Title: Swairish Site Security
Author: Swadhin Khan Mohammad Nakib
Published: <strong>July 18, 2026</strong>
Last modified: July 18, 2026

---

Search plugins

![](https://ps.w.org/swairish-site-security/assets/icon-256x256.png?rev=3612905)

# Swairish Site Security

 By [Swadhin Khan Mohammad Nakib](https://profiles.wordpress.org/ssswadhin/)

[Download](https://downloads.wordpress.org/plugin/swairish-site-security.0.4.53.zip)

 * [Details](https://wordpress.org/plugins/swairish-site-security/#description)
 * [Reviews](https://wordpress.org/plugins/swairish-site-security/#reviews)
 *  [Installation](https://wordpress.org/plugins/swairish-site-security/#installation)
 * [Development](https://wordpress.org/plugins/swairish-site-security/#developers)

 [Support](https://wordpress.org/support/plugin/swairish-site-security/)

## Description

Swairish Site Security helps site owners monitor and respond to WordPress security
threats from wp-admin.

Free features include:

 * Security dashboard with event totals, severity mix, category summaries, and recent
   events.
 * Audit event log with IP address, method, URI, user agent, severity, category,
   risk score, and context.
 * Suspicious HTTP request detection for SQL injection, cross-site scripting, remote
   code execution, file inclusion, scanner probes, user enumeration, and upload 
   indicators.
 * Monitor or block firewall modes with manual IP/CIDR blocklist controls.
 * Rate limiting and login brute-force protection.
 * Malware and file scanner for suspicious PHP, web-shell indicators, executable
   uploads, risky permissions, recent executable changes, and WordPress core checksum
   drift.
 * Focused tools for suspicious files, sensitive files, file monitoring, obfuscated
   PHP, file permissions, core integrity, and quarantine response.
 * Quarantine, restore, delete, and selected-finding CSV/JSON export controls.
 * Hardening options for XML-RPC, REST API restriction, WordPress version hiding,
   custom login URL, directory indexing, security headers, author enumeration, and
   file permission review.
 * CAPTCHA protection with a built-in math challenge for WordPress and WooCommerce
   forms.
 * HTML and A4 PDF security reports with site details, settings, recent events, 
   hardening status, and scan summary.
 * Evidence backup exports for incident handoff.
 * CSV/JSON compliance exports, retention cleanup, pagination, and bulk actions.

## Screenshots

[⌊Security overview with monitored event counts, severity mix, top categories, and
active response status.⌉⌊Security overview with monitored event counts, severity
mix, top categories, and active response status.⌉[

Security overview with monitored event counts, severity mix, top categories, and
active response status.

[⌊SOC dashboard with security mode, live event stream, severity and category summaries,
and session correlation.⌉⌊SOC dashboard with security mode, live event stream, severity
and category summaries, and session correlation.⌉[

SOC dashboard with security mode, live event stream, severity and category summaries,
and session correlation.

[⌊WordPress hardening controls for login URL, XML-RPC, REST API, directory indexing,
headers, and file permissions.⌉⌊WordPress hardening controls for login URL, XML-
RPC, REST API, directory indexing, headers, and file permissions.⌉[

WordPress hardening controls for login URL, XML-RPC, REST API, directory indexing,
headers, and file permissions.

[⌊Reports and evidence backups with HTML, A4 PDF, and protected download controls.⌉⌊
Reports and evidence backups with HTML, A4 PDF, and protected download controls.⌉[

Reports and evidence backups with HTML, A4 PDF, and protected download controls.

## Installation

 1. Upload the plugin ZIP from Plugins > Add New > Upload Plugin.
 2. Activate Swairish Site Security.
 3. Open Swairish Site Security in wp-admin.
 4. Review the dashboard, run a file scan, and adjust firewall/hardening settings.

## FAQ

### Does Swairish Site Security block requests by default?

The default security mode is active, but the request firewall starts in monitor 
mode. You can switch blocking on from the firewall settings.

### Does the scanner delete files automatically?

No. The scanner reports findings. Administrators choose whether to quarantine, restore,
delete, or export selected findings.

### Does CAPTCHA require an external service?

No. This directory build uses the built-in math CAPTCHA and does not require an 
external service.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“Swairish Site Security” is open source software. The following people have contributed
to this plugin.

Contributors

 *   [ Swadhin Khan Mohammad Nakib ](https://profiles.wordpress.org/ssswadhin/)

[Translate “Swairish Site Security” into your language.](https://translate.wordpress.org/projects/wp-plugins/swairish-site-security)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/swairish-site-security/),
check out the [SVN repository](https://plugins.svn.wordpress.org/swairish-site-security/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/swairish-site-security/)
by [RSS](https://plugins.trac.wordpress.org/log/swairish-site-security/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 0.4.53

 * Preserved real admin screenshot captions in the WordPress.org directory package
   and excluded listing assets from the plugin ZIP.

#### 0.4.52

 * Added real installed-admin screenshots for the WordPress.org listing and product
   landing page.

#### 0.4.51

 * Excluded the standalone Free dashboard presentation band from the WordPress.org
   package.

#### 0.4.50

 * Finalized the standalone Free dashboard presentation band and package validation.

#### 0.4.49

 * Kept the standalone Free dashboard banner independent of the Pro license client
   while preserving the WordPress.org-free build rule.

#### 0.4.48

 * Added an optional dashboard presentation band for the standalone Free package.

#### 0.4.47

 * Added translator context to the generated free CAPTCHA fallback used in the WordPress.
   org package.

#### 0.4.46

 * Added translator context comments for dynamic security, scan, report, and admin
   messages in the WordPress.org build.

#### 0.4.45

 * Preserved the verified public Plugin URI in the WordPress.org build and added
   package checks for report assets and metadata.

#### 0.4.44

 * Corrected the review build’s public Plugin URI, standalone report asset handling,
   and file-editor audit validation.

#### 0.4.43

 * Renamed the public plugin to Swairish Site Security and requested the swairish-
   site-security directory slug.

#### 0.4.42

 * Completed the Swairish Site Security naming consistency pass across public packages
   and documentation.

#### 0.4.41

 * Rebranded the plugin and WordPress.org distribution as Swairish Site Security.

#### 0.4.40

 * Made protected export download verification explicit before request data is read.

#### 0.4.39

 * Completed the final WordPress.org package pass for static report assets and protected-
   download nonce handling.

#### 0.4.38

 * Removed remaining hardcoded WordPress content paths from directory-build tools
   and removed unused paid-interface styling from the WordPress.org package.

#### 0.4.37

 * Prepared the WordPress.org distribution for the pending review: a distinctive
   directory name and slug, packaged static report CSS, protected export storage,
   authenticated downloads, and uploads-directory quarantine storage.

#### 0.4.36

 * Corrected WordPress.org package cleanup for external CAPTCHA setting validation.

#### 0.4.35

 * Finalized the math-only CAPTCHA surface for the WordPress.org package.

#### 0.4.34

 * Added recursive sanitization for submitted security settings.

#### 0.4.33

 * Updated the WordPress.org package builder after translation-loader cleanup.

#### 0.4.32

 * Made action nonce verification explicit and hardened read-only request handling
   for Plugin Check.

#### 0.4.31

 * Fixed the free package event-count query and tightened timeline query validation.

#### 0.4.30

 * Hardened prepared custom-table queries for the WordPress.org package.

#### 0.4.29

 * Fixed the WordPress.org package cleanup for the built-in CAPTCHA settings.

#### 0.4.28

 * Hardened the free directory build for WordPress.org Plugin Check compatibility.

#### 0.4.27

 * Simplified historical package notes to keep the WordPress.org readme focused 
   on the Free distribution.

#### 0.4.26

#### 0.4.25

 * Improved generated Free and WordPress.org package hygiene.
 * Fixed WordPress.org dashboard asset loading for the directory package slug.
 * Added package validation for excluded commercial classes and routes.

#### 0.4.24

 * Improved security event context used by reports and exports.
 * Updated package metadata for the current release.

#### 0.4.23

 * Improved release packaging and cleanup workflows.
 * Kept the Free and WordPress.org ZIPs focused on their documented feature set.

#### 0.4.22

 * Cleaned the regular Free ZIP and rebuilt the review-safe distribution.
 * Kept the Free ZIP focused on its documented security, reporting, and evidence-
   export features.
 * Rebuilt the WordPress.org package as a review-safe free distribution with matching
   normal and flat-root ZIP variants.

#### 0.4.21

 * Prepared a clean WordPress.org free distribution package.
 * Kept dashboard metric icons and the free security scanning, firewall, hardening,
   CAPTCHA, reporting, and evidence export workflows.

#### 0.4.20

 * Added relevant icons to dashboard, SOC, scanner, timeline, and tool metric cards
   while keeping the existing colored stat shapes.

## Meta

 *  Version **0.4.53**
 *  Last updated **14 hours ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 6.0 or higher **
 *  Tested up to **7.0.2**
 *  PHP version ** 7.4 or higher **
 * Tags
 * [audit](https://wordpress.org/plugins/tags/audit/)[firewall](https://wordpress.org/plugins/tags/firewall/)
   [hardening](https://wordpress.org/plugins/tags/hardening/)[malware](https://wordpress.org/plugins/tags/malware/)
   [security](https://wordpress.org/plugins/tags/security/)
 *  [Advanced View](https://wordpress.org/plugins/swairish-site-security/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/swairish-site-security/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/swairish-site-security/reviews/)

## Contributors

 *   [ Swadhin Khan Mohammad Nakib ](https://profiles.wordpress.org/ssswadhin/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/swairish-site-security/)