Blog Post

GD Security Toolbox Pro 2.0: Hades

GD Security Toolbox Pro 2.0 is a major update to the plugin with several new addons included (total of 14 now), huge changes to some parts of the plugin, many more new features, updates and fixes.

This is a huge release that brings many new features and makes major changes to some of the existing features. The plugin celebrates the third birthday today.

Security Headers

This version brings major changes to the handling of the HTTP security headers. Previous versions had two set of settings: in Tweaks and in “.HTACCESS”. Now, we have two new addons: X-XSS Protection and Security Headers. As the name says, X-XSS header is moved to own addon with the added Report element and the reports panel (GD Security Toolbox Pro now can gather reports sent from browsers when the attempted X-XSS was prevented on the client side), and all other headers are moved to Security Headers addon. Both addons have the option to enable “.HTACCESS” integration, and if that is disabled, headers will be added to each page built.

CSP Addon (Content Security Policy) has been updated, and the new panel of CSP reports is added. Both CSP and XSS header reports are stored in own database tables (both added in this plugin version). This will make the analysis of the reports easier, and separated from the Events Log. CSP extras include support for Google Translate.

Malware Scanner

The plugin has a major new addon: Malware Scanner. This scanner uses plain text patterns and regular expressions to scan all PHP files on the website to find potential malware. I say potential because when you deal with patterns, false positives are always a possibility, so make sure to inspect files that are marked as malware. The plugin can’t clean up the malware, because that is not quite that easy, and that would require manual changes to the website: reinstallation of WordPress, reinstallation of plugins and/or themes where malware is found.

Malware Scanner results page

The plugin includes plain text files with patterns and regular expressions used for scanning. These files can trigger false positive detection from the anti virus software. If you are testing plugin on local machine, make sure to add these files into exceptions for the antivirus.

Other Updates and Fixes

One important update is added to Integrity Scanner: it now uses WordPress.org endpoint to get the hashes for all the WordPress.org plugins. Dev4Press Pro plugins and WordPress.org themes hashes still come from the Dev4Press API endpoint. The plugin has a new dashboard with the overview of the events, reports and banned IP’s with quick access links for various plugin panels and settings.

Logs cleanup tools are improved and expanded to clean the new reports database tables. There are a lot of changes in the plugin core and several bugs are fixed and overall.

If you notice any problems with the plugin, stop by the support forums to report it. Let me know what you think about the new version, and as always, suggestions are welcome.

Please wait...
GD Security Toolbox Pro
Proactive protection and security hardening

A collection of many security related tools for .htaccess hardening with security events log, ReCaptcha, firewall, and tweaks collection, login and registration control and more.

About the author

Milan Petrovic
Milan Petrovic

CEO and Lead developer of Dev4Press Web Development company, working with WordPress since 2008, first as a freelancer, later founding own development company. Author of more than 250 plugins and more than 20 themes.

Subscribe to Dev4Press Newsletter

Get the latest announcements, release digests, promotions and exclusive discounts, and general Dev4Press-related news straight into your mailbox.


This form collects your email (optionally your name) for the purpose of sending you newsletters. Check out our Privacy Policy for more information on how we store and manage your data. We will not send you any spam. Newsletters are sent 2 to 4 times every month.

Leave a Comment

SiteGround - Managed WordPress Hosting
WP Rocket - Make WordPress Load Fast in a Few Clicks