Titan includes anti-spam, firewall, malware scanner, site accessibility checking, security and threats audits for WordPress websites. Our security functions provide Titan with the latest firewall rules, malware signatures, and database of malicious IP addresses – all you need to ensure the security of your website.

Titan is a comprehensive WordPress security solution, completed by a set of additional features as add-ons, which was placed into a simple and intuitive interface.

Why did we update Anti-Spam and what is Titan?

Let me tell you before we start: your favorite Anti-Spam had not disappeared! Instead of that it revived and became stronger to stand guard over the secure of your site!
The latest update of Anti-Spam is called Titan Anti-spam & Security and represents the brand new version of a plugin.

Why TITAN?

We aim to create a plugin as reliable as this metal – and easy-to-use at the same time. The new name of our plugin sets the pace with newest and highest standards of quality.

What has been changed except the name?
Whilst the process of modernization we had to take some complicated decisions. One of them was:
What should we do: keep Anti-Spam like a simple plugin with the only one function or complicate it with a huge complex of tools made for the security of your site?
Constant feedback from users and versatile development experience lets us claim that the situation when there is too many tools couldn’t exist!
We considered all possibilities thoroughly to secure the best future for the plugin.
Let me introduce new secure functionality that was developed with spending a lot of time, effort and consideration:

Features

ANTI-SPAM

ANTI-SPAM CHECKS YOUR COMMENTS THROUGH OUR GLOBAL SPAM DATABASE, THEN A SELF-LEARNING NEURAL NETWORK RE-CHECKS UNFILTERED COMMENTS, TO PREVENT YOUR SITE FROM PUBLISHING MALICIOUS CONTENT.

• No captcha.
• We have created algorithms to ensure reliability and accuracy against spam bots. It will save your time and resources, allowing you to focus on developing and improving your website and business. Antispam provides logs of all the processed requests that allows you to check the spam filters results. Regular analysis of parameters allows you to find new spam behavior patterns.
• A comment posted by a user appears on the site right away. The background check marks spam comments as spam and hides them on a site. This helps to improve user experience and increase engagement.
• [PRO] Checking the already existing comments and users for spam.
• [PRO] We provide 24/7 technical support.
• [PRO] To identify and block spam bots AntiSpamPro uses a series of tests running in the background, totally transparent to the website User. It allows 100% protection from spam bots No extra protection needed.
• [PRO] Anti-spam is a comprehensive and transparent anti-spam protection. We provide detailed statistics of all logged comments and logins. You can always be sure that there are no errors.
• [PRO] Protect Register Form.
• [PRO] Advanced protection of comment forms.
• We regularly release updates to the anti-spam module. Our modules always meet new versions of CMS and we are constantly expanding supported CMS.

WORDPRESS FIREWALL

The web application firewall detects and blocks malicious traffic. It protects your website at the endpoint by providing deep integration with WordPress. In contrast to cloud alternatives, it does not violate encryption, cannot be bypassed and does not contribute to data leakage.

• Protection brute force attacks by restricting login attempts.
• [PRO] Update real-time firewall rules and malware signatures through the threat protection channel.
• [PRO] Real-time IP Block List blocks all requests from malicious IP addresses, protecting your site and reducing load.
• [PRO] An integrated malware scanner blocks requests containing malicious code or content.
• [PRO] Using the Attack Log you can track visits and hacking attempts that are not shown in other analytic packages in real time; including origin, IP address, current time, and time spent on your site.
• [PRO] Block intruders by IP address or create advanced rules based on a range of IP addresses, hostname, user agent, and referrer.

WORDPRESS SECURITY SCANNER

• The malware scanner checks the system files, themes and plugins for malware, invalid URLs, backdoors, SEO spam, malicious redirects and code injections.
• Basic scanning using more than 1000 signatures.
• [PRO] Advanced scanning with more than 6000 signatures.
• [PRO] Configure three scan speeds to make sure the performance is not affected.
• [PRO] Set scan schedules – daily, monthly, and manually.
• [PRO] Update malware signatures in real time through a threat protection channel.
• Compares your system, themes and plugins with those which are in the WordPress.org repository, checking their integrity and informing you of all changes.
• Recover modified files by overwriting them with the original version.
• Delete unknown and unwanted files easily via the Titan interface.
• Checks your site for vulnerabilities and notifies in case of any problems or discrepancies. It also provides a notification of potential security issues when the plugin has been closed or inactivated.
• Checks the content security by scanning the contents of files, messages and comments for dangerous URLs and suspicious content.

SITE CHECKER [PRO]

• Check the availability of any URL
• Push notifications in the browser to show URLs access issues in real time.
  Your browser will receive push notifications if one of the URLS is unavailable.

TWEAKS

• Strong Password Requirement
• Hide author login
• Hide WordPress versions. WordPress itself and many plugins show their version at the visible areas of your site. An attacker who received this information may be aware of the vulnerabilities found in the version of the WordPress core or plugins.

Translations

• English (default), always included
• Korean — big thanks to @cansmile
• Spanish (Venezuela) — big thanks to @yordansoares, @nobnob, @bragnieljimenez
• Spanish (Spain) — big thanks to @garridinsi, @nobnob, @nobnob, @nilovelez, @fernandot
• Italian — big thanks to @deadpool76
• Persian — big thanks to @1farakav
• Arabic — big thanks to @alzintani
• Swedish — big thanks to @elbogen
• Tibetan — big thanks to @bumpagyal
• Albanian — big thanks to @besnik
• Dutch — big thanks to @robelia

We are very need for your help with translating the
Titan Anti-spam & Security plugin into your native language. We want to make it international and understandable for everyone. Please contact us via email inside the plugin, or create a topic on our support forum if you can help with the translations. In exchange for your help, we will give you better suppor

Free daily malware scanning and WordPress site security. Jetpack Protect leverages the extensive database of WPScan, an Automattic brand, that has over 25,000 registered malware and vulnerabilities. No configuration required!

TOTAL SITE SECURITY FROM WORDPRESS EXPERTS

Jetpack Protect is a free and essential WordPress security plugin that scans your site and warns you about vulnerabilities, keeping your site one step ahead of security threats. It’s easy to use; setup requires just a few clicks!

By upgrading Protect, you also unlock malware scanning with one-click fixes for most issues and instant notifications when threats are detected. Our automated Web Application Firewall (WAF) also protects your site from bad actors around the clock.

Jetpack Protect is created by WordPress experts; our parent company Automattic is behind Jetpack, WordPress.com, WooCommerce, WPScan, and much more. There is no better company to understand the security needs of WordPress sites.

WHAT DOES JETPACK PROTECT (FREE) CHECK FOR?

Jetpack Protect scans your site on a daily basis and warns you about:
– The version of WordPress installed, and any associated vulnerabilities
– What plugins are installed, and any related vulnerabilities
– What themes are installed, and any associated vulnerabilities

What are vulnerabilities? Why do I need to scan my site regularly?

Site vulnerabilities are flaws in a website’s code that weaken the site’s overall security. These can be introduced to a site in various ways, in most cases unintentionally.

Some of the ways vulnerabilities can be introduced to a site are:
– Poorly written site code
– Plugin and theme bugs
– WordPress version bugs
– System misconfigurations

If a bad actor detects a vulnerability on your site, they can exploit it to access sensitive information, update your site, and more to damage your business or brand.

That’s why it’s essential to use a reputable and reliable vulnerability & malware site scanner like Jetpack Protect to safeguard your site.

Can I use Jetpack Scan to fix a site that is already infected?

Jetpack Protect (Scan) detects and prevents attacks, but is not designed to fully clean up sites infected before it was active. If your site has malware, take immediate action to clean it up and remove the malicious code.

To clean up your site, we suggest using a malware removal tool, or if possible restore from a backup taken before the infection. We recommend using Jetpack VaultPress Backup in conjunction with Jetpack Scan to secure your website.

Learn more about cleaning your site

BRUTE FORCE ATTACK PROTECTION

Jetpack Protect blocks unwanted login attempts from malicious botnets and distributed attacks.

Is my site under attack?

Brute force attacks are the most common form of hacking — and hackers don’t discriminate. As the most commonly used Content Management System on the web, WordPress sites make an attractive target for hackers looking to exploit code vulnerabilities unique to WordPress.

Using large networks of computers known as botnets, hackers can try to gain access to your site by using thousands of different combinations of usernames and passwords until they find the right one.

Recently, attackers have found a way to “amplify” these attacks against the WordPress XML-RPC file – making it easier for attackers to try and break into your site.

WordPress brute force attacks can:
– Slow down your site (or cause it to stop responding) because of repeated server requests.
– Allow unauthorized access to your site for hackers to modify your code or insert spammy links.
– Put your site content and data at risk.

That’s where Jetpack Protect comes in. Our state-of-the-art security tools automatically block these attacks, protecting your WordPress site from unauthorized access.

On average, Jetpack blocks 5,193 WordPress brute force attacks over a site’s lifetime. It allows you to protect yourself against both traditional brute force attacks and distributed brute force attacks that use many servers against your site.

UPGRADE PROTECT TO REMOVE MALWARE IN ONE CLICK AND BE PROTECTED BY OUR WAF

By upgrading Protect, you unlock total site security from WordPress experts:
– Automated daily malware scanning in addition to vulnerability checks
– One-click fixes for most issues
– Web Application Firewall (WAF) with automatic rule updates
– Instant email notifications when threats are detected
– Priority support from WordPress experts

What is malware? Why do I need to protect against it?

Malware is malicious code or software that has been created by bad actors to disrupt, damage, or gain access to your site. There are many ways that malware can get onto your WordPress site. The most common method is through attackers using vulnerable plugins or themes to install malware.

Similar to the vulnerabilities listed above, bad actors can use malware to capture sensitive information, damage your site, and harm your business or brand.

Jetpack Protect instantly notifies you of any threats detected, with one-click fixes for most issues.

What is a Web Application Firewall (WAF)?

A web application firewall blocks traffic and malicious requests to your site from known bad actors.

As threats are detected, new rules are added to Jetpack Protect’s firewall, which provides around-the-clock protection for your WordPress site.

OVER 53,500 REGISTERED VULNERABILITIES IN OUR DATABASE

WordPress security is something that evolves over time. Jetpack Protect leverages the extensive database of WPScan, an Automattic brand. All vulnerabilities are entered into our database by dedicated WordPress security professionals and updated constantly as new information becomes available.

JETPACK PROTECT IS EASY TO SETUP AND USE

There’s nothing to configure – the setup process is as easy as:
1. Install and activate the plugin
2. Set up it with one click.

After you activate the plugin, Jetpack Protect will run daily automatic malware scans on your WordPress site and update you on vulnerabilities associated with your installed plugins, themes, and WordPress core.

WITH 💚 BY JETPACK

This is just the start!

We are working hard to bring more features and improvements to Jetpack Protect. Let us know your thoughts and ideas!

FURTHER READING

• Jetpack: Security, performance, and growth tools made for WordPress sites by the WordPress experts.
• You can follow the Jetpack Twitter account to catch up on our latest WordPress security recommendations and updates.
• WordPress Security: How to Protect Your Site From Hackers
• Should You Us

A true Web Application Firewall

NinjaFirewall (WP Edition) is a true Web Application Firewall. Although it can be installed and configured just like a plugin, it is a stand-alone firewall that stands in front of WordPress.

It allows any blog administrator to benefit from very advanced and powerful security features that usually aren’t available at the WordPress level, but only in security applications such as the Apache ModSecurity module or the PHP Suhosin extension.

NinjaFirewall requires at least PHP 7.1, MySQLi extension and is only compatible with Unix-like OS (Linux, BSD). It is not compatible with Microsoft Windows.

NinjaFirewall can hook, scan, sanitise or reject any HTTP/HTTPS request sent to a PHP script before it reaches WordPress or any of its plugins. All scripts located inside the blog installation directories and sub-directories will be protected, including those that aren’t part of the WordPress package. Even encoded PHP scripts, hackers shell scripts and backdoors will be filtered by NinjaFirewall.

Powerful filtering engine

NinjaFirewall includes the most powerful filtering engine available in a WordPress plugin. Its most important feature is its ability to normalize and transform data from incoming HTTP requests which allows it to detect Web Application Firewall evasion techniques and obfuscation tactics used by hackers, as well as to support and decode a large set of encodings. See our blog for a full description: An introduction to NinjaFirewall filtering engine.

Fastest and most efficient brute-force attack protection for WordPress

By processing incoming HTTP requests before your blog and any of its plugins, NinjaFirewall is the only plugin for WordPress able to protect it against very large brute-force attacks, including distributed attacks coming from several thousands of different IPs.

See our benchmarks and stress-tests: Brute-force attack detection plugins comparison

The protection applies to the wp-login.php script but can be extended to the xmlrpc.php one. The incident can also be written to the server AUTH log, which can be useful to the system administrator for monitoring purposes or banning IPs at the server level (e.g., Fail2ban).

Real-time detection

File Guard real-time detection is a totally unique feature provided by NinjaFirewall: it can detect, in real-time, any access to a PHP file that was recently modified or created, and alert you about this. If a hacker uploaded a shell script to your site (or injected a backdoor into an already existing file) and tried to directly access that file using his browser or a script, NinjaFirewall would hook the HTTP request and immediately detect that the file was recently modified or created. It would send you an alert with all details (script name, IP, request, date and time).

File integrity monitoring

File Check lets you perform file integrity monitoring by scanning your website hourly, twicedaily or daily. Any modification made to a file will be detected: file content, file permissions, file ownership, timestamp as well as file creation and deletion.

Watch your website traffic in real time

Live Log lets you watch your website traffic in real time. It displays connections in a format similar to the one used by the tail -f Unix command. Because it communicates directly with the firewall, i.e., without loading WordPress, Live Log is fast, lightweight and it will not affect your server load, even if you set its refresh rate to the lowest value.

Event Notifications

NinjaFirewall can alert you by email on specific events triggered within your blog. Some of those alerts are enabled by default and it is highly recommended to keep them enabled. It is not unusual for a hacker, after breaking into your WordPress admin console, to install or just to upload a backdoored plugin or theme in order to take full control of your website. NinjaFirewall can also attach a PHP backtrace to important notifications.

Monitored events:

• Administrator login.
• Modification of any administrator account in the database.
• Plugins upload, installation, (de)activation, update, deletion.
• Themes upload, installation, activation, deletion.
• WordPress update.
• Pending security update in your plugins and themes.

Stay protected against the latest WordPress security vulnerabilities

To get the most efficient protection, NinjaFirewall can automatically update its security rules daily, twice daily or even hourly. Each time a new vulnerability is found in WordPress or one of its plugins/themes, a new set of security rules will be made available to protect your blog immediately.

Strong Privacy

Unlike a Cloud Web Application Firewall, or Cloud WAF, NinjaFirewall works and filters the traffic on your own server and infrastructure. That means that your sensitive data (contact form messages, customers credit card number, login credentials etc) remains on your server and is not routed through a third-party company’s servers, which could pose unnecessary risks (e.g., decryption of your HTTPS traffic in order to inspect it, employees accessing your data or logs in plain text, theft of private information, man-in-the-middle attack etc).

Your website can run NinjaFirewall and be compliant with the General Data Protection Regulation (GDPR). See our blog for more details.

IPv6 compatibility

IPv6 compatibility is a mandatory feature for a security plugin: if it supports only IPv4, hackers can easily bypass the plugin by using an IPv6. NinjaFirewall natively supports IPv4 and IPv6 protocols, for both public and private addresses.

Multi-site support

NinjaFirewall is multi-site compatible. It will protect all sites from your network and its configuration interface will be accessible only to the Super Admin from the network main site.

Possibility to prepend your own PHP code to the firewall

You can prepend your own PHP code to the firewall with the help of an optional distributed configuration file. It will be processed before WordPress and all its plugins are loaded. This is a very powerful feature, and there is almost no limit to what you can do: add your own security rules, manipulate HTTP requests, variables etc.

Low Footprint Firewall

Install, activate, and done!
Powerful protection from WP’s fastest firewall plugin.

BBQ Firewall is a lightweight, super-fast plugin that protects your site against a wide range of threats. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a strong Apache/.htaccess firewall.

Adds a strong firewall to ANY WordPress site
Works with all WordPress plugins and themes

Powerful Protection

BBQ protects your site against many threats:

• SQL injection attacks
• Executable file uploads
• Directory traversal attacks
• Unsafe character requests
• Excessively long requests
• PHP remote/file execution
• XSS, XXE, and related attacks
• Protects against bad bots
• Protects against bad referrers
• Protects against bad POST content
• Protects against many other bad requests

Works great with Blackhole for Bad Bots

Awesome Features

BBQ provides all the best firewall features:

• Rated 5 stars at WordPress.org
• 100% plug-&-play, zero configuration
• 100% focused on security and performance
• Blocks a wide range of malicious URL requests
• Fastest Web Application Firewall (WAF) for WordPress
• Based on the 7G/8G Firewall
• Scans all incoming traffic and blocks bad requests
• Scans all types of requests: GET, POST, PUT, DELETE, etc.
• Protects against known bad bots and referrers
• Works silently behind the scenes to protect your site
• Hassle-free security plugin that’s easy to use
• Thoroughly tested, error-free performance
• Extremely low rate of false positives
• Compatible with other security plugins
• Regularly updated and “future proof”
• Firewall < 10 kilobytes in size
• Lightweight, fast and flexible

For advanced protection and features, check out BBQ Pro »
BBQ = Block Bad Queries

Privacy

This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way.

BBQ Firewall is developed and maintained by Jeff Starr, 15-year WordPress developer and book author.

Support development

I develop and maintain this free plugin with love for the WordPress community. To show support, you can make a donation or purchase one of my books:

• The Tao of WordPress
• Digging into WordPress
• .htaccess made easy
• WordPress Themes In Depth
• Wizard’s SQL Recipes for WordPress

And/or purchase one of my premium WordPress plugins:

• BBQ Pro – Super fast WordPress firewall
• Blackhole Pro – Automatically block bad bots
• Banhammer Pro – Monitor traffic and ban the bad guys
• GA Google Analytics Pro – Connect WordPress to Google Analytics
• Simple Ajax Chat Pro – Unlimited chat rooms
• USP Pro – Unlimited front-end forms

Links, tweets and likes also appreciated. Thank you! 🙂