← Plugins

ArkHost Security Pack

WordPress security without the nonsense. No upsells, no premium tier, no fake threat counters.

By ArkHost

Version 1.1 Active Installs 0+ Updated 4 weeks ago 1 month old
Download

Description

A complete security plugin that’s actually free. No “pro” version, no nag screens, no made-up threat statistics.

Login Protection

  • Blocks IPs after failed login attempts
  • Custom login URL (hides wp-login.php)
  • Hides wp-admin from logged-out users
  • Honeypot field for bots
  • Hides login errors (stops username enumeration)
  • Email alerts for admin logins from new IPs
  • Country/IP restrictions on login page

IP Control

  • Whitelist and blacklist
  • Auto-blacklist after repeated lockouts
  • IPv4, IPv6, CIDR supported

Geo Blocking

  • Block countries
  • Uses free IP2Location LITE database
  • One-click download

Hardening

  • Disable XML-RPC
  • Disable dashboard file editing
  • Disable application passwords
  • Restrict REST API to logged-in users
  • Remove WordPress version
  • Block user enumeration (?author=1 and REST API)
  • Disable pingbacks/trackbacks

Security Headers

X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, Referrer-Policy, Permissions-Policy, Content-Security-Policy, HSTS

Two-Factor Authentication

  • TOTP (Google Authenticator, Authy, etc.)
  • Backup codes
  • Enforce for admins

File Integrity Monitoring

  • Checks WordPress core files against official checksums
  • Daily scans
  • Email alerts on changes

Malware Scanner

  • Scans plugins, themes, uploads
  • Pattern-based detection
  • Quarantine suspicious files
  • Weekly scans

Activity Log

  • Login attempts, lockouts, blocks
  • IP, country, username, timestamp
  • Configurable retention
  • CSV export

Tools

  • Export/import settings
  • Force logout all users
  • Test email
  • Delete readme.html/license.txt

Privacy

No tracking. No analytics. No telemetry.

External connections:
* WordPress.org API (core file checksums)
* IP2Location (database download, only when you click it)

External services

This plugin connects to the following external services under specific circumstances:

WordPress.org Checksums API

  • Service: api.wordpress.org/core/checksums/1.0/
  • Used for: Verifying WordPress core file integrity by comparing local files against official checksums
  • Data sent: WordPress version and locale
  • When: During daily scheduled file integrity scans and when manually triggered by the admin
  • Privacy policy: https://wordpress.org/about/privacy/

IP Detection Services

  • Services: api.ipify.org, ifconfig.me, icanhazip.com
  • Used for: Detecting the server’s public IP address for the “Whitelist My IP” tool
  • Data sent: Standard HTTP request (no personal data)
  • When: Only when an admin uses the “Whitelist My IP” feature in the Tools tab
  • Terms: https://www.ipify.org/ / https://ifconfig.me/ / https://icanhazip.com/

IP2Location

  • Service: download.ip2location.com
  • Used for: Downloading the free IP2Location LITE geolocation database for country-based blocking
  • Data sent: Standard HTTP request (optional: user’s download token if configured)
  • When: Only when an admin clicks “Download IP2Location Database” in the IP Control tab
  • Terms of service: https://www.ip2location.com/terms
  • Privacy policy: https://www.ip2location.com/privacy

Related plugins

View all alternatives

Plugin comparisons

See how this plugin stacks up against alternatives side by side.