WebLoop

SecureSite Toolkit free plugin

This WordPress free plugin helped “SecureSite Toolkit” that combines five advanced security and safety features: Login Attempt Tracker, Email Login Notifier, Page Password Protector, Simple Anti-Copy, and Image Theft Guard. The plugin is designed for non-coders, with a centralized settings page to configure all features and an admin dashboard to view security data. It’s lightweight, secure, and includes detailed setup instructions. Each feature can be enabled/disabled independently to minimize performance impact.

Given your beginner coding level and preference for easy-to-follow instructions (as noted in your request for a social share button plugin), I’ll provide clear, step-by-step guidance and keep the code in a single file for simplicity, with separate JS/CSS files generated on activation for front-end functionality.

📥 My Awesome Plugin

This plugin helps you automate tasks and improve web performance.

⬇️ Download Plugin ZIP

💌 Subscribe to Updates


Installation and Setup Instructions

  1. Download the Plugin:
    • Copy the PHP code above into a file named wp-securesite-toolkit.php.
    • Place this file in a folder named wp-securesite-toolkit.
  2. Upload to WordPress:
    • Zip the wp-securesite-toolkit folder.
    • In the WordPress admin dashboard, go to Plugins > Add New > Upload Plugin.
    • Upload the zipped folder and click Install Now.
  3. Activate the Plugin:
    • After installation, click Activate Plugin.
    • The plugin will create a database table for login attempts and generate sst-anti-copy.js and sst-anti-copy.css files.
  4. Configure Security Features:
    • Go to the new menu item Security Toolkit in the WordPress admin dashboard.
    • Configure each feature:
      • Login Attempt Tracker:
        • Enable Login Tracker: Check to track failed login attempts (default: enabled).
        • View logs under View Login Attempts.
      • Email Login Notifier:
        • Enable Email Notifier: Check to send notifications (default: enabled).
        • Notification Email: Set the email address for alerts (default: admin email).
      • Page Password Protector:
        • Enable Page Protector: Check to enable password protection (default: enabled).
        • A meta box will appear on page/post edit screens.
      • Simple Anti-Copy:
        • Enable Anti-Copy: Check to disable right-click and text selection (default: enabled).
      • Image Theft Guard:
        • Enable Watermarking: Check to watermark images (default: enabled).
        • Watermark Text: Set the watermark text (default: site name).
        • Watermark Opacity: Set opacity (0 to 1, default: 0.5).
    • Click Save Changes.
  5. Test Each Feature:
    • Login Attempt Tracker:
      • Attempt to log in with incorrect credentials.
      • Go to Security Toolkit > View Login Attempts to see the failed attempt.
    • Email Login Notifier:
      • Log in from a new device or IP (e.g., use a VPN or different network).
      • Check the notification email’s inbox (and spam folder) for the alert.
    • Page Password Protector:
      • Edit a page/post, add a password in the Page Password Protection meta box, and save.
      • Visit the page on the front-end; you should see a password prompt.
      • Enter the correct password to access the content.
    • Simple Anti-Copy:
      • Visit your site’s front-end.
      • Try right-clicking or selecting text; both should be disabled.
    • Image Theft Guard:
      • Upload an image (JPEG or PNG) to the Media Library.
      • Download the image and check for the watermark with the specified text and opacity.
  6. Ensure Email Delivery:
    • For Email Login Notifier, test email sending with a plugin like Check & Log Email.
    • If emails don’t deliver, install WP Mail SMTP and configure it with a service like Gmail or SendGrid.
  7. Verify Server Requirements:
    • Ensure the PHP GD library is enabled for watermarking (most hosts support this; check with your hosting provider).
    • Confirm your server allows HTTPS requests and email sending.

Features

  • Login Attempt Tracker:
    • Logs failed login attempts (username, IP, timestamp) in a custom database table.
    • Displays up to 100 recent attempts in an admin table.
  • Email Login Notifier:
    • Sends an email to a specified address when a user logs in from a new IP.
    • Tracks IPs per user to avoid duplicate notifications.
  • Page Password Protector:
    • Adds a meta box to page/post edit screens for setting a password.
    • Displays a password form on protected pages, with cookie-based access for one hour.
  • Simple Anti-Copy:
    • Disables right-click, text selection, and copy/cut actions via JavaScript and CSS.
    • Applies to the front-end only, leaving admin functionality intact.
  • Image Theft Guard:
    • Automatically watermarks JPEG/PNG images on upload using PHP GD.
    • Customizable watermark text and opacity, centered on images.
  • Centralized Settings: Enable/disable each feature and configure options from one settings page.
  • Admin Interface: View login attempts and manage settings easily.
  • Single File: Core logic in one PHP file, with JS/CSS generated for anti-copy feature.
  • Secure: Uses nonces, sanitized inputs, and WordPress best practices.

How It Works

  • Login Attempt Tracker: Hooks into wp_login_failed to log failed attempts in a custom table (wp_sst_login_attempts). Displays logs in an admin table.
  • Email Login Notifier: Hooks into wp_login to check the user’s IP against stored data. Sends an email via wp_mail() if the IP is new.
  • Page Password Protector: Adds a meta box via add_meta_boxes and saves passwords as post meta. Filters the_content to show a password form if needed.
  • Simple Anti-Copy: Enqueues a JS file to block right-click/copy and a CSS file to disable text selection on the front-end.
  • Image Theft Guard: Hooks into add_attachment to watermark images using PHP GD, applying text with configurable opacity.

Notes

  • Performance: Each feature is lightweight, with minimal database queries and conditional loading. Disable unused features to optimize.
  • Dependencies: Requires PHP GD for watermarking. Email features rely on server email configuration; use SMTP for reliability.
  • Compatibility: Works with WordPress 5.0+. Test with themes/plugins for conflicts (e.g., page builders affecting content filters).
  • Security: All inputs are sanitized, nonces protect forms, and database queries use prepared statements. Anti-copy is client-side and can be bypassed by advanced users.
  • Limitations:
    • Anti-Copy: Cannot prevent all copying (e.g., view-source or screenshots). It’s a deterrent, not foolproof.
    • Watermarking: Only supports JPEG/PNG. Requires GD library. Fallback font used if Arial is unavailable.
    • Page Protector: Passwords are stored in plain text in the database; use strong passwords and secure your database.
  • GDPR Compliance: For Email Login Notifier, inform users about IP tracking. Consult a legal expert for compliance.
  • Webloop Integration: Based on your interest in automation and tools like those on webloop.space, this plugin can be branded for Webloop clients to enhance site security, with potential AI-driven features like real-time threat analysis.

Troubleshooting

  • Login Attempts Not Logged: Ensure Enable Login Tracker is checked. Check the database table (wp_sst_login_attempts) in phpMyAdmin.
  • Emails Not Sending: Test with Check & Log Email. Configure WP Mail SMTP if needed. Check the debug log (wp-content/debug.log) for errors.
  • Page Password Not Working: Verify the password is set in the meta box. Ensure the page isn’t cached by a caching plugin.
  • Anti-Copy Not Working: Check if the JS/CSS files (sst-anti-copy.js, sst-anti-copy.css) exist in the plugin directory. Test in a browser without extensions that override context menus.
  • Watermark Not Applied: Confirm PHP GD is enabled (phpinfo() or ask your host). Check the debug log for errors. Ensure uploaded images are JPEG/PNG.
  • General Issues: Enable debugging (define(‘WP_DEBUG’, true); in wp-config.php) to log errors. Test with a default theme (e.g., Twenty Twenty-Five) and no other plugins to rule out conflicts.
  • This plugin is ready to use and combines multiple security features into a single, beginner-friendly solution. Let me know if you need additional features (e.g., CSV export for login attempts, custom watermark positioning, or integration with Webloop’s AI tools) or help with setup!