Proactive protection and security hardening

Deploy a wide array of security measures to stop spam registrations, spam content, various types of malicious threats, limit and ban access to repeated offenders and more.

Current release
Version: 1.5
Date: 2024.02.12
First released
2 months, 22 days ago
System Requirements
PHP: 7.4
WordPress: 5.7
or ClassicPress: 0.0
bbPress: 2.5
Gravity Forms: 2.5
Individual network websites

Modular Security

The plugin is based around features that can be disabled if not used. The plugin has Setup Wizard to get you started with basic settings and features configuration.


coreSecurity is based on the feature’s implementation, with the ability to disable features you don’t need.

Multisite Support

The plugin fully supports the WordPress Multisite network, and it works as a network-wide plugin.

coreActivity Integration

coreSecurity depends on the coreActivity plugin for all the security events logging, and it is deeply integrated with it.

Security Tweaks

coreSecurity Tweaks feature has 10+ tweaks for changing various aspects of WordPress for increased security.


The plugin can add security headers, other security features, and firewall into .HTACCESS file (Apache and Litespeed).

Banning IPs

The plugin can auto-ban offending IPs based on various logged security-related activities or ban them yourself.


Connect all your websites via the Bridge to share the banned IPs between them, or get banned IPs from Dev4Press API.


Find all known vulnerabilities in PHP and WordPress, as well as plugins and themes affecting the versions on your website.


Database with 6000+ items, filters, and regular expressions used for firewall, antispam, and other features.

Security Features

The plugin has over 20 features, allowing you to use only what you need: Inspector Tools, direct integration with the coreActivity plugin for security logs, and much more.

Version 1.4 has 27 Features

9 Antispam Features

18 More Security Features

11 Security Headers

Explore the Features

Core Security is built around features, with five features always active, and the rest can be enabled if used. Each feature has its own settings panel with a wide range of fine-tuning options.

Antispam Features

The plugin has 9 Antispam features with additional shared Antispam Core feature.

Antispam Measures

The plugin has a wide range of antispam filters and scanners; it can detect spam by using DNS and third-party services.

WordPress & bbPress

The plugin can integrate with WordPress comments and trackbacks, and bbPress topics and replies to fight spam.

Forms Plugins

Currently, it supports detecting spam in Gravity Forms, Contact Form 7, Formidable, WPForms, and Forminator plugins.

Security Headers

The plugin has 4 Security Headers features, with CSP Report Logs for the Content Security Policy and NEL Reports for Network Error Logging.

Content Security Policy

CSP is a very important security header that can be challenging to adjust, and coreSecurity tries to make that easier.

Permissions Policy

This security header is still not widely supported, but configuring it is increasingly important.

More Security Headers

This feature includes eight additional security headers; all are easy to configure, with very few settings.

Network Error Logging

NEL is a new security header supported by Chrome and Chromium-based browsers for website connectivity errors.

NEL Error Types

NEL errors are related to DNS, TLS/SSL, HTTP, and TCP issues when interacting with your website.

NEL Reports

The plugin can log all NEL reports and display them in the dedicated panel with details about each report.

Advanced CSP Settings

The plugin allows you to configure the Sandbox part of the policy and flags for insecure content.

Predefined CSP rules

To help set the rules, the plugin includes a library of 60+ popular services that are already configured.

CSP Reports Log

The plugin can log all browser-reported violations to the CSP policy for later analysis and updates.

Security Logs

Extended from coreActivity logs, Security Logs are crucial in analyzing security-related events and taking additional actions. coreSecurity adds over 20 new events into coreActivity for security-related tracking. Various security features use these events.

Registration & Login Control

Control who can register accounts with advanced filters to stop spammers and control the log in process to eliminate brute force attacks.

Registration Control

Stop spammers registering accounts on your website with a wide range of filters and the use of online services.

Login Limiter

Stop brute force login attempts by limiting the number of failed login attempts for each IP and ban repeat offenders.

Login Honeypot

Use the simple method to protect the login form and eliminate spam bots from logging in to your website with the honeypot field.

Integrity & Malware File Scanner

File Scanner can scan all the website files to check file integrity and scan eligible files for malware.

Integrity Scanner

File scanner runs integrity scan for WordPress core, plugins from WordPress repository, and Dev4Press plugins.

Malware Scanner

Files that fail integrity scan and files that have not been scanned for integrity will be run through Malware Scanner.

Malware Patterns

The plugin features over 400 patterns for malware detection, and it will be updated in future releases.

The File Scanner can scan and present results; it can’t restore or clean infected files. The cleanup of infected files should be done only by experienced expert!

Spread the word about this plugin, share on social networks:

Knowledge Base and Support

Knowledge Base

To get help for this plugin, start with FAQ and the Knowledge Base.

Knowledge Base

Support Forums

If you need help with the plugin or to report problems, use support forums.

Support Forum

Request Demo

Do you have doubts about whether this plugin is right for you? Test it first.

Request Demo

Plugin Translations

Plugin's basic language is English. The plugin is translation ready, with empty POT file with all the string included in the plugin directory.

It is possible that plugin has some minor spelling issues, mistypes words and other issues. Please, report any problems you find, and they will be fixed, and POT file updated when needed.

Plugin Accessibility

Plugin Accessibility Status

Front End: Not Applicable
Admin Side: Yes

Report Accessibility Issues

Web accessibility is increasingly important factor in web development, and with the accessibility support you are making sure that people with disablities are able to use your website. Developing for accessibility is one of the priorities on Dev4Press, and we are using WCAG guidelines and approved tools to test our plugins and improve accessibility for on both admin side and the front end (for plugins with front end controlls and features).

Keep in mind that there still might be some accessibility issue with the plugin, and if you find any, please report them via support forum, and such report will be given highest priority, and issue will be fixed as soon as possible.

More Features

Settings Import and Export

All Dev4Press premium plugins have a set of easy-to-use tools to export all plugin settings into files with JSON serialization. And you can export settings from that file. This way, you can keep your settings safe or transfer settings from one website to another.

Browser Compatibility

All our plugins are compatible with all popular internet browsers. This includes Google Chrome, Mozilla Firefox, Apple Safari, Opera, and Microsoft Edge, all tested across different operating systems and desktop and mobile devices.

Regular Updates

All Dev4Press premium plugins are constantly developed and will receive regular updates to fix reported bugs, fix any security issues, and enhance and improve every aspect of plugins. And using our Updater plugin, you can update directly from WordPress.

Complete Localization

All Dev4Press free and lite plugins have a WordPress standard PO/MO translation system implemented, making it easy to translate into any language. Depending on the plugin, translations can be split into two or more files for easier translation handling.

Excellent Support

One of our primary goals is to provide the best support possible. This includes an active support forum, priority support (for Agency license), and an ever-expanding knowledge base and FAQ to ensure you get all the information you need for our plugins.

Secure and Clean Code

All Dev4Press premium plugins are coded using best coding practices, with code tested for all potential security problems. We are constantly working on maintaining full WordPress compatibility and the highest level of security for all our products.

Discover more Dev4Press plugins

GD Quantum Theme Pro for bbPress

GD Quantum Theme for bbPress

New theme for bbPress powered forums

GD Mail Queue Pro

GD Mail Queue

Queue based, enhanced email sending system

GD Content Tools Pro

GD Content Tools

Enhancing WordPress Content Management

GD bbPress Tools

GD bbPress Tools

Enhancing WordPress forums powered by bbPress