WebLoop

SecureSite Toolkit free plugin

This WordPress free plugin helped “SecureSite Toolkit” that combines five advanced security and safety features: Login Attempt Tracker, Email Login Notifier, Page Password Protector, Simple Anti-Copy, and Image Theft Guard. The plugin is designed for non-coders, with a centralized settings page to configure all features and an admin dashboard to view security data. It’s lightweight, secure, and includes detailed setup instructions. Each feature can be enabled/disabled independently to minimize performance impact.

Given your beginner coding level and preference for easy-to-follow instructions (as noted in your request for a social share button plugin), I’ll provide clear, step-by-step guidance and keep the code in a single file for simplicity, with separate JS/CSS files generated on activation for front-end functionality.

📥 My Awesome Plugin

This plugin helps you automate tasks and improve web performance.

⬇️ Download Plugin ZIP

💌 Subscribe to Updates


Installation and Setup Instructions

  1. Download the Plugin:
    • Copy the PHP code above into a file named wp-securesite-toolkit.php.
    • Place this file in a folder named wp-securesite-toolkit.
  2. Upload to WordPress:
    • Zip the wp-securesite-toolkit folder.
    • In the WordPress admin dashboard, go to Plugins > Add New > Upload Plugin.
    • Upload the zipped folder and click Install Now.
  3. Activate the Plugin:
    • After installation, click Activate Plugin.
    • The plugin will create a database table for login attempts and generate sst-anti-copy.js and sst-anti-copy.css files.
  4. Configure Security Features:
    • Go to the new menu item Security Toolkit in the WordPress admin dashboard.
    • Configure each feature:
      • Login Attempt Tracker:
        • Enable Login Tracker: Check to track failed login attempts (default: enabled).
        • View logs under View Login Attempts.
      • Email Login Notifier:
        • Enable Email Notifier: Check to send notifications (default: enabled).
        • Notification Email: Set the email address for alerts (default: admin email).
      • Page Password Protector:
        • Enable Page Protector: Check to enable password protection (default: enabled).
        • A meta box will appear on page/post edit screens.
      • Simple Anti-Copy:
        • Enable Anti-Copy: Check to disable right-click and text selection (default: enabled).
      • Image Theft Guard:
        • Enable Watermarking: Check to watermark images (default: enabled).
        • Watermark Text: Set the watermark text (default: site name).
        • Watermark Opacity: Set opacity (0 to 1, default: 0.5).
    • Click Save Changes.
  5. Test Each Feature:
    • Login Attempt Tracker:
      • Attempt to log in with incorrect credentials.
      • Go to Security Toolkit > View Login Attempts to see the failed attempt.
    • Email Login Notifier:
      • Log in from a new device or IP (e.g., use a VPN or different network).
      • Check the notification email’s inbox (and spam folder) for the alert.
    • Page Password Protector:
      • Edit a page/post, add a password in the Page Password Protection meta box, and save.
      • Visit the page on the front-end; you should see a password prompt.
      • Enter the correct password to access the content.
    • Simple Anti-Copy:
      • Visit your site’s front-end.
      • Try right-clicking or selecting text; both should be disabled.
    • Image Theft Guard:
      • Upload an image (JPEG or PNG) to the Media Library.
      • Download the image and check for the watermark with the specified text and opacity.
  6. Ensure Email Delivery:
    • For Email Login Notifier, test email sending with a plugin like Check & Log Email.
    • If emails don’t deliver, install WP Mail SMTP and configure it with a service like Gmail or SendGrid.
  7. Verify Server Requirements:
    • Ensure the PHP GD library is enabled for watermarking (most hosts support this; check with your hosting provider).
    • Confirm your server allows HTTPS requests and email sending.

Features

  • Login Attempt Tracker:
    • Logs failed login attempts (username, IP, timestamp) in a custom database table.
    • Displays up to 100 recent attempts in an admin table.
  • Email Login Notifier:
    • Sends an email to a specified address when a user logs in from a new IP.
    • Tracks IPs per user to avoid duplicate notifications.
  • Page Password Protector:
    • Adds a meta box to page/post edit screens for setting a password.
    • Displays a password form on protected pages, with cookie-based access for one hour.
  • Simple Anti-Copy:
    • Disables right-click, text selection, and copy/cut actions via JavaScript and CSS.
    • Applies to the front-end only, leaving admin functionality intact.
  • Image Theft Guard:
    • Automatically watermarks JPEG/PNG images on upload using PHP GD.
    • Customizable watermark text and opacity, centered on images.
  • Centralized Settings: Enable/disable each feature and configure options from one settings page.
  • Admin Interface: View login attempts and manage settings easily.
  • Single File: Core logic in one PHP file, with JS/CSS generated for anti-copy feature.
  • Secure: Uses nonces, sanitized inputs, and WordPress best practices.

How It Works

  • Login Attempt Tracker: Hooks into wp_login_failed to log failed attempts in a custom table (wp_sst_login_attempts). Displays logs in an admin table.
  • Email Login Notifier: Hooks into wp_login to check the user’s IP against stored data. Sends an email via wp_mail() if the IP is new.
  • Page Password Protector: Adds a meta box via add_meta_boxes and saves passwords as post meta. Filters the_content to show a password form if needed.
  • Simple Anti-Copy: Enqueues a JS file to block right-click/copy and a CSS file to disable text selection on the front-end.
  • Image Theft Guard: Hooks into add_attachment to watermark images using PHP GD, applying text with configurable opacity.

Notes

  • Performance: Each feature is lightweight, with minimal database queries and conditional loading. Disable unused features to optimize.
  • Dependencies: Requires PHP GD for watermarking. Email features rely on server email configuration; use SMTP for reliability.
  • Compatibility: Works with WordPress 5.0+. Test with themes/plugins for conflicts (e.g., page builders affecting content filters).
  • Security: All inputs are sanitized, nonces protect forms, and database queries use prepared statements. Anti-copy is client-side and can be bypassed by advanced users.
  • Limitations:
    • Anti-Copy: Cannot prevent all copying (e.g., view-source or screenshots). It’s a deterrent, not foolproof.
    • Watermarking: Only supports JPEG/PNG. Requires GD library. Fallback font used if Arial is unavailable.
    • Page Protector: Passwords are stored in plain text in the database; use strong passwords and secure your database.
  • GDPR Compliance: For Email Login Notifier, inform users about IP tracking. Consult a legal expert for compliance.
  • Webloop Integration: Based on your interest in automation and tools like those on webloop.space, this plugin can be branded for Webloop clients to enhance site security, with potential AI-driven features like real-time threat analysis.

Troubleshooting

  • Login Attempts Not Logged: Ensure Enable Login Tracker is checked. Check the database table (wp_sst_login_attempts) in phpMyAdmin.
  • Emails Not Sending: Test with Check & Log Email. Configure WP Mail SMTP if needed. Check the debug log (wp-content/debug.log) for errors.
  • Page Password Not Working: Verify the password is set in the meta box. Ensure the page isn’t cached by a caching plugin.
  • Anti-Copy Not Working: Check if the JS/CSS files (sst-anti-copy.js, sst-anti-copy.css) exist in the plugin directory. Test in a browser without extensions that override context menus.
  • Watermark Not Applied: Confirm PHP GD is enabled (phpinfo() or ask your host). Check the debug log for errors. Ensure uploaded images are JPEG/PNG.
  • General Issues: Enable debugging (define(‘WP_DEBUG’, true); in wp-config.php) to log errors. Test with a default theme (e.g., Twenty Twenty-Five) and no other plugins to rule out conflicts.
  • This plugin is ready to use and combines multiple security features into a single, beginner-friendly solution. Let me know if you need additional features (e.g., CSV export for login attempts, custom watermark positioning, or integration with Webloop’s AI tools) or help with setup!

Scroll to Top