This plugin hasn’t been tested with the latest three major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.



SECURE shows you exactly how to lock down your WordPress sites.
Everyday new security risks are found and hackers are ready to use them against your websites.

We at SEC Consult have a dedicated team in multiple time zones that tracks all security risks and makes them available to you in real-time.

The pro version of SECURE comes with the following unique benefits:

  • You’ll receive an e-mail alert as soon as vulnerabilities are identified that affect any of your sites.
  • The vulnerability alerts will tell you exactly how to address the vulnerability and become safe again.
  • You’ll receive weekly status mails informing you about outdated versions and vulnerabilities in your sites.

The free version of SECURE identifies the following security issues and more:

  • Outdated Plugins, Themes and WordPress itself
  • Known security issues in installed Plugins, Themes and WordPress itself (information is 30 days old)
  • User accounts with weak passwords
  • Files that might leak information to attackers
  • Insecure file permissions for important core files
  • Unencrypted communication with the WordPress admin interface
  • Directory listings are enabled
  • The upload of dangerous file types is allowed
  • Debugging is enabled
  • User Registration is enabled
  • WordPress file editing is enabled
  • Default database prefix is used
  • Root database user is used
  • Dangerous PHP functions are enabled
  • Multiple issues with error reporting that might leak information to attackers
  • PHP leaking version information


  • The start page of the plugin gives you an immediate overview of the security issues of your site.
  • The update check step shows you which plugins are either outdated (orange icon) or have a known security issue (red icon) that hackers can abuse to attack your site. For non-subscribed users the security issue information is 30 days outdated.
  • Clicking on the arrow symbol of any issue shows detailed information about it. In this case details of a vulnerability in an installed plugin are displayed. This functionality is only available to subscribed users.
  • The user check step displays information about user accounts that might pose a threat to your website. For example weak passwords or common usernames with high privileges will be flagged here.
  • Detailed information on how to solve a problem with a specific user account is given.
  • The core check step shows which files and settings might put your website at risk and are configured insecurely.
  • One example of a violation of security best practices that should be resolved.
  • Subscribed users conveniently receive weekly status e-mails for all their active sites summarizing available updates and known vulnerabilities.
  • A detailed report about the critcal issue that affects a site is attached in the real-time e-mail alert for subscribed users.


  1. Either install it directly through the WordPress admin dashboard or
  2. Download the and extract its contents
  3. Upload the secure directory to the /wp-content/plugins/ directory
  4. Activate the plugin through the ‘Plugins’ menu in WordPress


What is SECURE

SECURE is a WordPress plugin that identifies security problems in your website and helps you lock down your WordPress installation in three simple steps. The plugin covers most of the hardening tips of the WordPress Security Codex and includes a lot of additional security checks. It was designed to clearly show at a single glance what security problems exist in your website and to provide you with all the information needed to understand these issues and eliminate them.

The free SECURE plugin will also show you vulnerabilities that have been made public 30 days ago or longer. As a SECURE pro user you get immediate access to the most up-to-date security issues put your site at risk.

What is MVIS

MVIS stands for Managed Vulnerability Information Service and is an enterprise grade service provided for our customers around the world.
Our security experts gather all security vulnerabilities that are disclosed publicly (more than 7000 each year!), pre-filter them to eliminate false positives and thoroughly analyse them for validity, criticality, impact and other relevant criteria. This information is stored in our central database and allows us to give you detailed information about security vulnerabilities in a given software version.

What do I get as a paying user of SECURE

As a paying user you get access to SEC Consult’s Managed Vulnerability Information Service (MVIS) that was specifically created for WordPress. We have an international team in 3 time zones that monitor all incoming vulnerabilities for WordPress. As soon as any new security issue is identified that affects your unique site you will receive a security alert per e-mail. This way you can react immediately and don’t give attackers a chance to exploit these flaws in your website.

Does this plugin support Multisite or Windows WordPress installations

Yes it does. Currently no known issues exist for WordPress installations on Windows and for Multisite installations. If you have a WordPress set up on Windows or a Multisite, it would be great if you can give some feedback.

Contributors & Developers

“SECURE” is open source software. The following people have contributed to this plugin.

Translate “SECURE” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Change log


  • Initial release