordPress version hiding, custom login URL, directory indexing, security headers, author enumeration, and file permission review.
- CAPTCHA protection with a built-in math challenge for WordPress and WooCommerce forms.
- HTML and A4 PDF security reports with site details, settings, recent events, hardening status, and scan summary.
- Evidence backup exports for incident handoff.
- CSV/JSON compliance exports, retention cleanup, pagination, and bulk actions.
Screenshots




Installation
- Upload the plugin ZIP from Plugins > Add New > Upload Plugin.
- Activate Swairish Site Security.
- Open Swairish Site Security in wp-admin.
- Review the dashboard, run a file scan, and adjust firewall/hardening settings.
FAQ
-
Does Swairish Site Security block requests by default?
-
The default security mode is active, but the request firewall starts in monitor mode. You can switch blocking on from the firewall settings.
-
Does the scanner delete files automatically?
-
No. The scanner reports findings. Administrators choose whether to quarantine, restore, delete, or export selected findings.
-
Does CAPTCHA require an external service?
-
No. This directory build uses the built-in math CAPTCHA and does not require an external service.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“Swairish Site Security” is open source software. The following people have contributed to this plugin.
ContributorsTranslate “Swairish Site Security” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
0.4.53
- Preserved real admin screenshot captions in the WordPress.org directory package and excluded listing assets from the plugin ZIP.
0.4.52
- Added real installed-admin screenshots for the WordPress.org listing and product landing page.
0.4.51
- Excluded the standalone Free dashboard presentation band from the WordPress.org package.
0.4.50
- Finalized the standalone Free dashboard presentation band and package validation.
0.4.49
- Kept the standalone Free dashboard banner independent of the Pro license client while preserving the WordPress.org-free build rule.
0.4.48
- Added an optional dashboard presentation band for the standalone Free package.
0.4.47
- Added translator context to the generated free CAPTCHA fallback used in the WordPress.org package.
0.4.46
- Added translator context comments for dynamic security, scan, report, and admin messages in the WordPress.org build.
0.4.45
- Preserved the verified public Plugin URI in the WordPress.org build and added package checks for report assets and metadata.
0.4.44
- Corrected the review build’s public Plugin URI, standalone report asset handling, and file-editor audit validation.
0.4.43
- Renamed the public plugin to Swairish Site Security and requested the swairish-site-security directory slug.
0.4.42
- Completed the Swairish Site Security naming consistency pass across public packages and documentation.
0.4.41
- Rebranded the plugin and WordPress.org distribution as Swairish Site Security.
0.4.40
- Made protected export download verification explicit before request data is read.
0.4.39
- Completed the final WordPress.org package pass for static report assets and protected-download nonce handling.
0.4.38
- Removed remaining hardcoded WordPress content paths from directory-build tools and removed unused paid-interface styling from the WordPress.org package.
0.4.37
- Prepared the WordPress.org distribution for the pending review: a distinctive directory name and slug, packaged static report CSS, protected export storage, authenticated downloads, and uploads-directory quarantine storage.
0.4.36
- Corrected WordPress.org package cleanup for external CAPTCHA setting validation.
0.4.35
- Finalized the math-only CAPTCHA surface for the WordPress.org package.
0.4.34
- Added recursive sanitization for submitted security settings.
0.4.33
- Updated the WordPress.org package builder after translation-loader cleanup.
0.4.32
- Made action nonce verification explicit and hardened read-only request handling for Plugin Check.
0.4.31
- Fixed the free package event-count query and tightened timeline query validation.
0.4.30
- Hardened prepared custom-table queries for the WordPress.org package.
0.4.29
- Fixed the WordPress.org package cleanup for the built-in CAPTCHA settings.
0.4.28
- Hardened the free directory build for WordPress.org Plugin Check compatibility.
0.4.27
- Simplified historical package notes to keep the WordPress.org readme focused on the Free distribution.
0.4.26
0.4.25
- Improved generated Free and WordPress.org package hygiene.
- Fixed WordPress.org dashboard asset loading for the directory package slug.
- Added package validation for excluded commercial classes and routes.
0.4.24
- Improved security event context used by reports and exports.
- Updated package metadata for the current release.
0.4.23
- Improved release packaging and cleanup workflows.
- Kept the Free and WordPress.org ZIPs focused on their documented feature set.
0.4.22
- Cleaned the regular Free ZIP and rebuilt the review-safe distribution.
- Kept the Free ZIP focused on its documented security, reporting, and evidence-export features.
- Rebuilt the WordPress.org package as a review-safe free distribution with matching normal and flat-root ZIP variants.
0.4.21
- Prepared a clean WordPress.org free distribution package.
- Kept dashboard metric icons and the free security scanning, firewall, hardening, CAPTCHA, reporting, and evidence export workflows.
0.4.20
- Added relevant icons to dashboard, SOC, scanner, timeline, and tool metric cards while keeping the existing colored stat shapes.