Plugin Directory

Simple Security Firewall

Comprehensive and Easy-To-Use WordPress Security - Comes With Business Grade Support, with no "premium" restrictions

Point Release 4.8.0

Released: 21st June, 2015

  • (v.0) FEATURE: Admin Access Restriction Areas - Restrict access to certain WordPress areas and functionality to Administrators with the Admin Access key.
  • (v.0) ADDED: Admin Access Restriction Area - Plugins. You can now restrict access to certain Plugin actions - activate, install, update, delete.
  • (v.0) ADDED: Admin Access Restriction Area - Themes. You can now restrict access to certain Theme actions - activate, install, update, delete.
  • (v.0) ADDED: Admin Access Restriction Area - Pages/Post. You can now restrict access to certain Page/Post actions - Create/Edit, Publish, Delete.

4.8 Series

Released: 21st June, 2015

  • (v.0) FEATURE: Admin Access Restriction Areas - Restrict access to certain WordPress areas and functionality to Administrators with the Admin Access key.
  • (v.0) ADDED: Admin Access Restriction Area - Plugins. You can now restrict access to certain Plugin actions - activate, install, update, delete.
  • (v.0) ADDED: Admin Access Restriction Area - Themes. You can now restrict access to certain Theme actions - activate, install, update, delete.
  • (v.0) ADDED: Admin Access Restriction Area - Pages/Post. You can now restrict access to certain Page/Post actions - Create/Edit, Publish, Delete.

4.7 Series

Released: 29th April, 2015

  • (v.7) FIXED: The text used to explain why some comments were marked as spam was broken.
  • (v.7) FIXED: Group sign-up form now honours your SSL setting.
  • (v.7) TRANSLATIONS: Spanish - 74%, Russian - 91%, Turkish - 94%, Polish- 95%, Finnish - 100%
  • (v.6) FIXED: Verifying ability to send/receive email doesn't complete if Admin Access Protection is turned on.
  • (v.6) FIXED: GASP Login Protection feature breaks because certain key options aren't initialized when the feature is enabled.
  • (v.6) FIXED: Some "more info" links were empty.
  • (v.4) ADDED: Email Sending Verification when enabling two-factor authentication - this ensures your site can send (and you can receive) emails.
  • (v.4) ADDED: Section Summaries - each option tab contains a small text summary outlining the purpose and recommendation for each.
  • (v.4) CHANGED: The Admin Access Key input is now a password field.
  • (v.4) CHANGED: Custom Login URL now works with or without trailing slash.
  • (v.4) CHANGED: Streamlining and improvement of PHP UI templates
  • (v.4) ADDED: Implemented TWIG for templates (not yet activated)
  • (v.4) TRANSLATIONS: Romanian (100%), Spanish-Spain (63%)
  • (v.3) ADDED: Integrated protection against 2x RevSlider vulnerabilities (Local File Include and Arbitrary File Upload)
  • (v.3) CHANGED: Reverted the addition of Permalinks/Rewrite rules flushing, in case this is a problem for some.
  • (v.2) UPDATED/FIX: Major fixes and improvements to the rename wp-login.php feature.
  • (v.2) TRANSLATIONS: Mexican-Spanish (61%), Arabic (38%)
  • (v.1) FIX: Silence warnings from filesystem touch() command.
  • (v.1) TRANSLATIONS: Polish (100%), Finnish (100%), Czech (73%), Arabic (34%)
  • (v.0) UPDATED: Options page user interface re-design.
  • (v.0) FIX: Audit trail time now reflects the user's timezone correctly.
  • (v.0) FIX: Better compatibility with BBPress.
  • (v.0) UPDATED: Underlying plugin code improvements.
  • (v.0) TRANSLATIONS: Russian (100%), Czech (70%), Polish (97%)

4.6 Series

Released: 10th April, 2015

  • (v.3) SECURITY: Added protection against XSS vulnerability in WordPress comments. Learn More - Note: This is not a vulnerability with the Firewall plugin.
  • (v.3) SECURITY: Added extra precautions to WordPress URL redirects. Learn More.
  • (v.3) TRANSLATIONS: Russian (70%), Czech (67%)
  • (v.2) FIX: Bug with the database table verification logic.
  • (v.2) TRANSLATIONS: Russian (New- 54%), Romanian (100%), Turkish (89%), Czech (53%)
  • (v.1) FIX: XMLRPC compatibility logic was preventing other non-XMLRPC related code from running.
  • (v.1) UPDATED: Plugin Badge styling
  • (v.1) UPDATED: Updated Czech(41%) and Spanish (60%) translations
  • (v.0) ADDED: New feature that displays the last login time for all users on the users listing page (User Management feature must be enabled).
  • (v.0) ADDED: Completely optional promotional Plugin Badge option - help us promote the plugin and reassure your site visitors at the same time. Learn More
  • (v.0) UPDATED: Updated Czech(38%) translations

4.5 Series

Released: 6th March, 2015

  • (v.5) CHANGED: Updated Finnish (100%), Czech (16%) translations
  • (v.5) CHANGED: Change logs now more clearly display changes between versions
  • (v.5) FIX: Small translation coverage
  • (v.4) ADDED: New and updated language translations including Polish (100%), Finnish
  • (v.4) FIX: Better string translation coverage for menus etc.
  • (v.3) ADDED: New and updated language translations including Polish, Czech and German
  • (v.3) CHANGED: Only set the plugin cookie if necessary
  • (v.2) CHANGED: Attempt to resolve DB errors related to transient options reported on WP Engine
  • (v.1) ADDED: New feature- GASP Login Protection can now be applied to lost password form - enabled by default
  • (v.0) ADDED: New feature- GASP Login Protection can now be applied to user registrations - enabled by default

4.4 Series

Released: 21st February, 2015

  • (v.2) ADDED: Romanian Translation.
  • (v.2) ADDED: A plugin minimum-requirements processing system.
  • (v.2) IMPROVED: The WordPress admin-UI code is simpler and cleaner.
  • (v.1) ADDED: Significant performance enhancement in plugin loading times (up to 50% reduction).
  • (v.0) CHANGED: The 'Prevent Remote Login' option now tries to detect web hosting server compatibility before allowing it to be enabled.
  • (v.0) CHANGED: More lax in finding the 'forceOff' file when users are trying to turn off the firewall.
  • (v.0) CHANGED: Parsing the URL no longer outputs warnings that might interfere with response headers.

4.3 Series

Released: 15th January, 2015

  • (v.6) FIXES: More thorough validation of whitelisted IP addresses
  • (v.5) FIXES: Some hosting environments need absolute file paths for PHP include()/require()
  • (v.5) CHANGED: Streamlined the detection of whitelisting and added in-plugin notification if you are whitelisted
  • (v.4) FIXES: Work around for cases where PHP can't successfully run parse_url()
  • (v.2) IMPROVED: Refactoring for better code organisation
  • ADDED: New Feature - Rename WP Login Page.
  • ADDED: UI indicators on whether plugins will be automatically updated in the plugins listing.
  • CHANGED: IP Address WhiteList is now global for the whole plugin, and can be accessed under the "Dashboard" area
  • IMPROVED: Firewall processing code is simplified and more efficient.


Released: 22th December, 2014

  • FIXED: Changes to how feature specifications are read from disk to prevent .tmp file build up.


Released: 12th December, 2014

  • ADDED: Audit Trail Auto Cleaning - default cleans out entries older than 30 days.
  • FIXED: Various small bug fixes and code cleaning.


Released: 24th November, 2014

  • FIXED: Fixed small logic bug which prevented deactivation of the plugin on the UI.


Released: 19th November, 2014

  • IMPROVED: User Sessions are simplified.
  • UPDATED: a few translation files based on the latest available contributions.


  • ADDED: Self-correcting database table validation - if the structure of a database table isn't what is expected, it'll be re-created.


  • WARNING: Due to new IPv6 support, all databases tables will be rebuilt - all active user sessions will be destroyed.
  • ADDED: Preliminary support for IPv6 addresses throughout. We don't support whitelist ranges but IPv6 addresses are handled much more reliably in general.
  • ADDED: New audit trail concept added called "immutable" that represents entries that will never be deleted - such entries would usually involve actions taken on the audit trail itself.
  • FIXED: Support for audit trail events with longer names.
  • IMPROVED: Comments Filtering - It now honours the WordPress settings for previously approved comment authors and never filters such comments.
  • REMOVED: Option to enable GASP Comments Filtering for logged-in users has been completely removed - this reduces plugin options complexity. All logged-in users by-pass all comments filtering.
  • FIXED: Prevention against plugin redirect loops under certain conditions.
  • FIXED: IP whitelisting wasn't working under certain cases.


  • ADDED: New Feature - Audit Trail
  • ADDED: Audit Trail options include: Plugins, Themes, Email, WordPress Core, Posts/Pages, WordPress Simple Firewall
  • FIXED: Full and proper cleanup of plugin options, crons, and databases upon deactivation.
  • REMOVED: Firewall Log. This is no longer an option and is instead integrated into the "WordPress Simple Firewall" Audit Trail.


  • ADDED: Better admin notifications for events such as options saving etc.
  • CHANGE: Some plugin styling to highlight features and options better.
  • FIXED: Small bug with options default values.


  • ADDED: A warning message on the WordPress admin if the "forceOff" override is active.
  • CHANGED: The 'forceOff' system is now temporary - i.e. it doesn't save the configuration, and so once this file is removed, the plugin returns to the settings specified.
  • CHANGED: The 'forceOn' option is now removed.
  • FIXED: Problems with certain hosting environments reading in files with the ".yaml" extension - support ref
  • FIXED: Small issue where when the file system paths change, some variables don't update properly.


  • CHANGED: Plugin features are now configured using YAML - no more in-PHP configuration.
  • REMOVED: A few options from User Sessions Management as they were unnecessary.
  • CHANGED: Database storing tables now have consistent naming.
  • FIXED: Issue with User Sessions Management where '0' was specified for session length, resulting in lock out.
  • FIXED: Firewall log gathering.
  • FIXED: Various PHP warning notices.


  • ADDED: Option to limit number of simultaneous sessions per WordPress user login name (User Management section)


  • ADDED: Option to send notification when an administrator user logs in successfully (under User Management menu).
  • CHANGED: Refactoring for how GET and POST data is retrieved


  • FIXED: Custom Comment Filter message problem when using more than one substitution. ref


  • ADDED: Options to allow by-pass XML-RPC so as to be compatible with WordPress iPhone/Android apps.
  • UPDATED: Login screen message when you're forced logged-out due to 2-factor auth failure on IP or cookie.
  • CHANGED: Tweaked method for setting admin access protection on/off
  • CHANGED: comment filtering code refactoring.
  • FIXED: Options that were "multiple selects" weren't saving correctly


  • FIX: Where some comments would fail GASP comment token checking.


  • FIX: Logout URL parameters are now generated correctly so that the correct messages are shown.
  • CHANGED: small optimizations and code refactoring.
  • UPDATED: a few translation files based on the latest available contributions.


  • FIX: issue with login cooldown timeouts not being updated where admin access restriction is in place.


  • FIX: auto-updates feature not loading
  • FIX: simplified implementation of login protection feature to reduce possibility for bugs/lock-outs
  • FIX: auto-forwarding for wp-login.php was preventing user logout


  • ADDED: option to check the logged-in user session only on WordPress admin pages (now the default setting)
  • ADDED: option to auto-forward to the WordPress dashboard when you go to wp-login.php and you're already logged in.
  • ADDED: message to login screen when no user session is found
  • CHANGED: does not verify session when performing AJAX request. (need to build appropriate AJAX response)
  • FIX: for wp_login action not passing second argument


  • FEATURE: User Management. Phase 1 - create user sessions to track current and attempted logged in users.
  • CHANGED: MASSIVE plugin refactoring for better performance and faster, more reliable future development of features
  • ADDED: Obscurity Feature - ability to remove the WP Generator meta tag.
  • ADDED: ability to change user login session length in days
  • ADDED: ability to set session idle timeout in hours
  • ADDED: ability to lock session to a particular IP address (2-factor auth by IP is separate)
  • ADDED: ability to view active user sessions
  • ADDED: ability to view last page visited for active sessions
  • ADDED: ability to view last active time for active sessions
  • ADDED: ability to view failed or attempted logins in the past 48hrs
  • ADDED: Support for GASP login using WooCommerce
  • CHANGED: Admin Access Restriction now has a separate options/feature page
  • CHANGED: Admin styling to better see some selected options
  • ADDED: Support for WP Wall shoutbox plugin (does no GASP comment checks)
  • CHANGED: Removed support for upgrading from versions prior to 2.0
  • CHANGED: Removed support for importing from Firewall 2 plugin - to import, manually install plugin v2.6.6, import settings, then upgrade.


  • FIX: Improved compatibility with bbPress.


  • FIX: Could not enable Admin Access Protection feature on new installs due to too aggressive testing on security.


  • ENHANCED: Dashboard now shows a more visual summary of settings and removes duplicate options settings with links to sections.
  • ENHANCED: WordPress Lock Down options now also set the corresponding WordPress defines if they're not already.


  • ADDED: More in-line plugin links to help/blog resources
  • ENHANCED: Admin Access Protection is further enhanced in 3 ways:
  1. More robust cookie values using MD5s
  2. Blocks plugin options updating right at the point of WordPress options update so nothing can rewrite the actual plugin options.
  3. Locks the current Admin Access session to your IP address - effectively only 1 Simple Firewall admin allowed at a time.


  • ENHANCED: Added option to completely reject a SPAM comment and redirect to the home page (so it doesn't fill up your database with rubbish)
  • ADDED: Plugin now has an internal stats counter for spam and other significant plugin events.


  • ADDED: Plugin now installs with default SPAM blacklist.
  • ADDED: Now automatically checks and updates the SPAM blacklist when it's older than 48hrs.
  • ENHANCED: Comment messages indicate where the SPAM content was found when marking human-based spam messages.


Major Features Release: Please review SPAM comments filtering options to determine where SPAM goes

  • FEATURE: Added Human SPAM comments filtering - replacement for Akismet that doesn't use or send any data to 3rd party services. Uses Blacklist provided and maintained by Grant Hutchinson
  • ENHANCED: Two-Factor Login now automatically logs in the user to the admin area without them having to re-login again.
  • ENHANCED: Added ability to terminate all currently (two-factor) verified logins.
  • ENHANCED: Spam filter/scanning adds an explanation to the SPAM content to show why a message was filtered.
  • FIXES: For PHP warnings while in php strict mode.
  • CLEAN: Much cleaning up of code.


  • FEATURE: Added option to try and exclude search engine bots from firewall checking option - OFF by default.


  • FEATURE: Added 'PHP Code' Firewall checking option.


  • IMPROVED: Handling and logic of two-factor authentication and user roles/levels


  • FEATURE: Added ability to specify the particular WordPress user roles that are subject to 2-factor authentication. (Default: Contributors, Authors, Editors and Administrators)


  • FEATURE: Added 'Lockdown' feature to force login to WordPress over SSL.
  • FEATURE: Added 'Lockdown' feature to force WordPress Admin dashboard to be delivered over SSL.
  • FIX: Admin restricted access feature wasn't disabled with the "forceOff" option.


  • FIX: How WordPress Automatic/Background Updates filters worked was changed with WordPress 3.8.2.


  • UPDATED: Translations. And confirmed compatibility with WordPress 3.9


  • FEATURE: Option to Prevent Remote Posting to the WordPress Login system. Will check that the login form was submitted from the same site.


  • UPDATED: Translations and added some partials (Catalan, Persian)
  • FIX: for cleanup cron running on non-existent tables.


  • FEATURE: Two-Factor Authenticated Login using Yubikey One Time Passwords (OTP).


  • ADDED: Translations: Spanish, Italian, Turkish. (~15% complete)
  • UPDATED: Hebrew Translations (100%)


  • ADDED: Contextual help links for many options. More to come...
  • ADDED: More Portuguese (Brazil) translations (~80%)


  • ADDED: More strings to the translation set for better multilingual support
  • ADDED: Portuguese (Brazil) translations (~40%)
  • UPDATED: Hebrew Translations
  • FIXED: Automatic cleaning of database logs wasn't actually working as expected. Should now be fixed.


  • NEW: Option to enable Two-Factor Authentication based on Cookie. In this way you can tie a user session to a single browser.
  • FIX: Better WordPress Multisite (WPMS) Support.


  • FIX: Automatic updating of itself.


  • ADDED: Hebrew Translations. Thanks Ahrale!
  • ADDED: Automatic trimming of the Firewall access log to 7 days - it just grows too large otherwise.
  • FIX: The previously added automatic clean up of old comments and login protect database entries was wiping out the valid login protect entries and was forcing users to re-login every 24hrs.
  • FIX: Some small bugs, errors, and PHPDoc Comments.


  • ADDED: Automatic cleaning of GASP Comments Filter and Login Protection database entries (older than 24hrs) using WordPress Cron (everyday @ 6am)
  • CHANGED: Huge code refactoring to allow for more easily use with other WordPress plugins.


  • ADDED: Email sending options for automatic update notifications - options to change the notification email address, or turn it off completely.


  • FIX: Small bug fix.
  • CHANGED: When running a force automatic updates process, tries to remove influence from other plugins and uses only this plugin's automatic updates settings.
  • CHANGED: A bit of automatic updates code refactoring.


  • CHANGED: Changed all options to be disabled by default.
  • CHANGED: The option for admin notices will turn off all main admin notices except after you update options.


  • ADDED: Verified compatibility with WordPress 3.8


  • CHANGED: Certain filesystem calls are more compatible with restrictive hosting environments.
  • CHANGED: Plugin is now ready to integate with iControlWP automatic background updates system.
  • FIX: Login Protection Cooldown feature may not operate properly in certain scenarios.


  • IMPROVED: Improved logic for Firewall whitelisting for pages and parameters to ensure whitelisting rules are followed.
  • CHANGED: The whitelisting rule for posting pages/posts is only for the "content" and the firewall checking will apply to all other page parameters.


  • FIX: When you run the Force Automatic Background Updates, it disables the plugins. This problem is now fixed.


  • FIX: A bug that prevented auto-updates of this plugin.
  • FIX: Not being able to hide translations and upgrade notices.
  • ADDED: Tweaks to auto-update feature to allow interfacing with the iControlWP service to customize the auto update system.


  • ADDED: A button that lets you run the WordPress Automatic Updates process on-demand (so you don't have to wait for WordPress cron).
  • CHANGED: The plugin now sets more options to be turned on by default when the plugin is first activated.
  • CHANGED: A lot of optimizations and code refactoring.


  • FIX: Whoops, sorry, accidentally removed the option to toggle "disable file editing". It's back now.


  • CHANGED: WordPress filters used to programmatically update whitelists now update the Login Protection IP whitelist


  • ADDED: Localization capabilities. All we need now are translators! Go here to get started.
  • ADDED: Option to mask the WordPress version so the real version is never publicly visible.


  • CHANGED: Simplified the automatic WordPress Plugin updates into 1 filter for consistency


  • ADDED: Increased admin access security features - blocks the deactivation of itself if you're not authenticated fully with the plugin.
  • ADDED: If you're not authenticated with the plugin, the plugin listing view wont have 'Deactivate' or 'Edit' links.


  • ADDED: New WordPress Automatic Updates Configuration settings


  • ADDED: Notification of available plugin upgrade is now an option under the 'Dashboard'
  • CHANGED: Certain admin and upgrade notices now only appear when you're authenticated with the plugin (if this is enabled)
  • FIXED: PHP Notice with undefined index.


  • ADDED: Feature- Access Key Restriction more info.
  • ADDED: Feature- WordPress Lockdown. Currently only provides 1 option, but more to come.


  • CHANGED: Reworked a lot of the plugin to optimize for further performance.
  • FIX: Potential infinite loop in processing firewall.


  • ADDED: Much more efficiency yet again in the loading/saving of the plugin options.


  • ADDED: Preliminary WordPress Multisite (WPMS/WPMU) Support.
  • CHANGED: The Firewall now kicks in on the 'plugins_loaded' hook instead of as the actual firewall plugin is initialized (as a result of WP Multisite support).


  • REMOVED: Automatic upgrade option until I can ascertain what caused the plugin to auto-disable.


  • ADDED: Options to fully customize the text displayed by the GASP comments section.
  • ADDED: Option to include logged-in users in the GASP Comments Filter.


  • ADDED: A new section - 'Comments Filtering' that will form the basis for filtering comments with SPAM etc.
  • ADDED: Option to add enhanced GASP based comments filtering to prevent SPAM bots posting comments to your site.


  • IMPROVED: Whitelist/Blacklist IP range processing to better cater for ranges when saving, with more thorough checking.
  • IMPROVED: Whitelist/Blacklist IP range processing for 32-bit systems.
  • FIXED: A bug with Whitelist/Blacklist IP checking.


  • FIXED: Quite a few bugs fixed.


  • FIXED: Typo error.


  • FIXED: Some of the firewall processors were saving unnecessary data.



  • FIXED: Bug fix where IP address didn't show in email.
  • FIXED: Attempt to fix problem where update message never hides.


  • ADDED: A new IP whitelist on the Login Protect that lets you by-pass login protect rules for given IP addresses.
  • REMOVED: Firewall rule for wp-login.php and whitelisted IPs.


  • ADDED: The plugin now has an option to automatically upgrade itself when an update is detected - enabled by default.


  • ADDED: The plugin will now displays an admin notice when a plugin upgrade is available with a link to immediately update.
  • ADDED: Plugin collision: removes the main hook by 'All In One WordPress Security'. No need to have both plugins running.
  • ADDED: Improved Login Cooldown Feature- works more like email throttling as it now uses an extra filesystem-based level of protection.
  • FIXED: Login Cooldown Feature didn't take effect in certain circumstances.


  • ADDED: All-new plugin options handling making them more efficient, easier to manage/update, using far fewer WordPress database options.
  • CHANGED: Huge improvements on database calls and efficiency in loading plugin options.
  • FIXED: Nonce implementation.


  • FIXED: Small compatibility issue with Quick Cache menu not showing.


  • ADDED: Email Throttle Feature - this will prevent you getting bombarded by 1000s of emails in case you're hit by a bot.
  • ADDED: Another Firewall die() option. New option will print a message and uses the wp_die() function instead.
  • ADDED: Refactored and improved the logging system (upgrading will delete your current logs!).
  • ADDED: Option to separately log Login Protect features.
  • ADDED: Option to by-pass 2-factor authentication in the case sending the verification email fails (so you don't get locked out if your hosting doesn't support email!).
  • CHANGED: Login Protect checking now better logs out users immediately with a redirect.
  • CHANGED: We now escape the log data being printed - just in case there's any HTML/JS etc in there we don't want.
  • CHANGED: Optimized and cleaned a lot of the option caching code to improve reliability and performance (more to come).


  • FIX: Bug where the GASP Login protection was only working when you had 2-factor authentication enabled.


  • ADDED: Ability to import settings from WordPress Firewall 2 plugin options - note, doesn't import page and variables whitelisting.
  • FIX: A reported bug - parameter values could also be arrays.


  • ADDED: New Feature - Option to add a checkbox that blocks automated SPAM Bots trying to log into your site.
  • ADDED: Added a clear user message when they verify their 2-factor authentication.
  • FIX: A few bugfixes and logic corrections.


  • CHANGED: Documentation on the dashboard, and the message after installing the firewall have been updated to be clearer and more informative.
  • FIX: A few bugfixes and logic corrections.


  • FIX: bugfix.


  • FIX: Some warnings and display bugs.


  • ADDED: New Feature - Login Wait Interval. To reduce the effectiveness of brute force login attacks, you can add an interval by which WordPress will wait before processing any more login attempts on a site.
  • CHANGED: Optimized some settings for performance.
  • CHANGED: Cleaned up the UI when the Firewall / Login Protect features are disabled (more to come).
  • CHANGED: Further code improvements (more to come).


  • ADDED: New Feature - Login Protect. Added 2-Factor Login Authentication for all users and their associated IP addresses.
  • CHANGED: The method for processing the IP address lists is improved.
  • CHANGED: Improved .htaccess rules (thanks MickeyRoush)
  • CHANGED: Mailing method now uses WP_MAIL
  • CHANGED: Lot's of code improvements.


  • ADDED: Option to include Cookies in the firewall checking.


  • ADDED: Ability to whitelist particular pages and their parameters (see FAQ)
  • CHANGED: Quite a few improvements made to the reliability of the firewall processing.


  • FIX: Left test path in plugin.


  • ADDED: Option to completely ignore logged-in Administrators from the Firewall processing (they wont even trigger logging etc).
  • ADDED: Ability to (un)blacklist and (un)whitelist IP addresses directly from within the log.
  • ADDED: helpful link to IP WHOIS from within the log.


  • CHANGED: Logging now has its own dedicated database table.


  • Fix: Block notification emails weren't showing the user-friendly IP Address format.


  • You can now specify IP ranges in whitelists and blacklists. To do this separate the start and end address with a hypen (-) E.g. For everything between and, you would do:
  • You can now specify which email address to send the notification emails.
  • You can now add a comment to IP addresses in the whitelist/blacklist. To do this, write your IP address then type a SPACE and write whatever you want (don't take a new line).
  • You can now set to delete ALL firewall settings when you deactivate the plugin.
  • Improved formatting of the firewall log.


  • First Release

Requires: 3.5.0 or higher
Compatible up to: 4.2.2
Last Updated: 2015-6-21
Active Installs: 20,000+


4.9 out of 5 stars


24 of 32 support threads in the last two months have been resolved.

Got something to say? Need help?


Not enough data

1 person says it works.
0 people say it's broken.

100,1,1 0,1,0 100,2,2 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1
0,1,0 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,2,2 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1 100,1,1
0,1,0 100,1,1 100,2,2 100,1,1 100,2,2 100,1,1
100,2,2 100,1,1
100,1,1 100,1,1 100,1,1 100,1,1
100,1,1 100,1,1 100,1,1 100,1,1