{"id":262819,"date":"2025-12-08T07:50:33","date_gmt":"2025-12-08T07:50:33","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/protectpress-security-firewall-malware-scanner\/"},"modified":"2025-12-08T08:08:12","modified_gmt":"2025-12-08T08:08:12","slug":"totalweb-security-firewall-malware-scanner","status":"publish","type":"plugin","link":"https:\/\/szl.wordpress.org\/plugins\/totalweb-security-firewall-malware-scanner\/","author":21083233,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.0","stable_tag":"1.0.0","tested":"6.9.4","requires":"5.0","requires_php":"7.4","requires_plugins":null,"header_name":"TotalWeb \u2013 Security, Firewall & Malware Scanner","header_author":"Pranshtech Solutions Private Limited","header_description":"TotalWeb is a comprehensive WordPress security plugin that provides advanced features to protect your website from various threats.","assets_banners_color":"023885","last_updated":"2025-12-08 08:08:12","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"","rating":0,"author_block_rating":0,"active_installs":0,"downloads":181,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"pranshtech","date":"2025-12-08 08:08:12"}},"upgrade_notice":{"1.0.0":"<ul>\n<li>Minor bug fixes and improvements.<\/li>\n<\/ul>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3416279,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3416279,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3416279,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3416279,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"<strong>Screenshot_1.png<\/strong> \u2013 Contact Form Entries page in WordPress admin."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[2439,1174,31093,1184,600],"plugin_category":[54],"plugin_contributors":[250843],"plugin_business_model":[],"class_list":["post-262819","plugin","type-plugin","status-publish","hentry","plugin_tags-brute-force","plugin_tags-firewall","plugin_tags-hardening","plugin_tags-malware","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-pranshtech","plugin_committers-pranshtech"],"banners":{"banner":"https:\/\/ps.w.org\/totalweb-security-firewall-malware-scanner\/assets\/banner-772x250.png?rev=3416279","banner_2x":"https:\/\/ps.w.org\/totalweb-security-firewall-malware-scanner\/assets\/banner-1544x500.png?rev=3416279","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/totalweb-security-firewall-malware-scanner\/assets\/icon-128x128.png?rev=3416279","icon_2x":"https:\/\/ps.w.org\/totalweb-security-firewall-malware-scanner\/assets\/icon-256x256.png?rev=3416279","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>TotalWeb offers a multi-layered approach to WordPress security, combining advanced protection mechanisms with an intuitive administrative interface. From real-time monitoring to proactive threat detection and prevention, TotalWeb empowers website administrators to maintain a secure online presence.<\/p>\n\n<h3>Features<\/h3>\n\n<h3>1. Login Security<\/h3>\n\n<ul>\n<li><strong>Login Attempt Tracking:<\/strong> Monitors and logs all login attempts, both successful and failed, including IP addresses and usernames.<\/li>\n<li><strong>Two-Factor Authentication (2FA):<\/strong> Enhances login security using TOTP-based 2FA with WooCommerce support.<\/li>\n<li><strong>IP and User Lockouts:<\/strong> Automatically locks IP addresses and users after a configurable number of failed login attempts.<\/li>\n<li><strong>Login Log Management:<\/strong> View, filter, bulk delete, and export login attempt logs to CSV.<\/li>\n<\/ul>\n\n<h3>2. CAPTCHA Integration<\/h3>\n\n<ul>\n<li><strong>Multi-form CAPTCHA Protection:<\/strong> Adds CAPTCHA to:\n\n<ul>\n<li>Login Form  <\/li>\n<li>Registration Form  <\/li>\n<li>Lost Password Form  <\/li>\n<li>Reset Password Form  <\/li>\n<li>Comment Form  <\/li>\n<li>WooCommerce Forms  <\/li>\n<\/ul><\/li>\n<li><strong>Supported CAPTCHA Types:<\/strong> reCAPTCHA v2, reCAPTCHA v3, hCaptcha, and Math CAPTCHA.<\/li>\n<li><strong>Contact Form 7 Integration:<\/strong> Seamlessly injects CAPTCHA into CF7 forms.<\/li>\n<\/ul>\n\n<h3>3. File and Database Security<\/h3>\n\n<ul>\n<li><strong>Comprehensive File Scanning:<\/strong> Scans core files, plugins, and themes for modifications, new files, and deletions.<\/li>\n<li><strong>Scheduled &amp; On-Demand Scans:<\/strong> Run daily scheduled scans or manual scans anytime.<\/li>\n<li><strong>Customizable Monitoring:<\/strong> Configure file types, exclusions, and email alerts.<\/li>\n<li><strong>REST API Integration:<\/strong> Initiate scans and check status programmatically.<\/li>\n<li><strong>MD5 Hash Verification:<\/strong> Detects unauthorized file changes.<\/li>\n<li><strong>Database Backup &amp; Restore:<\/strong> Perform manual or automated backups and restore previous versions.<\/li>\n<li><strong>Database Prefix Change:<\/strong> Enhances security by changing the WP database prefix.<\/li>\n<li><strong>SQL Injection Protection:<\/strong> Blocks suspicious queries and monitors DB activity.<\/li>\n<li><strong>Query Monitoring:<\/strong> Detects and blocks suspicious SQL patterns.<\/li>\n<li><strong>WordPress Hardening:<\/strong> Disable insecure WP features such as:\n\n<ul>\n<li>File Editor  <\/li>\n<li>Unfiltered HTML (non-admins)  <\/li>\n<li>XML-RPC  <\/li>\n<li>Force SSL  <\/li>\n<li>Hide WP version  <\/li>\n<li>Block PHP execution in uploads  <\/li>\n<li>Block dangerous file types  <\/li>\n<li>Protect sensitive files (e.g., wp-config.php, .htaccess)<\/li>\n<\/ul><\/li>\n<li><strong>REST API Controls:<\/strong> Manage security settings and logs via API.<\/li>\n<\/ul>\n\n<h3>4. Malware Scanner<\/h3>\n\n<ul>\n<li><strong>Malicious Code Detection:<\/strong> Scans core, themes, plugins, and uploads for malware signatures.<\/li>\n<li><strong>Manual &amp; Scheduled Scans:<\/strong> Flexible scanning options.<\/li>\n<li><strong>Issue Tracking:<\/strong> Detects modified, missing, unknown, and infected files.<\/li>\n<li><strong>Email Reports:<\/strong> Sends alerts when malware is detected.<\/li>\n<\/ul>\n\n<h3>5. Firewall<\/h3>\n\n<ul>\n<li><strong>Web Application Firewall (WAF):<\/strong> Supports custom regex rules and ModSecurity CRS patterns.<\/li>\n<li><strong>IP Blacklist\/Whitelist:<\/strong> Block malicious IPs or allow trusted ones.<\/li>\n<li><strong>Geo-Blocking:<\/strong> Restrict access by country.<\/li>\n<li><strong>Rate Limiting &amp; DDoS Protection:<\/strong> Limits requests per IP.<\/li>\n<li><strong>Comment Spam IP Monitoring:<\/strong> Auto-blocks frequent spam IPs.<\/li>\n<li><strong>Bad Bot Protection:<\/strong> Blocks known scrapers and bots.<\/li>\n<li><strong>Smart 404 Blocking:<\/strong> Blocks IPs generating excessive 404 errors.<\/li>\n<li><strong>General Firewall Options:<\/strong>\n\n<ul>\n<li>Disable RSS\/ATOM feeds  <\/li>\n<li>Block proxy comment submissions  <\/li>\n<li>Advanced string filtering  <\/li>\n<li>Enable 6G Firewall rules  <\/li>\n<li>Block unauthorized REST requests  <\/li>\n<li>Block blank user-agent or referrer POST requests  <\/li>\n<\/ul><\/li>\n<\/ul>\n\n<h3>6. Redirects<\/h3>\n\n<ul>\n<li><strong>Custom 301 Redirects:<\/strong> Manage permanent redirect rules.<\/li>\n<li><strong>Admin Interface:<\/strong> Add, edit, and delete redirects easily.<\/li>\n<li><strong>URL Validation:<\/strong> Prevents duplicates and formatting issues.<\/li>\n<\/ul>\n\n<h3>7. Security Hardening<\/h3>\n\n<ul>\n<li><strong>HTTP Security Headers:<\/strong> Configure:\n\n<ul>\n<li>HSTS  <\/li>\n<li>X-Frame-Options  <\/li>\n<li>Content Security Policy (CSP)  <\/li>\n<li>Referrer-Policy  <\/li>\n<\/ul><\/li>\n<li><strong>Role-Based Access Restrictions:<\/strong> Limit access to specific plugin features.<\/li>\n<li><strong>One-Click Setup Wizard:<\/strong> Apply recommended hardening automatically.<\/li>\n<\/ul>\n\n<h3>8. Audit Logging<\/h3>\n\n<ul>\n<li><strong>Logs:<\/strong>\n\n<ul>\n<li>Logins (success\/failure)<\/li>\n<li>User profile changes<\/li>\n<li>Role\/capability changes<\/li>\n<li>Plugin\/theme activation\/deactivation\/updates<\/li>\n<li>Theme switches<\/li>\n<\/ul><\/li>\n<li>Daily summaries.<\/li>\n<li>Email alerts for important events.<\/li>\n<li>Dashboard widget with recent events.<\/li>\n<li>REST API access to logs.<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>totalweb-security-firewall-malware-scanner<\/code> folder to <code>\/wp-content\/plugins\/<\/code>.<\/li>\n<li>Activate the plugin through <strong>Plugins \u2192 Installed Plugins<\/strong>.<\/li>\n<li>Go to <strong>TotalWeb Security<\/strong> in the admin menu to configure your security settings.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id='1.%20does%20totalweb%20work%20with%20other%20security%20plugins%3F'><h3>1. Does TotalWeb work with other security plugins?<\/h3><\/dt>\n<dd><p>Yes, TotalWeb is compatible with most security plugins, but running multiple firewalls or malware scanners may cause redundant checks. We recommend disabling overlapping features.<\/p><\/dd>\n<dt id='2.%20will%20the%20firewall%20slow%20down%20my%20site%3F'><h3>2. Will the firewall slow down my site?<\/h3><\/dt>\n<dd><p>No. TotalWeb uses lightweight rule processing optimized to have minimal performance impact.<\/p><\/dd>\n<dt id='3.%20what%20happens%20if%20a%20file%20is%20detected%20as%20modified%20or%20suspicious%3F'><h3>3. What happens if a file is detected as modified or suspicious?<\/h3><\/dt>\n<dd><p>You will receive an email alert (if enabled), and the issue will appear in the scan results dashboard. You can view details, compare changes, or restore from backups.<\/p><\/dd>\n<dt id='4.%20does%20the%20plugin%20support%20multisite%3F'><h3>4. Does the plugin support multisite?<\/h3><\/dt>\n<dd><p>Yes. Most features\u2014including login security, firewall, and malware scanning\u2014work across multisite networks.<\/p><\/dd>\n<dt id='5.%20can%20i%20exclude%20certain%20files%20or%20directories%20from%20scans%3F'><h3>5. Can I exclude certain files or directories from scans?<\/h3><\/dt>\n<dd><p>Yes. You can configure exclusions for file types, folders, and paths in the File Scanner settings.<\/p><\/dd>\n<dt id='6.%20how%20do%20scheduled%20scans%20work%3F'><h3>6. How do scheduled scans work?<\/h3><\/dt>\n<dd><p>TotalWeb uses WP-Cron to run daily or custom-interval scans. These can be managed from the scanning settings page.<\/p><\/dd>\n<dt id='7.%20does%20totalweb%20store%20logs%20in%20my%20database%3F'><h3>7. Does TotalWeb store logs in my database?<\/h3><\/dt>\n<dd><p>Yes. Logs are stored efficiently, and you can set automatic log retention periods to control database usage.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release with comprehensive security features.<\/li>\n<\/ul>","raw_excerpt":"TotalWeb strengthens your site security with malware defense, brute-force protection, firewall rules, and smart hardening controls.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/262819","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=262819"}],"author":[{"embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/pranshtech"}],"wp:attachment":[{"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=262819"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=262819"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=262819"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=262819"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=262819"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=262819"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}