Security Optimizer – The All-In-One WordPress Protection Plugin


Bulletproof your WordPress security in a few clicks against a range of security breaches, including brute-force attacks, malware threats, bots, etc. Proactively monitor your site’s security to detect any suspicious activity and take immediate actions to safeguard your site and prevent further damage with these essential features:

*Enable Identificación de dos factores for an extra layer of security
*Set Limitar los intentos de acceso to deter malicious login attempts and brute-force attacks
*Change your default login URL to Custom Login URL to avoid attacks
*Activate Protección XSS avanzada to fortify your website against malicious attacks
* Bloquear y proteger las carpetas del sistema to ensure no unauthorized or malicious scripts can be *executed in your system folders
* Desactivar el editor de temas y plugins to safeguard your website from unauthorized access via the WordPress editor
* Ocultar la versión de WordPress effortlessly, keeping it hidden from prying eyes
*Use Registro de actividad to monitor your site and quickly prevent malicious actions
* Post-Hack Actions to take immediate actions and prevent further damages

Developed by the security experts at SiteGround and trusted by over 900,000 webmasters, for its robust security shield and ease of use to secure WordPress applications from possible attacks on any hosting platform.

Monster Awards 2022: Best WordPress Security Plugin 🥇
Monster Awards 2021: Best WordPress Security Plugin 🥇

All-inclusive Security Plugin by SiteGround for Every WordPress Site
Unveil the vast array of features and unleash the full potential of our plugin in our Security Optimizer Tutorial.


Safeguard your WordPress application using our powerful site security toolset. Our comprehensive features are specifically designed to strengthen your website’s defenses against malware, exploits, and various malicious activities. With these tools at your disposal, you can ensure the utmost protection for your website:

Bloquear y proteger las carpetas del sistema

Ensure the maximum security for your application’s system folders by preventing the execution of any unauthorized or malicious scripts. The Lock and Protect System Folders feature acts as a powerful shield against potential threats.

Ocultar la versión de WordPress

Protect your website from mass attacks by hiding the WordPress version, which helps to mitigate version-specific vulnerabilities.

Desactivar el editor de temas y plugins

Enhance the security of your WordPress admin area by disabling the Themes & Plugins Editor, preventing potential coding errors and unauthorized access through the editor.

Desactivar XML-RPC

Mitigate potential security risks by disabling the XML-RPC protocol, which has been exploited in various attacks. Please note that disabling XML-RPC will restrict WordPress from communicating with third-party systems. We recommend enabling this feature unless you have a specific need for it.

Desactivar feeds RSS y ATOM

Prevent content scraping and specific attacks on your site by disabling RSS and ATOM feeds. Unless you have readers accessing your site via RSS readers, it is recommended to keep this feature enabled.

Protección XSS avanzada

Add an extra layer of security against cross-site scripting (XSS) attacks by enabling Advanced XSS Protection, bolstering the overall security of your website.

Delete Default Readme.html

Eliminate potential vulnerabilities by deleting the default readme.txt file, which contains information about your website. By removing this file, you reduce the risk of your site being listed in vulnerable sites targeted by hackers.

Custom Login Url

Personalize your login URL to thwart potential attacks and create a strong entry point. Bid farewell to the default login URL and embrace a bespoke path of your choosing. Additionally, you have the freedom to modify the default sign-up URL as well.

Acceso al inicio de sesión

Restrict login page access to specific IP addresses or IP ranges, effectively thwarting malicious login attempts and deterring brute-force attacks.

Identificación de dos factores

Immerse your website in an impenetrable shield of security with Two-Factor Authentication. This formidable feature demands that all admin users furnish a unique token, generated exclusively through the Google Authentication application, during the login process.

Disable Common Usernames

Don’t fall victim to predictable security breaches! The use of common usernames, such as
‘admin,’ poses a significant threat to the integrity of your website. Activate this option to disable the creation of common usernames. If any weak usernames already exist, we’ll prompt you to provide new, stronger alternatives.

Limitar los intentos de acceso

Maintain control over unauthorized access attempts with Limit Login Attempts. Set a specific threshold for the number of login failures users can endure before consequences arise. After reaching the limit, the IP address associated with the unsuccessful login attempts will be blocked for one hour. Persistent failures will result in longer restrictions, starting with 24 hours and escalating to a week.


Monitor your website and login page for unauthorized visitors and brute-force attempts to prevent malicious actions.

Registro de actividad

The Activity Log page provides you with a comprehensive view of the activities performed by registered, unknown, and blocked visitors. It allows you to closely monitor any suspicious behavior and take appropriate actions in case of a compromised user, plugin, or hacking attempt. You can leverage the quick tools available to swiftly block future attempts.

Weekly Security Reports

Receive a weekly traffic summary of your website directly to your inbox through Weekly Security Reports. This report compiles data on both bot and human traffic, along with details about blocked login and visit attempts to proactively monitor traffic and promptly identify suspicious activity.


Take immediate measures to safeguard your website if you suspect a compromise and prevent further damage. Here, you’ll find convenient solutions to address the situation effectively:

Reinstalar todos los plugins gratuitos

In the event of a hack, utilizing the Reinstall All Free Plugins feature can help mitigate potential harm. This action reinstalls all of your free plugins, reducing the likelihood of additional exploits or the reuse of malicious code.

Desconectar a todos los usuarios

To prevent any further unauthorized activities by users or attackers, you can choose to log out all users instantly using the Log Out All Users feature.

Forzar restablecimiento de contraseña

By enforcing a password reset, you can ensure that all users are prompted to change their passwords during their next login. This not only strengthens the security of their accounts but also immediately logs out all currently logged-in users.


  • WordPress 4.7
  • PHP 7.0
  • Archivo .htacces activo



Instalación automática

  1. Ve a «Plugins > Añadir nuevo»
  2. Search for “Security Optimizer by SiteGround”
  3. Click on the Install button under the Security Optimizer by SiteGround plugin
  4. Una vez esté instalado el plugin haz clic en el enlace de «Activar plugin»

Instalación manual

  1. Accede a tu panel de administración de WordPress y ve a «Plugins -> Añadir nuevo»
  2. Selecciona el menú «Subir»
  3. Haz clic en el botón «Elegir archivo» y selecciona en tu explorador el archivo «» que has descargado
  4. Haz clic en el botón «Instalar ahora»
  5. Go to Plugins -> Installed Plugins and click the ‘Activate’ link under the WordPress Security Optimizer by SiteGround listing


25 de septiembre de 2023
Incredible plugin. We love them
11 de septiembre de 2023
My site was getting slammed by brute force attacks. It helped and gave me the tools I needed to manage and stop attacks effectively.
28 de agosto de 2023
I use this plugin on 2 websites that are hosted with SiteGround. Plugin works great!
25 de agosto de 2023
Tener mi web alojada en el servidor SiteGround ya de por si es garantía de buen funcionamiento y con este plugin de seguridad, no he tenido ninguna incidencia. ¡Gracias!
24 de agosto de 2023
Nice one SiteGround. Very satisfactory. Better also for me since I use SiteGround for some of my websites. Convenient to have everything in one place - the fewer third-party plugins, the better.
24 de agosto de 2023
Para las web que yo hago es más que suficiente. No necesitas más si tienes contratado su hosting
Leer todas las 119 reseñas

Colaboradores y desarrolladores

«Security Optimizer – The All-In-One WordPress Protection Plugin» es un software de código abierto. Las siguientes personas han colaborado con este plugin.


«Security Optimizer – The All-In-One WordPress Protection Plugin» ha sido traducido a 8 idiomas locales. Gracias a los traductores por sus contribuciones.

Traduce «Security Optimizer – The All-In-One WordPress Protection Plugin» a tu idioma.

¿Interesado en el desarrollo?

Revisa el código , echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.

Registro de cambios

Version 1.4.6

Release Date: Sept 26th, 2023

  • Changing the name we use inside the plugin from SiteGround Security to Security Optimizer
  • Updating data collection process and Introducing a link in the plugin interface to the Plugin Privacy notice

Version 1.4.5

Release Date: May 4th, 2023

  • Improved log cleanup

Version 1.4.4

Release Date: May 3rd, 2023

  • Improved Visitors DB table indexing
  • Block service restored

Version 1.4.3

Release Date: Apr 27th, 2023

  • Block service temporally disabled

Version 1.4.2

Release Date: Apr 27th, 2023

  • Improved Activity Log process and filters
  • Improved restricted login response code
  • Improved PHP 8.2 compatibility
  • Alternative constant added for non-standard cron job usage

Version 1.4.1

Release Date: Feb 23rd, 2023

  • Internal configuration improvements

Version 1.4.0

Release Date: Feb 1st, 2023

  • Internal configuration changes

Version 1.3.9

Release Date: Jan 25th, 2023

  • Improved Foogra Theme support

Version 1.3.8

Release Date: Dec 6th, 2022

  • Improved Rest response
  • Improved Settings Page checks
  • Improved Disable Themes & Plugins Editor

Version 1.3.7

Release Date: Nov 15th, 2022

  • SG Security Dashboard bugfix
  • Improved 2FA Encryption key validation
  • Improved Custom Login/Register URL validation
  • Improved LiteSpeed Cache support
  • Option to use custom 2FA encryption key filepath

Version 1.3.6

Release Date: Nov 8th, 2022

  • Improved 2FA security with encryption
  • Improved Access Log filters
  • New WP-CLI command: reset all users 2FA setup

Version 1.3.5

Release Date: Oct 18th, 2022

  • Improved Custom Login URL
  • Improved Activity log

Version 1.3.4

Release Date: Oct 10th, 2022

  • Install service fix

Version 1.3.3

Release Date: Oct 10th, 2022

  • New Manage Activity Log option
  • New filter – Disable activity log
  • Improved Custom login url
  • Improved WP-CLI support
  • Improved Jetpack plugin support
  • Improved error handling
  • Minor bug fixes
  • Legacy code removed

Version 1.3.2

Release Date: Sept 21st, 2022

  • 2FA Backup codes security strengthening

Version 1.3.1

Release Date: Sept 13th, 2022

  • 2FA Authentication Security Strengthening
  • IP Address detection Security Strengthening

Version 1.3.0

Release Date: July 14th, 2022

  • Brand New Design
  • Improved 2FA Authentication compatibility with Elementor custom login pages
  • Improved data collection
  • Minor fixes

Version 1.2.9

Release Date: June 20th, 2022

  • NEW Filters for “Lock and Protect System Folders” excludes
  • Improved IP Ranges support
  • Improved Blocked IP addresses list
  • Improved Delete the Default Readme.html
  • Improved 2FA Authentication validation
  • Improved 2FA Authentication support for “My Account” login
  • Improved Data Collection
  • Minor fixes

Version 1.2.8

Release Date: May 18th, 2022

  • Improved plugin security

Version 1.2.7

Release Date: April 8th, 2022

  • Minor bug fixes

Version 1.2.6

Release Date: April 7th, 2022

  • 2FA Refactoring

Version 1.2.5

Release Date: April 6th, 2022

  • 2FA Authentication refactoring
  • Improved Weekly Emails
  • HTST service deprecated

Version 1.2.4

Release Date: March 16th, 2022

  • Improved Weekly Emails
  • Improved Woocommerce Payments plugin support
  • 2FA Authentication Security Strengthening

Version 1.2.3

Release Date: March 11th, 2022

  • 2FA Authentication Security Strengthening

Version 1.2.2

Release Date: March 11th, 2022

  • 2FA Authentication Security Strengthening

Version 1.2.1

Release Date: March 9th, 2022

  • Improved Weekly reports
  • Improved HTTP Headers service
  • Code Refactoring

Version 1.2.0

Release Date: February 28th, 2022

  • NEW – Weekly Reports
  • Code Refactoring and General Improvements
  • Improved 2FA user role support
  • Improved error handling
  • Improved Limit Login IP Range support
  • Improved Event log
  • Improved Phlox theme support
  • Minor fixes
  • Improved WP-CLI support
  • Environment data collection consent added

Version 1.1.3

Release Date: October 1st, 2021
* Improved Hide WP version functionality

Version 1.1.2

Release Date: August 20th, 2021
* Improved Custom Login URL functionality
* Improved 2FA
* Improved success/error messages

Version 1.1.1

Release Date: August 12th, 2021
* Improved 2FA
* Improved logout functionality

Version 1.1.0

Release Date: July 27th, 2021
* NEW! Added 2FA backup codes to the profile edit page
* NEW! Custom login and registration URLs
* NEW! Added automatic HSTS headers generation
* Improved Disable common usernames functionality
* Improved Mass Logout Service
* Improved Activity Logging and added custom labeling
* Improved Password Reset functionality

Version 1.0.4

  • Improved Limit Login Attempts

Version 1.0.3

  • Fixed rating box bug on safari
  • Improved RSS & ATOM Feed Disabler service

Version 1.0.2

  • Added filter to configure log lifetime
  • Added WP CLI support
  • Improved strings

Version 1.0.1

  • Añadidos ajustes por defecto al instalar
  • Mejorada la compatibilidad con las traducciones
  • Añadida limpieza al desinstalar

Version 1.0.0

  • Primera versión estable.

Version 0.1

  • Versión inicial.