Title: Security Safe Author: Sovereign Stack, LLC Published: January 9, 2018 Last modified: March 9, 2026 --- Search plugins ![](https://ps.w.org/security-safe/assets/icon.svg?rev=3477766) # Security Safe By [Sovereign Stack, LLC](https://profiles.wordpress.org/sovstack/) [Download](https://downloads.wordpress.org/plugin/security-safe.3.0.1.zip) * [Details](https://pcd.wordpress.org/plugins/security-safe/#description) * [Reviews](https://pcd.wordpress.org/plugins/security-safe/#reviews) * [Installation](https://pcd.wordpress.org/plugins/security-safe/#installation) * [Development](https://pcd.wordpress.org/plugins/security-safe/#developers) [Support](https://wordpress.org/support/plugin/security-safe/) ## Description ### WP FIREWALL * Detects and Logs Threats * Add Firewall Rules to Allow and Deny IP Addresses With Internal Notes * Historical Log of Firewall Blocks With Visual Chart ### WP LOGIN SECURITY * Disable XML-RPC.php * Brute Force Protection * **[Pro]** Automatically Block IPs Based on Threat Score * **[Pro]** Priority Support ### WP PRIVACY * Hide WordPress CMS Version * Hide Script Versions * Make Website Anonymous During Updates * **[Pro]** Make Theme Versions Private * **[Pro]** Make Plugin Versions Private ### WP CORE, THEME, AND PLUGIN FILE SECURITY * Disable Editing Theme Files * Audit & Fix File Permission * **[Pro]** Bulk Fix File Permissions * **[Pro]** Automatically Fix Theme/Plugin File Permissions ### OTHER FEATURES * 404 Error Logging * Content Copyright Protection * Audit Hosting Software Versions * Various Logs and Charts * Turn On/Off All Security Policies Easily * Import/Export Settings Every WordPress security plugin becomes more complicated and bloated as more features are added. As a plugin’s code grows, it consumes more time to load, thus slowing down your website. Security Safe’s purpose is to protect your website from the majority of threats with minimal impact on website load time. We constantly test our load performance to ensure our features to ensure it continues to run fast and lean. > Note: [Upgrade to Security Safe Pro](https://checkout.freemius.com/mode/dialog/plugin/2439/plan/3762/) > to unlock advanced Pro features. Twitter: [Follow Security Safe](https://twitter.com/wpSecuritySafe/) Website: [Security Safe](https://wpsecuritysafe.com) ### LANGUAGE SUPPORT * English (default) * Spanish * [Translate this plugin in your language.](https://translate.wordpress.org/projects/wp-plugins/security-safe) ### Videos ### More Plugins By The Same Author * [Fix Alt Text](https://wordpress.org/plugins/fix-alt-text/) – Fix Alt Text will help you manage your image alt text easier for better website SEO and accessibility. * [WhereUsed](https://wordpress.org/plugins/where-used/) – Helps you find where pages and other things are referenced throughout your site. ## Screenshots * [[ * File Permissions * [[ * Login Attempts * [[ * Firewall Blocks ## Installation 1. Install Security Safe automatically or by uploading the ZIP file to your plugins folder. 2. Activate the Security Safe on the ‘Plugins’ admin page. When activated the plugin settings are initially set minimum security values. 3. Navigate to the Plugin Settings by clicking on the Security Safe menu located on the left side admin panel. 4. On Plugin Settings page, you will notice an icon menu at the top of the page. Navigate through all of them and review and change settings as they pertain to your site’s needs. 5. Test your site thoroughly. If you notice that your site is not functioning as expected, you can turn off each type of security policy (Privacy, Files, User Access, etc.) by navigating to each page and disabling the policy type. If necessary, you can disable all policy types at once on Plugin Settings page. 6. If you are having issues, reach out for help in the forum before leaving a review. ## Reviews ![](https://secure.gravatar.com/avatar/1f544e603531f3d2451605e214844e933b12360464619f6ba82c877e04c3376a? s=60&d=retro&r=g) ### 󠀁[Great plugin, great developer!!!](https://wordpress.org/support/topic/great-plugin-great-developer-19/)󠁿 [davincileonardo](https://profiles.wordpress.org/davincileonardo/) December 16, 2022 1 reply The best security plugin I know. Awesome developer! Support gives me a lot of attention, but not to fix this plugin (it’s brilliant, simple and indestructible), but other bugs on my site.Professionally.Efficiently.Nice.I highly recommend it to everyone! ![](https://secure.gravatar.com/avatar/d99c53c11a6f9c97947e586f3610a978c2f3680740c1ab25f7592bbe1050a534? s=60&d=retro&r=g) ### 󠀁[Love it](https://wordpress.org/support/topic/love-it-3635/)󠁿 [Minaya](https://profiles.wordpress.org/minaya01/) October 30, 2021 Very good ![](https://secure.gravatar.com/avatar/191eb18eeb11df782129b86a4ada0b85610d8f319dd01c30505061bcc5fdbb07? s=60&d=retro&r=g) ### 󠀁[Works just fine](https://wordpress.org/support/topic/works-just-fine-167/)󠁿 [annloub](https://profiles.wordpress.org/annloub/) May 17, 2022 1 reply This app has been very helpful as I navigate my way through my WordPress site. Thank you. ![](https://secure.gravatar.com/avatar/52e7747db1c92439deea3e1bd50af5f8faa1e563824787942bae2127c1ec22c1? s=60&d=retro&r=g) ### 󠀁[The Best Product out there](https://wordpress.org/support/topic/the-best-product-out-there/)󠁿 [annon369](https://profiles.wordpress.org/annon369/) November 10, 2020 1 reply Great, flawless, easy to use… We’ve tried a half dozen other products, most caused issues and broke some functionality. This plugin is flawless, we will be buying Pro version to support creator. ![](https://secure.gravatar.com/avatar/47c7d570123132c503a3fa10fbdbf02e50bf263acc30847991ffc4e83c61db68? s=60&d=retro&r=g) ### 󠀁[Wow… what an awesome app](https://wordpress.org/support/topic/wow-what-an-awesome-app/)󠁿 [thmwordpress](https://profiles.wordpress.org/thmwordpress/) November 8, 2020 1 reply I wish all apps UI’s where designed as clean and easy to use as this. This has the best set of tools to secure WP without all the nonsense… great work ![](https://secure.gravatar.com/avatar/497665d3586ab7b8e1761a85e94d64adf692517e68218638c5426738e5ad23dd? s=60&d=retro&r=g) ### 󠀁[Great Security Plugin](https://wordpress.org/support/topic/useful-plugin-640/)󠁿 [star379](https://profiles.wordpress.org/star379/) June 4, 2020 1 reply I have used this plugin on several pages now for quite a while and it works smoothly with Divi Theme and other plugins so far. It is providing my website the requested safety. Initially I was looking for a plugin to check for the file permissions to be set correctly and to change them if needed, which lead me to this one. I had a small issue which was answered and solved quickly. [ Read all 14 reviews ](https://wordpress.org/support/plugin/security-safe/reviews/) ## Contributors & Developers “Security Safe” is open source software. The following people have contributed to this plugin. Contributors * [ Sovereign Stack, LLC ](https://profiles.wordpress.org/sovstack/) * [ Steven Ayers ](https://profiles.wordpress.org/stevenayers63/) * [ Freemius ](https://profiles.wordpress.org/freemius/) [Translate “Security Safe” into your language.](https://translate.wordpress.org/projects/wp-plugins/security-safe) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/security-safe/), check out the [SVN repository](https://plugins.svn.wordpress.org/security-safe/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/security-safe/) by [RSS](https://plugins.trac.wordpress.org/log/security-safe/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### Versions Key (Major.Minor.Patch) * Major – 1.x.x increase involves major changes to the visual or functional aspects of the plugin, or removing functionality that has been previously deprecated.( higher risk of breaking changes) * Minor – x.1.x increase introduces new features, improvements to existing features, or introduces deprecations. (low risk of breaking changes) * Patch – x.x.1 increase is a bug fix, security fix, or minor improvement and does not introduce new features. (non-breaking changes) #### Version 3.0.1 *Release Date – 09 Mar 2026 * Security: updated queries to be escaped using standard wpdb::prepare * Security: escape translation reference #### Version 3.0.0 *Release Date – 08 Mar 2026 * Renamed plugin from WP Security Safe to Security Safe * Security: HTML Escaping of translation on output * Removed Feature: Automatic WordPress updates were removed as it is now a WordPress core feature. * Improvement: Made cache busting for js and css reliant of file modified time * Improvement: Updated C3 Charts to latest version v0.7.20 * Improvement: Updated D3 to version v5.16.0 * Improvement: Manage PHP dependencies using composer * Improvement: Compatible with PHP 8.4, 8.3, 8.2, 8.1 * Improvement: Requires minimum PHP version 8.1 * Improvement: Requires minimum WP version 6.1 * Minor Improvement: Updated PHP EOL Checks * Minor Improvement: International Translation WP Compliance * Minor Improvement: Updated PHP version checks * Note: Tested up to: 6.9 #### Version 2.6.6 *Release Date – 23 Sep 2025 * Bug Fix: Translation was being called too early * Bug Fix: IP addresses were not being logged properly * Minor Improvement: Added tighter code syntax to catch errors easier * Minor Improvement: Replaced some deprecated WordPress core function usage * Minor Improvement: Updated SDK dependency to version 2.12.2 * Note: Tested up to: 6.8.2 #### Version 2.6.5 *Release Date – 28 Oct 2024 * Bug Fix: illegal_user_logins() not defined as static method causing fatal error #### Version 2.6.4 *Release Date – 25 Oct 2024 * Bug Fix: Calling non-static method statically #### Version 2.6.3 *Release Date – 25 Oct 2024 * Notice: Version 3.0 will have minimum requirements of WP v6.1.0 and PHP 8.1.0 * Bug Fix: The login error messages were not being displayed * Bug Fix: An IP was getting blacklisted even though they were whitelisted when attempting to login with a restricted username. * Minor Improvement: Added some type hinting for load performance and code stability * Minor Improvement: Implemented static method referencing for policies to save memory * Minor Improvement: Updated SDK dependency to version 2.9.0 * Minor Improvement: Updated some PHPDoc * Minor Improvement: Updated PHP version checks * Minor Improvement: Updated PHP EOL Checks * Note: Tested up to: 6.6.2 #### Version 2.6.2 *Release Date – 31 May 2024 * Bug Fix: Fatal Error: constant WP_FS__DIR was conflicting with other plugins using freemius. * Minor Improvement: Updated SDK dependency to version 2.7.2 * Minor Improvement: Updated PHP version checks * Note: Tested up to 6.5.3 #### Version 2.6.1 *Release Date – 3 Nov 2023 * Bug Fix: In a local development environment using symlinks for the plugin’s directory, SDK was unable to reach local assets (css, js) thus causing display and functionality issue issues within the admin area. * Minor Improvement: Minor code improvements and typo fixes * Minor Improvement: Updated SDK dependency to version 2.6.0 * Minor Improvement: Updated minimum PHP recommendation to be based on current date * Minor Improvement: Updated PHP version checks * Note: Tested up to 6.3.2 #### Version 2.6.0 *Release Date – 4 Oct 2023 * Bug Fix: PHP fatal error encountered when adding a new site to a multisite environment. * Bug Fix: Plugin namespace was causing scope issues when referring to core WP classes * Security: Using updated sanitization methods on $_POST variables * Improvement: Removed deprecated FILTER_SANITIZE_STRING and replaced with latest security sanitization * Improvement: Forced blocked username list to be compatible with space delimiter and convert to new line * Minor Improvement: Updated SDK dependency to version 2.5.12 * Minor Improvement: Enable plugin method needed to be statically defined and called * Minor Improvement: Updated PHP version checks * Tested with PHP versions 8.0, 8.1, 8.2 * Note: Tested up to 6.3.1 #### Version 2.5.2 *Release Date – 18 Jul 2023 * Security Fix: Updated SDK dependency to version 2.5.10 #### Version 2.5.1 _Release Date – 4 May 2023_ * Bug Fix: The blacklist check and username blocking were firing in the wrong orders #### Version 2.5.0 _Release Date – 3 May 2023_ * New Feature: Automatically block common generic usernames and custom defined usernames * New Feature: Prevent the registration of a username that is on the block list * Bug Fix: Database tables were not automatically created on all active sites when the plugin was network activated or a new site was added to the network in a multisite environment * Bug Fix: Custom db tables were not the correct charset and collate * Bug Fix: Network admin plugins page displayed a link to the main site’s settings. * Bug Fix: Site admin plugins page displayed a link to a dashboard page that did not exist. * Bug Fix: If plugin settings were manually deleted via the database, the plugin would not recreate them automatically * Improvement: Better load performance with PHP 7.4 type hinting * Improvement: Updated username threat detection to use the default block list values * Improvement: There were inconsistencies with how settings were referenced throughout the code. * Improvement: Prevent plugin from loading if the minimum versions of WordPress and PHP are not installed * Improvement: Updated SDK dependency to version 2.5.7 * Improvement: Updated PHP version checks * Minor Improvement: Increased Minimum PHP Version to 7.4 * Minor Improvement: Increased Minimum WordPress Version to 5.3 * Minor Improvement: Added Versions Key to changelog * Minor Improvement: formatting improvements to the readme.txt * Note: Tested up to 6.2.0 #### Version 2.4.4 _Release Date – 05 Apr 2022_ * Security: Updated SDK to version 2.4.3 due to security vulnerability * Security: Implemented escaping to prevent XSS * Warning: Upcoming Version 2.5 will require a minimum PHP 7.4 and WordPress 5.3 * Improvement: Implemented centralized sanitization library for retrieval of all request variables for better reliability and consistency of sanitization * Minor Improvement: Updated PHP version checks * Note: Tested up to 5.9.2 #### Version 2.4.2 _Release Date – 06 Feb 2022_ * NOTICE: Upcoming Version 2.5 will require a minimum PHP 7.4 and WordPress 5.3 * Security: Improved XSS escaping throughout the admin pages. * Bug Fix: The filter hooks into ‘authenticate’ were using add_action instead of add_filter * Bug Fix: Some styling on the permissions table was not getting applied correctly due to missing class * Improvement: Fix some PHP notices * Minor Improvement: Updated PHP version checks * Note: Tested up to: 5.9 #### Version 2.4.1 _Release Date – 04 March 2021_ * Bug Fix: Pantheon Hosting: files in the uploads directory now accept 770 permissions as secure * Improvement: Removed the batch permissions dropdown and the update permissions button when no files/dirs are available to modify. #### Version 2.4.0 _Release Date – 28 February 2021_ _Release Notes: [https://wpsecuritysafe.com/changelog/version-2-4/](https://wpsecuritysafe.com/changelog/version-2-4/)_ * Added Feature: Automatically blocks IP addresses temporarily after numerous failed logins * Added Feature: Import and Export settings are now included with the free version. * Added Pro Feature: Advanced Automatic IP Blocking after numerous threats are detected. * Improvement: Fixed some PHP warnings displayed when XML-RPC requests use poorly formatted XML. Thank you Charles Suggs for reporting this. * Improvement: Adjusted cleanup script to leave allow/deny table for 3 days past expiration for more advanced threat detection. * Improvement: Allowed IPs now get exempt from nonce checks. * Improvement: Adjusted upgrade script to be more efficient with load. * Improvement: Updated file permission statuses to be error, warning, and notice versus bad, ok, good * Improvement: Adjusted Login Error handling so that the user is sent back to the login screen when the login attempt is blocked and the error is displayed. * Improvement: Fixed various PHP Warnings: Thanks John Dorner for reporting them. * Improvement: Automatically group and sort bad file permissions to the top of the file permissions table. * Improvement: Changed the 404, login, and block charts from 7 days to 30 days of data to display. * Improvement: Minor code improvements. * Minor Improvement: Updated SDK to version 2.4.2 * Minor Improvement: Updated PHPDoc notes * Minor Improvement: Updated PHP version checks * Bug Fix: Pantheon Hosting: directories in the uploads directory now accept 770 permissions as secure * Pro Bug Fix: Plugins files were not getting file permissions fixed after a plugin update. * Note: Tested up to: 5.6.2 > NOTE: [View full Security Safe changelog](https://wpsecuritysafe.com/changelog/). ## Meta * Version **3.0.1** * Last updated **4 weeks ago** * Active installations **700+** * WordPress version ** 6.1 or higher ** * Tested up to **6.9.4** * PHP version ** 8.1 or higher ** * Language * [English (US)](https://wordpress.org/plugins/security-safe/) * Tags * [disable xmlrpc](https://pcd.wordpress.org/plugins/tags/disable-xmlrpc/)[firewall](https://pcd.wordpress.org/plugins/tags/firewall/) [limit login](https://pcd.wordpress.org/plugins/tags/limit-login/)[wp security](https://pcd.wordpress.org/plugins/tags/wp-security/) * [Advanced View](https://pcd.wordpress.org/plugins/security-safe/advanced/) ## Ratings 5 out of 5 stars. * [ 13 5-star reviews ](https://wordpress.org/support/plugin/security-safe/reviews/?filter=5) * [ 0 4-star reviews ](https://wordpress.org/support/plugin/security-safe/reviews/?filter=4) * [ 0 3-star reviews ](https://wordpress.org/support/plugin/security-safe/reviews/?filter=3) * [ 0 2-star reviews ](https://wordpress.org/support/plugin/security-safe/reviews/?filter=2) * [ 0 1-star reviews ](https://wordpress.org/support/plugin/security-safe/reviews/?filter=1) [Add my review](https://wordpress.org/support/plugin/security-safe/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/security-safe/reviews/) ## Contributors * [ Sovereign Stack, LLC ](https://profiles.wordpress.org/sovstack/) * [ Steven Ayers ](https://profiles.wordpress.org/stevenayers63/) * [ Freemius ](https://profiles.wordpress.org/freemius/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/security-safe/)