Title: Protector – Malware Removal, Firewall & Core Repair Author: Marcello Ruoppolo Published: avril 7, 2017 Last modified: avril 30, 2026 --- Search plugins ![](https://ps.w.org/wp-admin-protect/assets/banner-772x250.jpg?rev=2156965) ![](https://ps.w.org/wp-admin-protect/assets/icon-256x256.jpg?rev=1789520) # Protector – Malware Removal, Firewall & Core Repair By [Marcello Ruoppolo](https://profiles.wordpress.org/marcelloruoppolome/) [Download](https://downloads.wordpress.org/plugin/wp-admin-protect.4.0.4.zip) * [Details](https://tah.wordpress.org/plugins/wp-admin-protect/#description) * [Reviews](https://tah.wordpress.org/plugins/wp-admin-protect/#reviews) * [Installation](https://tah.wordpress.org/plugins/wp-admin-protect/#installation) * [Development](https://tah.wordpress.org/plugins/wp-admin-protect/#developers) [Support](https://wordpress.org/support/plugin/wp-admin-protect/) ## Description Every day, thousands of WordPress sites are hacked. Most security plugins offer protection, but they come with a massive cost: they slow down your server with bloated features and complex settings. **Protector is different.** It is a lightweight, AI-ready security layer that turns your WordPress site into a digital fortress without compromising speed. Whether you are trying to recover a hacked site or proactively defend your business, Protector delivers enterprise-grade security that anyone can configure. With our new **1-Click Security Overview Dashboard**, you can activate all recommended protections and block 98% of automated attacks in under 8 seconds. 📖 **[Read the Official Documentation here](https://kloxstudios.com/documentation/protector/)** ### 🦠 Malware Threat Scanner & Auto-Repair Don’t just find malware; destroy it. Our deep, recursive local scanner verifies your WordPress integrity without crashing your server: * **Core Integrity Verification:** Cross-references all Core files against the official WordPress.org checksums. * ** Advanced Pattern Detection:** Detects suspicious code patterns (like `eval`, `base64_decode`,` shell_exec`) hidden in your files. * **1-Click Auto-Repair:** Found a modified core file? Click « Repair » and Protector will automatically fetch a clean, original version directly from the official WP SVN and overwrite the infected file. ### 🛡️ Login Fortress (Brute-Force Protection) Hackers relentlessly target the `wp-login.php` page. We make it disappear. * ** Secret Login URL:** Hide `wp-login.php` completely. Any unauthorized attempt will be instantly redirected to a custom URL of your choice. * **Smart Honeypots:** Inject invisible fields into your login and comment forms to trap and block spam/brute- force bots automatically. * **Block Username Scanning:** Prevent attackers from discovering your admin usernames via `?author=1` enumeration. ### 🔒 1-Click Site Hardening Lock down common vulnerabilities instantly: * **Security Headers:** Protect against XSS, Clickjacking, and MIME-Sniffing attacks with a single toggle. * **XML-RPC Control:** Disable XML-RPC completely to eliminate one of the biggest brute-force attack vectors on WordPress. * **Version Obfuscation:** Hide your WordPress version from the source code so hackers can’t target known exploits. * **Restrict REST API:** Block public access to endpoints that expose sensitive user data. ### 📊 Live Attack Log Peace of mind you can actually see. Monitor every blocked attack, triggered honeypot, and deleted malware in real-time straight from your dashboard. ### 🚀 Upgrade to KloxStudios Pro Need absolute maximum power? Protector integrates seamlessly with the KloxStudios Cloud AI. Pro users unlock Cloud AI Malware Verification for 3rd-party plugins/themes, Automatic IP Lockouts, Instant Admin Login Alerts (Email & Webhook), and 2FA. ## Screenshots * [[ * **1-Click Security Dashboard:** See your live protection status and activate shields instantly. * [[ * **Login Fortress:** Configure your secret login URL and deploy invisible honeypot traps. * [[ * **Site Hardening:** Fortify your WordPress installation against XSS and XML-RPC attacks with simple toggles. * [[ * **Advanced Protection:** Unlock enterprise-grade tools like IP Lockouts and 2FA( Pro features). * [[ * **Malware Threat Scanner:** Run deep server scans, detect infected files, and verify core integrity. * [[ * **Live Attack Log:** Watch the firewall work in real-time as it blocks malicious IPs and bot networks. ## Installation You don’t need a PhD in cybersecurity to secure your site. 1. Upload the `protector- security` folder to the `/wp-content/plugins/` directory (or install directly via the WP Plugin directory). 2. Activate the plugin through the ‘Plugins’ menu in WordPress. 3. Navigate to the new « Protector » menu in your dashboard. 4. Click the massive yellow **« Activate Full Protection Now »** button on the dashboard for instant, 1-click security. For detailed configuration guides, visit our [Official Documentation](https://kloxstudios.com/documentation/protector/). ## FAQ ### How do I use the secret login URL? 1. Go to the « Protector » menu > « Login Fortress » tab. 2. Toggle the ‘Change your secret login URL’ option. 3. Set your ‘Secret Login Term’ (e.g., `mysecretaccess`). 4. Save changes and use your new login URL: `yoursite.com/wp-login.php?mysecretaccess`. ### What if I forget my secret term and get locked out? Don’t panic! You can temporarily disable the plugin by renaming the `protector-security` folder inside `wp-content/plugins/` via FTP or your hosting File Manager. This will instantly restore the default `wp-login.php` access. ### Will the Malware Scanner slow down my site? No! The scanner uses AJAX-based asynchronous batch processing. This means it scans your files in small chunks, preventing server timeouts and CPU spikes, even on massive websites with thousands of files. ## Reviews ![](https://secure.gravatar.com/avatar/8566def619e038c74b42ddb6f960e70fb669266c00403c355658e3fce4b76fc9? s=60&d=retro&r=g) ### 󠀁[Esse plugin me salvou](https://wordpress.org/support/topic/esse-plugin-me-salvou/)󠁿 [marknobre](https://profiles.wordpress.org/marknobre/) mars 9, 2026 Eu estava há dias tentando resolver alguns problemas de acesso e segurança no meu site e não conseguia encontrar a solução. Instalei o Protector e em poucos minutos já estava tudo funcionando. A função de esconder o admin URL é excelente. ![](https://secure.gravatar.com/avatar/d98c0f73b63bd626a5c56ff962fefdfa0d92533ab53f9e90c00d6fd43dfbeaa6? s=60&d=retro&r=g) ### 󠀁[Excelente](https://wordpress.org/support/topic/excelente-684/)󠁿 [dalmirjr](https://profiles.wordpress.org/dalmirjr/) avril 16, 2017 Parabéns Marcello, tenho certeza que este plugin vai ajudar muito os proprietários de websites. ![](https://secure.gravatar.com/avatar/d443ec17f8a5888823890170b06ef7a3fc82710c6f781acdd194c9a23ed30978? s=60&d=retro&r=g) ### 󠀁[Direto ao ponto](https://wordpress.org/support/topic/direto-ao-ponto/)󠁿 [gabrielleite.ipd](https://profiles.wordpress.org/gabrielleiteipd/) avril 14, 2017 Plugin sem frescura, resolve o problema de maneira muito simples, configurei ele em menos de 10 segundos. [ Read all 3 reviews ](https://wordpress.org/support/plugin/wp-admin-protect/reviews/) ## Contributors & Developers “Protector – Malware Removal, Firewall & Core Repair” is open source software. The following people have contributed to this plugin. Contributors * [ Marcello Ruoppolo ](https://profiles.wordpress.org/marcelloruoppolome/) [Translate “Protector – Malware Removal, Firewall & Core Repair” into your language.](https://translate.wordpress.org/projects/wp-plugins/wp-admin-protect) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/wp-admin-protect/), check out the [SVN repository](https://plugins.svn.wordpress.org/wp-admin-protect/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/wp-admin-protect/) by [RSS](https://plugins.trac.wordpress.org/log/wp-admin-protect/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 4.0.4 * **New:** « Military Scan » mode – Expanded recursive scanning to the entire WordPress installation (Root, Admin, Includes, Vendor). * **Security:** Hard-linked Anti-Piracy architecture for Pro features, ensuring engine integrity. * **Security:** Refined Secret Login URL redirection logic to prevent false-positives during POST requests. * **Performance:** Optimized AJAX batching for large-scale file processing. * **Tweak:** Updated translations and documentation links. #### 4.0.3 * Fix: Resolved an issue where the Secret Login URL feature would incorrectly redirect valid users during form submission (POST request). The secret term is now securely validated during the login process. * Tweak: Minor internal code refactoring for authentication hooks. #### 4.0.2 * Fix: Resolved a bug in the Settings API where saving one tab disabled the options in other tabs. * Tweak: Separated option groups to improve form modularity and save actions. #### 4.0.0 * Major Overhaul: Complete UI/UX redesign with a new Security Overview Dashboard. * New: Malware Threat Scanner (verifies WP core files and detects suspicious patterns). * New: Auto-Repair modified Core files directly from WordPress.org SVN. * New: Login & Comment Honeypots to trap spam and brute-force bots. * New: Site Hardening options (Security Headers, Disable XML-RPC, Restrict REST API). * New: Live Attack Log to monitor blocked threats in real-time. * New: Quick Setup – Secure your site in 1-click. * Performance: AJAX-based batch scanning to prevent server timeouts on large sites. * Security: Added Pro Add-on architecture readiness. #### 2.7.3 * Fix: Resolved « Too Many Redirects » error by switching to wp_redirect. * Security: Added data sanitization and escaping for all inputs. * Performance: Removed all external CSS/JS dependencies (FontAwesome/Grids). #### 2.6.0 * New Security Algorithm. #### 2.5.0 * Layout improvements and new security features. ## Meta * Version **4.0.4** * Last updated **4 semaines ago** * Active installations **200+** * WordPress version ** 5.0 or higher ** * Tested up to **6.9.4** * PHP version ** 7.4 or higher ** * Language * [English (US)](https://wordpress.org/plugins/wp-admin-protect/) * Tags * [Brute Force](https://tah.wordpress.org/plugins/tags/brute-force/)[firewall](https://tah.wordpress.org/plugins/tags/firewall/) [malware scanner](https://tah.wordpress.org/plugins/tags/malware-scanner/)[security](https://tah.wordpress.org/plugins/tags/security/) * [Advanced View](https://tah.wordpress.org/plugins/wp-admin-protect/advanced/) ## Ratings 5 out of 5 stars. * [ 3 5-star reviews ](https://wordpress.org/support/plugin/wp-admin-protect/reviews/?filter=5) * [ 0 4-star reviews ](https://wordpress.org/support/plugin/wp-admin-protect/reviews/?filter=4) * [ 0 3-star reviews ](https://wordpress.org/support/plugin/wp-admin-protect/reviews/?filter=3) * [ 0 2-star reviews ](https://wordpress.org/support/plugin/wp-admin-protect/reviews/?filter=2) * [ 0 1-star reviews ](https://wordpress.org/support/plugin/wp-admin-protect/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/wp-admin-protect/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/wp-admin-protect/reviews/) ## Contributors * [ Marcello Ruoppolo ](https://profiles.wordpress.org/marcelloruoppolome/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/wp-admin-protect/) ## Donate Would you like to support the advancement of this plugin? [ Donate to this plugin ](https://kloxstudios.com/)