Login Security
Two Factor
Enabling Two-Factor Authentication greatly increases the security of your WordPress user account by requiring additional information beyond your username and password in order to log in.
Privilege Escalation
Allows administrators to temporarily grant extra access (Administrator or Editor privileges) to a user of the site for a specified period of time.
For example, a contractor can be granted developer access to the site for 24 hours after which his or her status would be automatically revoked.
Note: When this setting is in place, the user's displayed role will still be the same only their privileges are updated.
Passwordless Login
Enable Passwordless Login to bypass the password and Two-Factor requirements upon login. The Passwordless Login email contains a special login that redirects to the WordPress login page. The email will be sent to the email address shown in your user profile.
Trusted Devices (Beta)
Trusted Devices identifies the devices users use to log in and can apply additional restrictions to unknown devices.
Passkeys
Passkeys Allow users to log in with biometrics like Face ID, Touch ID, Windows Hello, WebAuthn, or any passkey their device supports.
Firewall
Ban Users
Block specific IP addresses and user agents from accessing the site.
Firewall
Protect your site with firewall rules.
Local Brute Force
Protect your site against attackers who try to guess login details to your site randomly.
Network Brute Force
Join a network of sites that reports and protects against bad actors on the internet.
Magic Links
The Magic Links bypass lockout option allows you to log in while your username or IP address is locked out.
CAPTCHA
Protect your site from bots by verifying that the person submitting comments or logging in is indeed human.
Site Check
File Change
File Change detection will tell you what files have changed in your WordPress installation, alerting you to changes not made by yourself.
Site Scan Scheduling
Protect your site with automated site scans. When this feature is enabled, the site will be automatically scanned each day. If a problem is found, an email is sent to select users.
User Logging
Log user actions such as logging in, saving content, and making changes to the site’s software.
Version Management
Version Management can automatically update to new versions of WordPress, themes, and plugins, along with increasing security measures when a site’s software is outdated.
Utilities
Enforce SSL
Enforces that all connections to the website are made over SSL/TLS.
Database Backups
Manually create a database backup or schedule automatic database backups.
Security Check Pro
Determines the correct way to identify the IP addresses of your site visitors according to the server configuration. (Note: This setting is only shown in Solid Security Basic. Solid Security Pro uses the Security Check Pro settings by default.)
Geolocation
Improve Trusted Devices by connecting to an external location or mapping API.