Blog Post

coreSecurity Pro 1.0

coreSecurity Pro is a brand-new plugin focusing on WordPress website security by implementing over 20 features that deal with spam, firewall, file scanning, login and registration control, security headers, and more.

coreSecurity Pro is a replacement for the old GD Security Toolbox Pro plugin, and it is a product of 10+ years of experience with WordPress security. All included features are tested, tweaked, and refined over time, and after months of active development, coreSecurity is ready for prime time. For the past few days, the plugin has been running on Dev4Press, and it is already doing a great job of replacing the old GD Security Toolbox Pro we used previously. coreSecurity Pro is not compatible with GD Security Toolbox Pro, and it can only import list of all banned IPs from the old plugin, and it will disabled old plugin on activation.

coreSecurity Pro

3 Inspector Tools

22 Security Features

10 Security Headers

Getting Started

Learn more about the plugin, and start from the Home Page to get the overview of the features, but make sure to go through 40+ articles and user guides in the Knowledge Base for in-depth information.

Version 1.0 includes 22 Features, with five always active features; the rest can be enabled only if needed. The plugin has a Setup Wizard that will help you quickly configure plugin basics before deep diving into individual settings for each feature. To get you started, the plugin’s knowledge base contains plenty of helpful information about each feature; check it out here.

The main focus of the plugin are: Antispam, Firewall, User Registration and Login control, and Security Headers, .HTACCESS support, and File Scanner. Antispam has a huge set of antispam filters and scanners that can be deployed to check for spam in WordPress comments and trackbacks, bbPress topics and replies, form entries for Gravity Forms, Contact Form 7, Forminator, and Formidable plugins. The plugin can control the user registration process and reject all potential spam or malicious registration by running each registration email, username, and IP through a series of filters and scanners (many shared with Antispam). Additionally, a few features aim to control the login process and stop brute-force logins.

Regarding security headers, the plugin supports Content Security Policy (or CSP) with advanced settings where you can fine-tune each directive, with a set of predefined rules for popular services and additional settings, including full support for logging CSP reports for analysis. Permissions Policy has its own set of directives and can configure each one. And there are 8 more additional security headers you can configure and use.

The firewall includes a set of scanners for each request URL and user agent. There are two firewalls included, with the second one implemented via .HTACCESS features directly inside the .HTACCESS file for the Apache and LiteSpeed servers. Finally, the plugin has a File Scanner that can scan your website for malware. The scanner first runs an integrity check scan for WordPress core and plugins with checksums available (all plugins from and all the Dev4Press Pro plugins). All files that were not checked for integrity and failed the integrity scan will be run through the Malware scanner that currently has 400+ patterns for malware detection. The plugin can’t clean the website from malware (no plugin can do that, malware cleanup can be done only by trained security experts!).

File Scanner Results Overview

The plugin depends on the free coreActivity plugin for logging capabilities. The main goal of the coreActivity plugin was to be a main logging plugin, and other plugins can use it for additional events they can register, to have one central activity logging, and to avoid duplicating features with multiple plugins. coreSecurity implements its version of the log panel limited to security events, and one additional log panel shows only the Content Security Policy Reports log. The log is also a Live Log, so if you have that page open, you will see it auto-updated by new security events in real-time!

Security Logs, powered by the coreActivity plugin

The most important aspect of all this is that the plugin can easily and automatically ban any visiting IP based on their activity, with the added ability for you to ban more IPs and control how long the IPs will be banned. The banned IPs panel is the main panel where you can review these IPs and from where you can add more IPs to ban.

This is only the first release of the plugin; several more features are in active development, and the next few updates are already planned. Please let me know if you have more suggestions for plugin features and improvements. Leave a comment here or in the forum.

Please wait...
coreSecurity Pro plugin for WordPress
Proactive protection and security hardening

Deploy a wide array of security measures to stop spam registrations, spam content, various types of malicious threats, limit and ban access to repeated offenders and more.

About the author

Milan Petrovic
Milan Petrovic

CEO and Lead developer of Dev4Press Web Development company, working with WordPress since 2008, first as a freelancer, later founding own development company. Author of more than 250 plugins and more than 20 themes.

Subscribe to Dev4Press Newsletter

Get the latest announcements, release digests, promotions and exclusive discounts, and general Dev4Press-related news straight into your mailbox.

This form collects your email (optionally your name) for the purpose of sending you newsletters. Check out our Privacy Policy for more information on how we store and manage your data. We will not send you any spam. Newsletters are sent 2 to 4 times every month.

Latest From The Blog

license management

License Code Validation and Management

Dev4Press License validation system updates will soon be deployed, including license code management via the Dev4Press Account Dashboard. All updates will be deployed on April 14, 2024.
panel options

In Development: SweepPress Pro 5.0 and Lite 3.0

In about two weeks, brand new, significant updates to SweepPress Pro and Lite plugins will be released, bringing several game-changing features to WordPress cleanup and maintenance tools already included.

GD Press Tools Pro 6.3

The new major release for GD Press Tools Pro, version 6.2 is here, and it brings some major changes. First of all, the plugin has two addons less, one addon is added and one more addon has been deprecated (but still included for now).

Leave a Comment

GeneratePress - The perfect lightweight theme for your next project
WP Rocket - Make WordPress Load Fast in a Few Clicks