Description
Webtaru Site Options and Login Security is a comprehensive toolkit for WordPress administrators to manage essential site information, business hours, and visual branding, while simultaneously hardening your site’s security by allowing you to change the default login URL and add CAPTCHA protection.
Features
Security & Privacy
- Secure Login Customization: Change your WordPress login URL to a custom slug to prevent brute-force attacks.
- CAPTCHA Integration: Support for Google reCAPTCHA v3 and Cloudflare Turnstile to protect your login forms.
- Login Attempt Limiter: Prevent brute-force attacks by limiting failed login attempts.
- Advanced XSS Protection: Add basic and advanced security headers to protect against script injections.
- Basic Security Firewall: Block common malicious query strings, SQL injection, and malware patterns.
- Login Email Alerts: Receive instant email notifications with IP, User Agent, Time, and Site URL when someone logs in.
- REST API Restriction: Block unauthorized access to the WordPress REST API to prevent data enumeration.
- Content Protection: Disable Right-Click, Text Selection, and Copy-Paste to protect your content.
- Auto-Alt Text: Automatically fill missing Alt tags with image titles for better SEO.
- Disable Common Usernames: Prevent registration of weak usernames like “admin” to harden site security.
- Site Hardening: Restrict author archives to prevent username enumeration and improve security.
UI & UX Enhancements
- Admin Bar Zen Mode: Instantly declutter the admin bar by removing distracting logos, comments, and update nodes.
- Admin Bar Cleanup: Declutter your WordPress dashboard by selectively hiding top-level admin bar items.
- Duplicate Menu: One-click duplication of navigation menus for faster site setup.
- Sticky WhatsApp Button: Add a floating WhatsApp contact button with custom placement and messages.
- Sticky Vertical Button: Create a custom floating button for Feedback, Contact, or any custom link.
- Mobile Navigation: Fixed bottom navigation buttons specifically for mobile visitors.
- Back to Top: Smooth scrolling back-to-top button with customizable shapes and colors.
- Smooth Scrolling: Enable fluid mousewheel scrolling effect for a premium browsing experience.
Identity & Branding
- Logo Management: Easily manage Light and Dark versions of your site logo.
- Login Page Aesthetics: Customize the login page logo and background image for a premium look.
- Contact & Social Info: Manage phone numbers, emails, addresses, and social links from one place.
- Agency Mode: White-label the plugin by renaming the menu and hiding the default icon.
SEO & Communication
- Business Hours: Flexible weekly schedule management with “Open/Closed” status shortcodes.
- Schema.org Integration: Automatic LocalBusiness JSON-LD generation for improved Local SEO.
- SMTP Integration: Ensure reliable email delivery via external providers (Gmail, Outlook, etc.).
- Maintenance Mode: Toggle a professional maintenance page with dashboard status indicators.
Content Management
- Media Replacement: Upload and replace existing media files while preserving the original URL.
- Post Duplicator: Easily clone posts and pages for faster content creation.
- External Links Control: Force all external links to open in a new tab for better user retention.
Admin Workflow
- Gutenberg Control: Easily disable the Block Editor and return to the Classic interface.
- 404 Redirection: Seamlessly redirect all 404 “Not Found” errors to the homepage.
- Dynamic Menus: Automatically add conditional Log In/Out links to your navigation menus.
- One-Click Cache Flushing: Clear cache across multiple platforms (WP Rocket, LiteSpeed) on settings save.
- Remove Query Strings: Remove version query strings (?ver=) from CSS/JS for better performance scores.
- Copyright Year Shortcode:
[wtols_copyright]shortcode that always shows the current year.
External services
This plugin supports the following third-party services to enhance site security:
-
Google reCAPTCHA (v3): Used to protect the login form from automated bot attacks.
- Service: Google reCAPTCHA
- Usage: Verification of human users during login.
- Data Sent: User’s IP address and browser interaction signals.
- Privacy Policy: https://policies.google.com/privacy
- Terms of Service: https://policies.google.com/terms
-
Cloudflare Turnstile: A privacy-focused alternative to CAPTCHA for protecting login forms.
- Service: Cloudflare Turnstile
- Usage: Verification of human users during login.
- Data Sent: Browser and device telemetry.
- Privacy Policy: https://www.cloudflare.com/privacypolicy/
- Terms of Service: https://www.cloudflare.com/website-terms/
Shortcodes
[wtols_phone]– Display primary phone.[wtols_email]– Display primary email.[wtols_address]– Display business address.[wtols_logo]– Display light/dark logo.[wtols_map]– Display embedded map.[wtols_social_links]– Display social icons.[wtols_hours]– Display business hours or open/closed status.[wtols_contact_card]– Display a complete contact info block.
Screenshots
Dashboard overview and contact details. 
Floating widgets 
Login protection and brute force settings. 
Workflow Utilities have disable Gutenberg, comment etc. 
System and backup options.
Installation
- Upload the
webtaru-site-options-login-securityfolder to the/wp-content/plugins/directory. - Activate the plugin through the ‘Plugins’ menu in WordPress.
- Navigate to Webtaru Site Options in your admin menu to configure settings.
Reviews
മെയ് 12, 2026
This is best plugin for those who needs security, login captcha, duplicate page and post and many options in one plugin. You can update phone, mobile number and email from dashboard. It saves your time. Enjoying it!
മെയ് 8, 2026
I’ve been using the WebTaru Site Options & Login Security plugin for a while now, and it has significantly improved my site’s security. The ability to hide the login page and restrict access is a game changer for preventing brute force attacks. It’s very lightweight and doesn’t slow down the site. The interface is user friendly, making it easy to configure even for beginners. Highly recommended for anyone looking to add an extra layer of protection to their WordPress site!
മെയ് 8, 2026
I have installed plugin in my website, and found that plugin have many useful features which are daily needs. Login page url change is my one of favourite because it protects website login page from unwanted spammers. Many other features like disabled comments, CTA buttons, deactivate gutenberg, login captcha, duplicate page and post many mores. Love it!
Contributors & Developers
“Webtaru Site Options and Login Security” is open source software. The following people have contributed to this plugin.
Contributors
Translate “Webtaru Site Options and Login Security” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
2.6.0
- IMPROVED: Full security audit with late-stage escaping for all outputs.
- IMPROVED: Enhanced input sanitization for better data integrity.
- IMPROVED: PHP 8.2 compatibility fixes.
- UPDATED: Tested up to WordPress 6.9.
- UPDATED: Plugin tags for better repository visibility.
- New: Content Protection (Disable Right-Click, Selection, and Copy-Paste).
- New: Auto-Alt Text for missing image Alt tags.
- New: Duplicate Menu functionality in the menu editor.
- New: Remove Query Strings (?ver=) for improved caching and speed scores.
- New:
[wtols_copyright]shortcode for automatic copyright year updates. - New: Login Email Alerts with custom email recipient and Site URL support.
- New: Basic Security Firewall and REST API Restriction for unauthorized users.
- New: Admin Bar Zen Mode for a distraction-free experience.
- Improved: Login alert now uses site-configured time format and provides tracking links.
2.5.0
- New: Advanced XSS Protection (Basic & Advanced modes).
- New: Disable Common Usernames feature with admin dashboard notification.
- New: Smooth Scrolling (Fluid Mousewheel) enhancement.
- Fix: Sticky Header layout overlap with WordPress admin sidebar.
- Fix: Removed incorrect references to SVG Support and Robots.txt Editor.
2.4.0
- NEW: Professional Media Replacement module with AJAX upload.
- NEW: Full SMTP mail delivery integration with test email capability.
- NEW: Admin Bar Cleanup feature to declutter the top admin bar.
- IMPROVED: Security hardening and output escaping for WordPress.org compliance.
- IMPROVED: Broadened detection for third-party Admin Bar nodes (Forms, Elementor, etc.).
- FIXED: Capturing of raw HTML in Admin Bar node titles.
- REMOVED: Prohibited update-blocking features for repository standards.
2.3.0
- NEW: SVG file upload support with strict XML tag sanitization.
- NEW: Maintenance Mode admin bar indicator and search engine visibility alerts.
- NEW: Advanced redirect controls (404 to Homepage, Custom Login/Logout redirects).
- NEW: “Disable Author Archives” for better security and SEO.
- NEW: Automated conditional Log In/Log Out menu items.
- NEW: “Open External Links in New Tab” post content filter.
- NEW: Admin functionality to manage and overwrite
robots.txtoutput. - IMPROVED: Login UI CSS constrained logo width and fixed background attachment.
- IMPROVED: Direct wp-admin access attempts now seamlessly redirect to the homepage.
2.2.6
- Refactored and rebranded as “Webtaru Site Options and Login Security”.
- REMOVED: Prohibited arbitrary code insertion features.
- HARDENED: Security through strict input sanitization and late-stage output escaping.
- UPDATED: Documentation to disclose external service usage.
1.0.0
- Initial release of the rebranded version.