Title: SecuPress with Simple SSL – Simple and Performant Security Author: SecuPress Published: August 23, 2016 Last modified: April 3, 2026 --- Search plugins ![](https://ps.w.org/secupress/assets/banner-772x250.png?rev=1677677) ![](https://ps.w.org/secupress/assets/icon-256x256.png?rev=1677548) # SecuPress with Simple SSL – Simple and Performant Security By [SecuPress](https://profiles.wordpress.org/secupress/) [Download](https://downloads.wordpress.org/plugin/secupress.2.6.1.zip) * [Details](https://wordpress.org/plugins/secupress/#description) * [Reviews](https://wordpress.org/plugins/secupress/#reviews) * [Installation](https://wordpress.org/plugins/secupress/#installation) * [Development](https://wordpress.org/plugins/secupress/#developers) [Support](https://wordpress.org/support/plugin/secupress/) ## Description #### Test it now! You can [test SecuPress Free now](https://demo.tastewp.com/secupress/). #### YOU MADE IT, WE KEEP IT SAFE! The most advanced WordPress Protection on the market. SecuPress is focused on WordPress attacks and Malwares, not just “usual web protections” like many. Protect your WordPress with malware scans ; block bots & suspicious IPs. Get a complete [WordPress security toolkit](https://secupress.me/) for free or as a pro plugin. SecuPress is GDPR compliant. **What’s the difference between free and pro version?** If you are proactive, our free WordPress security plugin is a great choice! No time to activate weekly scans? Then [SecuPress pro](https://secupress.me/) is the way to go. Our plugin takes care of everything with automated tasks. #### Here are some of our most popular features: * Brute Force Login Protection * Password Spraying Protection * Firewall features * Security alerts (1) * Malware Scanner (1) * Block country by geolocation (1) #### We have included some features you won’t find in most WordPress security plugins: * Protection of Security Keys * Block visits from Bad Bots * Vulnerable Plugins & Themes detection (1) * Security Reports in PDF format (1) You can check out [Frequently Asked Questions](https://secupress.me/faq/) or get in touch with our [support](https://secupress.me/support/). Want to know all about SecuPress? You can read our documentation here: [docs.secupress.me](https://docs.secupress.me). **How will you know it works?** Well, we have a dedicated security scanner that will give you a clear security grade and report for your website. This way, you’ll know exactly what to fix. #### WordPress Features **Security Audit** SecuPress is the only plugin with a full scanner able to fix the issues for you. And when it requires a decision from you, it will ask you before proceeding. With this feature, you can check 35 security points in 5 minutes and let us take care of the rest. Once done, you get a security grade that gives you a clear idea of what your security level is. You can export this analysis in PDF format to share with others (clients or colleagues) (1). **Users & Login** This feature is the easiest way to make sure your users’ data is protected and to keep their accounts from being compromised. With this feature you can limit the number of bad login attempts, ban non-existing usernames login attempts and set a non-login time slot. SecuPress also makes sure you control the sessions of your users. SecuPress also adds a [2FA](https://secupress.me/blog/two-factor-authentication/)( Two Factor Authentication) because it’s almost a mandatory feature when it comes to WordPress security! The plugin also gives you greater user and password control as you can set: * Password lifetimes for your users. * Enforce strong password use. * Forbid the use of vague usernames like www or admin. Tired of bots finding your WordPress login page? Finally, don’t let bots find your login page, just move it with the famous Move Login plugin, now included in SecuPress. **Plugins and Themes** SecuPress helps you detect themes and plugins that are vulnerable or that have been tampered with to include malicious code. If you install one of these, your security module will send out an email alert and give you a warning in WordPress. SecuPress takes security further by limiting plugin activation, deactivation, installation and removal in your production (live) website. Plugin and theme uploads via .zip files will be on lockdown as well to block off this easy hacking route. **WordPress Core** SecuPress reinforces the WordPress Core to keep it safe. The security plugin optimizes what’s under the hood to secure the config file by setting the proper parameters. **Sensitive Data** SecuPress secures content in many ways: * The plugin secures WordPress Endpoints and APIs by blocking bad requests for XML-RPC or REST API. * It blocks bad bots with its Robots Blackhole feature. * It provides an anti-hotlink feature to preserve your bandwidth. * The plugin packs 7 anti-disclose security modules to make sure no precious information is available to hackers in your PHP or WordPress itself. * Profile and SecuPress settings pages are password protected to keep sensitive information away from prying eyes. **Firewall** * SecuPress is one of the most efficient WordPress bouncer you’ll ever see! * The plugin blocks malicious incoming requests. * It blocks bad User Agents (no bad crawlers allowed). * Bad requests methods also get the boot in a single click. * URLs are kept in check: no bad URL contents. * SQL injection scanners are kept out as well. * Brute force attempts are stopped in their tracks. * GeoIP Blocking by country gives you more control over your traffic. **Malware Scan** SecuPress has a unique malware scan developed by our security experts. It hunts down bad files and provides you with an easy step-by-step report that lets you take action. It looks into: * Bad files in your FTP. * Your uploads folder for dangerous files. * Potential phishing attempts via `index.php` loads. **Backups** We know firsthand how painful it is to pick up the pieces after an attack damages your WordPress. SecuPress preserves your data to help you avoid lost content or settings if your website comes under attack. The plugin backs up your database and files and lets you download them to guarantee you peace of mind. **Anti Spam** Did you know that 60% of the traffic on the Internet is generated by bots? Most of them happen to be spam bots. We developed our own anti-spam system that works quietly in the background. Just activate it and enjoy a spam free experience. **Alerts** Alerts are an essential tool when your website is under attack. When something important happens on your website, SecuPress will send you an alert via email. We’re working on alerts via SMS, Slack & Twitter as well. You also receive a daily report that provides a debrief of the attempted attack and all the activities blocked by SecuPress. **Scheduled Security Tasks** SecuPress can run 3 separate scheduled tasks for you. It’s like having a security patrol on your WordPress. **Scheduled Scanner:** SecuPress scans your website to detect any issues. After the scan is complete, you get a report in your inbox outlining any actions you have to take to protect your website. **Scheduled Backup:** our team knows that everyone at one time or another forgets to back things up. We made it an automatic task to help ensure you always can recover from an attack with your content safe. **Scheduled Malware Scan:** this security feature scans your website at regular intervals to hunt down any malware that may have gotten into your WordPress. **Logs** SecuPress will keep a log of important security activities and 404 pages triggered by users, bots or even Chuck Norris. This lets you keep an eye on what’s going on in your WordPress at any time. You can also control banned IPs from this option. _(1) Available in the [Pro Version](https://secupress.me/features/)._ _(SecuPress est une extension de sécurité WordPress française)_ ### TODO Create a trust score for each non WP file and displays it Create a “suspicious” status for alerts Revamp alerts Revamp logs Add http logs PHP 8.O min replace %s by ###USERNAME### in emails .htaccess scanner login rest disclose scanner move EDD updater+white label into a mu to allow upgrade+rollback even with plugin deactivated give possibility to rename logins target=”_blank” on doc links AI Scanner Improve malware scanner, again ## Screenshots * [[ * All modules from SecuPress * [[ * A module page (here is Users & Login) * [[ * The first scan * [[ * The 1st step: result of the scan * [[ * The 2nd step: choose what to automatically fix (1) * [[ * SecuPress is now fixing issues for you (1) * [[ * The 3rd step: manual fix, when you have to decide something * [[ * The 4th step: final report, you can export it as PDF (1) ## Installation _It’s important to delete all other security plugins before activating SecuPress._ 1. Upload the plugin files to the `/wp-content/plugins/secupress` directory, or install the plugin through the WordPress plugins screen directly. 2. Activate the plugin through the ‘Plugins’ screen in WordPress. 3. Use the SecuPress->Settings screen to configure the plugin. ## FAQ ### What does SecuPress do, exactly? SecuPress is a plugin for WordPress sites which enables better security without sacrificing usability. It’s easy to use for you and hard to hack for pirates. First, SecuPress will scan your site, looking for vulnerabilities and provide a report detailing how to harden your WordPress. The majority of recommendations are easy to implement by checking a box; very few will require a manual setup. ### What makes SecuPress better than any other security plugin? SecuPress protects your website on multiple fronts: anti spam, double authentication. The best feature for users remains how easy to use this plugin is. You don’t need to be an experienced technician to use and secure your WordPress like an expert! Our security alarms hosted on our servers supply daily data about the most recent vulnerable plugins and themes. This allows you to always be aware and safe. ### Is SecuPress compatible with multisites installation? Yes, SecuPress can be activated for all your sub-sites, just activate it from your main network site. ### Is SecuPress compatible with all web hosters? Yes, SecuPress is compatible with all web hosters like o2switch, OVH, Siteground, BlueHost, PlanetHoster, WP Engine or GoDaddy? If you encounter an issue, do not hesitate to contact our support team. ### Is SecuPress compatible with all caching plugins like WP Rocket, WP Fastest Cache, W3 Total Cache, WP Super Cache? Yes, SecuPress is compatible with all WordPress caching plugins. If you encounter an issue, do not hesitate to contact our support team. ### Is SecuPress compatible with all multilingual plugins like WeGlot, PolyLang, WPML, qTranslate? Yes, SecuPress is compatible with all multilingual WordPress plugins. If you have an issue, please get in touch with us and let us know! ### Is SecuPress compatible with all server engines like Apache, Nginx, IIS7? Yes, SecuPress is compatible with all server engines. If you encounter an issue, do not hesitate to contact our support team. ### Is SecuPress compatible with other security plugins like WordFence, Solid Security (iThemes Security), Really Simple SSL Security, Bullet Proof Security, Sucuri Security? The answer is no. SecuPress is not compatible with another security plugin. Just like two caching plugins do not make your website faster, two security plugins do not make your WordPress more secure. Security rules tend to be overwritten or conflict with other rules if two security plugins are installed. This can cause errors on your website and is not recommended. ## Reviews ![](https://secure.gravatar.com/avatar/921acfeb37b129abb6870999690649bc398c2cbb714c0a4a6ec4a2ec8886253e? s=60&d=retro&r=g) ### 󠀁[Était Sans doute le meilleur plugin de sécurité](https://wordpress.org/support/topic/sans-doute-le-meilleur-plugin-de-securite/)󠁿 [agenceneoh](https://profiles.wordpress.org/agenceneoh/) March 5, 2026 Je suis obligé de revoir radicalement l’avis que j’avais laissé au sujet de Sécupress il y a bientôt 10 ans. Nous avons fait l’erreur de prendre une licence illimitée, qui était parfaite tant que le plugin était à peu près maintenu et performant. Or depuis la version 2.3 et les suivantes, c’est la cata : chaque version corrige les bugs de la précédente tout en en rajoutant d’autres, ce qui ne change rien à l’apparente auto satisfaction de Julio Potier, qui a poussé la notion de support client aux limites du réel. Soit il ne répond rien, soit il vous informe qu’il a été piraté( sic, et super rassurant pour un mec sensé assurer la sécurité de tes sites), soit on a droit à des réponses “lunaires”, qui n’aident en rien à résoudre les soucis concrets. Et des soucis, il y en a : Les licenses qui sautent aléatoirement : c’est amusant quand on gère seulement quelques sites, beaucoup moins quand on doit réinstaller les licences une par une sur près d’une centaine de back office. C’était arrivé en mars 2023, rebelote en mars 2026, je ne me suis même plus donné la peine d’envoyer une requête au support, sachant que la fois précédente, la réponse avait été “Normalement ça ne doit pas arriver, bon, ça arrive…” ou encore “En fait, il est déjà arrivé qu’une clé saute, sans jamais qu’on sache pourquoi, bon, ça passe…” et quand j’ai demandé un geste commercial pour compenser la perte de temps et d’énergie à résoudre un souci que nous n’avions pas causé : “c’est une opération rapide site par site, que vous n’avez pas de suite le besoin de toute remettre rapidement, ou alors votre planning est déjà tellement mal géré que le moindre écrat et tout tombe ? wow…” suivi de : “Un geste commercial, on va dire que vous gardez votre abonnement “illimité” sans supporter les nouveaux tarifs depuis les dernières années !” > juste TOP ! Ce à quoi j’avais répondu le message suivant : ” Bonjour Julio J’ai rarement lu un tel mélange de désinvolture et de manque de considération, tout cela dans le contexte d’un bug pour lequel votre responsabilité est complètement engagée. Permettez- moi de conserver votre dernier message : nous allons l’afficher à l’agence (si, si!) histoire de montrer à nos collaborateurs un modèle de bonne pratique en matière de service client, c’est édifiant. Il est vrai que nous adorons passer des heures à remettre des licences dans le back office de nos sites clients, d’une part parce que ça nous occupe (malgré nos plannings mal gérés, il reste toujours un peu de temps à perdre) ; d’autre part parce que si ça peut permettre à nos prestataires de dormir sur leurs deux oreilles en pensant que tout est parfait à leur niveau, une telle satisfaction n’a pas de prix. Du coup, la perspective d’ajouter une centaine de constantes dans les fichiers wp-config nous avait également bien tenté, mais nous allons passer notre tour, certains que si le problème se reproduit, nous aurons un retour hyper professionnel du style “bah ça n’aurait pas dû arriver mais bon ça arrive”… Heureusement que vous n’êtes pas chirurgien “bah un infarctus, ça devrait pas arriver après une transplantation mais bon, c’est le patient aussi, quelle idée d’essayer de courir”, ou plombier “Bah une fuite ça arrive, on a mis un nouveau joint mais par précaution je vous conseille de laisser une bassine en permanence sous le bouchon de vidange”… Bref que du bonheur. Excellente fin de journée à vous également et merci pour le fou rire.” Autre point “sympa” : depuis des mois, impossible de supprimer un site depuis mon espace client, donc si je veux empêcher un ancien client d’utiliser ma licence Secupress, c’est impossible. On continue les réjouissances: n’ayant pas reçu de réponse à un mail datant de juin 2025, je me permet d’envoyer de nouveau un message en… octobre 2025 car je ne trouve plus la trace de l’historique de mes transactions dans mon back office… j’attends encore une réponse et une solution sur ce point à l’heure où je tape ces lignes, le site secupress.me est de nouveau en erreur 503, c’était déjà le cas la semaine dernière pendant plusieurs jours d’affilée… J’espère de tout coeur qu’il ne se soit pas fait pirater et surtout que nos comptes clients sont toujours en sécurité, mais je ne sais plus quoi penser… En tout cas je ne peux plus décemment conseiller ce plugin, en tout cas dans les conditions actuelles de fonctionnement. ![](https://secure.gravatar.com/avatar/6f618f9af2368d9eb402c4b72a4b2486819a27160a23737ba5a93290681b4aa1? s=60&d=retro&r=g) ### 󠀁[Bug critique depuis la version 2.6 + problème de licence](https://wordpress.org/support/topic/bug-critique-depuis-la-version-2-6-probleme-de-licence/)󠁿 [Mickael Maury](https://profiles.wordpress.org/mickaelmaury/) March 4, 2026 3 replies J’utilise SecuPress Pro sur plusieurs sites clients via une licence 25 sites. Depuis la mise à jour vers SecuPress Pro 2.6, plusieurs sites rencontrent des erreurs fatales liées aux processus en arrière-plan : Call to undefined method SecuPress_Background_Process_File_Monitoring:: is_processing() ou Call to undefined method SecuPress_Background_Process_Bad_Plugins:: is_processing() Ces erreurs apparaissent : via WP-Cron lors de l’accès au module File Monitoring parfois directement dans l’administration Les environnements sont différents (hébergeurs, thèmes, PHP 8.2 / 8.3), ce qui laisse penser à un bug introduit dans la version 2.6. Autre problème : plusieurs sites perdent aléatoirement la licence premium et basculent en version gratuite alors qu’ils sont toujours listés comme actifs. Ticket support envoyé, relance, toujours sans réponse à ce jour. Dommage car le plugin est intéressant sur le principe, mais pour un usage professionnel avec plusieurs sites clients, l’absence de réponse du support est problématique. ![](https://secure.gravatar.com/avatar/fbcb3822da751070b6b328256ba0505e8d64d91869ae9c776279466c8d8ec537? s=60&d=retro&r=g) ### 󠀁[Plugin impeccable, support absent](https://wordpress.org/support/topic/plugin-impeccable-support-absent/)󠁿 [luciemarceline](https://profiles.wordpress.org/luciemarceline/) February 7, 2026 J’utilise SecuPress depuis 2 ans, avec une licence pro depuis un an. Ma licence vient d’être renouvelée et ne fonctionne plus pour les nouvelles installations. Par chance, elle fonctionne sur les sites sur lesquelles la licence est déjà activée mais je ne peux plus l’activer sur mes nouveaux sites clients. La seule solution dont je dispose est de repayer une nouvelle licence alors que j’ai des sites disponibles sur l’existante. J’ai contacté plusieurs fois le support par différents moyens, aucun retour. Je suis bien ennuyée de cette situation car j’apprécie ce plugin. ![](https://secure.gravatar.com/avatar/610dedad66abf969b763e8800b00f601d87801d5fc5579d5a09dff144013c8e8? s=60&d=retro&r=g) ### 󠀁[Trop de bugs ces derniers temps](https://wordpress.org/support/topic/trop-de-bugs-ces-derniers-temps/)󠁿 [Jonathan Webpixelia](https://profiles.wordpress.org/marocweb/) May 24, 2025 Jusqu’à présent, je l’installais sur tous mes sites mais ces derniers temps, trop de bugs et des mises à jour toutes les semaines. La version 2.3.16.1 m’a fait perdre une matinée entière pour downgrader à la version 2.3.15 et cerise sur le gateau j’ai du reconfiguré chaque site. Déçu.. J’espère que l’avenir me fera revenir sur cet avis, en attendant je vais surement me diriger vers une autre solution. ![](https://secure.gravatar.com/avatar/3acd9e70c39ea5cc3d6047faa5f51d694942aca686e41d07ee0a8d2c574a4405? s=60&d=retro&r=g) ### 󠀁[Good plugin and dev support](https://wordpress.org/support/topic/good-plugin-and-dev-support/)󠁿 [Joffrey Nicoloff](https://profiles.wordpress.org/agent3w/) March 7, 2025 Great for protecting your website in a few clicks. Very easy to set up. The developer responded and acted very quickly when a problem occurred. You can trust him. As an improvement, I would have appreciated that some options were automatically active by default such as: Use a connection attempt blocker Connection errors Prohibit account enumeration Forbidden identifiers Disable all XML-RPC features Directory Listing PHP disclosure PHP version disclosure WordPress version disclosure Access to bad URLs Protection of readme files and other sensitive files Extension version disclosure ![](https://secure.gravatar.com/avatar/7c6eb408b3e63de3019d380c8bddda98ecb71f86793fcf3c01dc0ddb81919361? s=60&d=retro&r=g) ### 󠀁[Be Aware](https://wordpress.org/support/topic/be-aware-19/)󠁿 [cencaldave](https://profiles.wordpress.org/cencaldave/) January 29, 2025 Customer service and communications when a negative situation is present is a pure zero from my experience. I had an automatic renewal take place that I believed was cancelled and have been trying to over 2 weeks to get a response or engage with the owner of this plugin. Zip, zero, nada. Has my dollars in his account and now seems to consider this a ethical source of income. Just be careful. Also, the plugin was way to much of a problem when I did try to use it. Many better options. And considering the business model that seems to be focused on income over all else, better options may be better. [ Read all 108 reviews ](https://wordpress.org/support/plugin/secupress/reviews/) ## Contributors & Developers “SecuPress with Simple SSL – Simple and Performant Security” is open source software. The following people have contributed to this plugin. Contributors * [ SecuPress ](https://profiles.wordpress.org/secupress/) * [ Julio Potier ](https://profiles.wordpress.org/juliobox/) * [ Grégory Viguier ](https://profiles.wordpress.org/greglone/) * [ superment ](https://profiles.wordpress.org/superment/) “SecuPress with Simple SSL – Simple and Performant Security” has been translated into 3 locales. Thank you to [the translators](https://translate.wordpress.org/projects/wp-plugins/secupress/contributors) for their contributions. [Translate “SecuPress with Simple SSL – Simple and Performant Security” into your language.](https://translate.wordpress.org/projects/wp-plugins/secupress) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/secupress/), check out the [SVN repository](https://plugins.svn.wordpress.org/secupress/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/secupress/) by [RSS](https://plugins.trac.wordpress.org/log/secupress/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 2.6.1 * 03 April 2026 * Improvement: Remove the ping on google.com, set it to secupress.me. * Improvement: Refactored the database scan logic in SecuPress_File_Monitoring to use background processing for scanning posts, options, and custom post types for malware patterns. Better perf, quicker scans incoming on big sites. * Fix: (again) Possible fatal error “Call to undefined method SecuPress_Background_Process_Bad_Plugins:: is_processing()” if WooCommerce is installed since THEY include the obsolete version of the async lib before us… * Fix: Warning notice when saving captcha style. * Fix: Re-add the “monthly” index for cron schedules. * Fix: Do not unvalidate passwordless email on plugin deactivation or licence deconnection * Fix: Remove the usage of shell_exec() and `host $ip` that can overconsume resources on your host, bringing down your site (even if this was in SecuPress since 8 years, only now this cause an issue) ## Commercial plugin This plugin is free but offers additional paid commercial upgrades or support. [View support](https://secupress.me/support/) ## Meta * Version **2.6.1** * Last updated **2 weeks ago** * Active installations **40,000+** * WordPress version ** 5.4 or higher ** * Tested up to **6.9.4** * PHP version ** 7.0 or higher ** * Languages * [English (US)](https://wordpress.org/plugins/secupress/), [French (France)](https://fr.wordpress.org/plugins/secupress/), [German](https://de.wordpress.org/plugins/secupress/), and [Spanish (Spain)](https://es.wordpress.org/plugins/secupress/). * [Translate into your language](https://translate.wordpress.org/projects/wp-plugins/secupress) * Tags * [malware](https://wordpress.org/plugins/tags/malware/)[security](https://wordpress.org/plugins/tags/security/) [security plugin](https://wordpress.org/plugins/tags/security-plugin/)[wordpress security](https://wordpress.org/plugins/tags/wordpress-security/) * [Advanced View](https://wordpress.org/plugins/secupress/advanced/) ## Ratings 4.1 out of 5 stars. * [ 75 5-star reviews ](https://wordpress.org/support/plugin/secupress/reviews/?filter=5) * [ 5 4-star reviews ](https://wordpress.org/support/plugin/secupress/reviews/?filter=4) * [ 5 3-star reviews ](https://wordpress.org/support/plugin/secupress/reviews/?filter=3) * [ 5 2-star reviews ](https://wordpress.org/support/plugin/secupress/reviews/?filter=2) * [ 18 1-star reviews ](https://wordpress.org/support/plugin/secupress/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/secupress/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/secupress/reviews/) ## Contributors * [ SecuPress ](https://profiles.wordpress.org/secupress/) * [ Julio Potier ](https://profiles.wordpress.org/juliobox/) * [ Grégory Viguier ](https://profiles.wordpress.org/greglone/) * [ superment ](https://profiles.wordpress.org/superment/) ## Support Issues resolved in last two months: 3 out of 3 [View support forum](https://wordpress.org/support/plugin/secupress/)