SEOSiri Shield Starter β WordPress Firewall & Malware Scanner
π‘ ESSENTIAL WORDPRESS SECURITY β PLUG IN AND PROTECT IN 5 MINUTESBuilt by Momenul Ahmad, founder of SEOSiri and a decade-long SEO, WordPress and digital security professional, SEOSiri Shield Starter gives your WordPress site production-grade protection without the subscription tax.βββββββββββββββββββββββββββββββββπ₯ WEB APPLICATION FIREWALL (WAF)βββββββββββββββββββββββββββββββββStops attacks before they reach WordPress:β’ SQL Injection β 20+ pattern rules (UNION SELECT, DROP TABLE, EXEC, CHAR injection, hex encoding, INFORMATION_SCHEMA, OUTFILE, and more)β’ Cross-Site Scripting (XSS) β 15 patterns including script tags, event handlers, javascript: URIs, SVG-based XSS, expression(), data:text/htmlβ’ Local File Inclusion (LFI) β path traversal, etc/passwd, proc/self/environ, php://filter, phar://, zip://β’ Remote File Inclusion (RFI) β external URL injection in parametersβ’ Shell Upload Detection β blocks executable files in wp-content/uploadsβ’ Directory Traversal β URL-encoded traversal sequencesβ’ XXE Injection β XML external entity attacksβ’ Rate Limiting β configurable max requests per minute per IPβ’ Bad Bot Blocker β 30 known attack tools including SQLMap, Nikto, Nessus, Burp Suite, Acunetix, Metasploit, Nmap, Nuclei, OWASP ZAPβββββββββββββββββββββββββββββββββπ MALWARE SCANNERββββββββββββββββββββββββββββββββββ’ WordPress core file integrity check (vs. WordPress.org checksums API)β’ Plugin and theme file scanning with 30+ malware signaturesβ’ Shell detection: c99, r57, WSO, FilesMan, b374k, IndoXploitβ’ Crypto miner detection: Coinhive, CryptoLoot, CryptoNightβ’ PHP backdoor patterns: eval(base64_decode), eval($_POST), assert(), shell_execβ’ High-entropy code detection (obfuscated/encoded malware)β’ Uploads directory scan for PHP and executable filesβ’ SSL certificate validity and expiry monitoringβ’ HTTP security headers auditβ’ WordPress hardening checklistβββββββββββββββββββββββββββββββββπ LOGIN PROTECTIONββββββββββββββββββββββββββββββββββ’ Configurable max login attempts (default: 5)β’ Configurable lockout duration (default: 30 minutes)β’ Blocks XML-RPC brute force attacksβ’ Blocks user enumeration via ?author= and REST APIβ’ Optional: custom login URL (hide /wp-login.php)βββββββββββββββββββββββββββββββββπ HARDENING & HEADERSββββββββββββββββββββββββββββββββββ’ Strict-Transport-Security (HSTS)β’ Content-Security-Policy (CSP)β’ X-Frame-Options: SAMEORIGINβ’ X-Content-Type-Options: nosniffβ’ Referrer-Policyβ’ Permissions-Policyβ’ Remove WordPress version from HTML and script/style URLsβ’ Disable file editor in adminβ’ Force HTTPS redirectβ’ Upload directory PHP execution blockβββββββββββββββββββββββββββββββββπ LOGGING & ALERTSββββββββββββββββββββββββββββββββββ’ 30-day security event log (database-backed)β’ Email alerts with configurable severity thresholdβ’ IP blocking directly from the log tableβ’ Event types: WAF blocks, login failures, lockouts, bad bots, file changesββββββββββββββββββββββββββββββββββ WHAT'S INCLUDEDββββββββββββββββββββββββββββββββββ’ seosiri-shield.zip β WordPress plugin (activate in one click)β’ ACTIVATION.txt β Quick-start card with license key stepsβ’ README.md β Full installation and configuration guideβ’ Gumroad license key β activates plugin, domain-locked to 1 live siteRead guide : WordPress Security Plugin Guide.βββββββββββββββββββββββββββββββββπ NEED MORE? SEOSIRI SERVICESβββββββββββββββββββββββββββββββββStarter covers the security layer. For a full-stack digital presence, Momenul Ahmad and the SEOSiri team offer:β Custom WordPress Design & Developmentβ Technical SEO (schema, Core Web Vitals, local UAE/BD SEO)β AEO β Answer Engine Optimization (ChatGPT, Perplexity, AI Overview)β GEO β Generative Engine Optimization (LLM citation building)β AI Agent Building (custom assistants, automations, chatbots)β Google Ads, LinkedIn, WhatsApp marketingWebsite: https://www.seosiri.com/Store: https://store.seosiri.com/Email: info@seosiri.com
Get it β seosirius.gumroad.com