Security Control by Reflecters secures WordPress by detecting new devices, blocking them with a password overlay, and alerting users with sirens and banners.
Key Features
- New Device Detection: Identifies new devices using a secure cookie-based system.
- Siren Password Overlay: Blocks new devices with a full-screen password prompt (default password:
2210). - Broadcast Alerts: Notifies all admin, editor, and author users with a siren sound and warning banner when a new device logs in.
- Master Admin Control: Only the designated master admin can manage settings, block/unblock users, or reset trusted devices.
- IP Blocking: Temporarily blocks IPs after multiple failed password attempts.
- Email Notifications: Sends alerts to admins, editors, and authors for new device logins, blocks, or trusted devices (configurable).
- Trusted Device Management: Allows users to trust their devices after verification and admins to manage trusted devices.
- Customizable Siren: Upload custom MP3 audio for the siren alert.
- Security Headers: Adds X-Frame-Options, X-Content-Type-Options, and Referrer-Policy headers for admin pages.
This plugin is ideal for WordPress sites needing robust security for multi-user environments, ensuring only trusted devices access the admin area while keeping authorized users informed of potential threats.
Additional Notes
- Default Password: The default siren stop password is
2210. Change it in the settings for security. - Security: The plugin uses nonces for AJAX security, secure cookies for device tracking, and hashes passwords client-side before transmission.
- Performance: Uses transients for temporary data (new device detection, IP blocking) to minimize database load.
- Compatibility: Tested with WordPress 6.8. Requires PHP 7.4+ for modern features like typed arrays.
For support, contact Reflecters at support@reflecters.com or visit https://reflecters.com.
