Restrict Admin Access by Country Settings Guide

Stolen admin credentials can be exploited by foreign threat actors to gain access to a website to further their goals. Restrict Admin Access by Country enhances the security of your WordPress dashboard by limiting administrative logins to a specific list of approved countries. How It Works Solid Security now provides a simple interface to restrict...

Security Headers Settings Guide

Websites without security headers leave their users’ browsers vulnerable to clickjacking, data injection, and account compromise. Without specific instructions, a browser has no way of knowing whether it should block risky behaviors, such as loading unauthorized scripts or allowing your site to be embedded in an iFrame. How It Works Solid Security now provides a...

List of Solid Security Pro Action Hooks

Action hooks trigger custom functions at specific points in Solid Security Pro’s workflows—for example, after a site scan completes or when a user fails a login. Use these actions to integrate external systems, automate responses, or extend behavior without modifying plugin code. Usage example: add_action( 'itsec_new_banned_ip', function ( $ip, $context ) { // Send to...

How Do I Integrate My Plugin with Solid Security Pro reCAPTCHA?

Integrating your plugin with Solid Security’s CAPTCHA – reCAPTCHA feature is a simple process. In this article, we cover how to display and validate the reCAPTCHA. Solid Security fires the itsec_recaptcha_api_ready hook when it is time for plugins to set up their Recaptcha integrations. At this point, Solid Security has already verified that the site administrator has...

Solid Security Pro WP-CLI Integration

Overview Solid Security Pro provides WP-CLI commands to manage security settings, monitor activity, and configure various protection features directly from the command line. This document outlines the available commands, their usage, and options. Prerequisites Commands General Commands While in your WordPress installation, run wp itsec <command> in the command line. Below are the subcommands to...

Help! My Site’s Been Hacked!

You’ve come to the right place. Because WordPress is such a popular way to build on the web, it’s often the target of bad actors looking to gain access to sensitive data. Getting hacked can feel overwhelming, but the SolidWP support team is here to help. This guide has a singular goal: resource you to...

All about Solid Security’s Debug Mode

Solid Security is built by experts in WordPress and web security, and designed to “just work” without users needing to be security experts. You’re a professional, but you don’t need to be a web professional to use this tool. The experts that built Solid Security also baked into it a way for other web professionals...

Frequently Asked Questions

What are Passkeys for WordPress Websites?

Passkeys are the most secure way to log into your WordPress websites. Passkeys use public-key cryptography, where a public and private key pair is generated on your device (a computer or phone, or even a dedicated cryptography device). The private key, which verifies your identity, stays on your device and is never shared. The public...

Understanding Trusted Devices in Solid Security

The Trusted Devices module provides an additional layer of security against Stolen Session Cookie attacks, a common threat in WordPress websites. This provides you with a method to get notified of an unrecognized device attempting access, which you can confirm via email or from the admin bar.  Key features include optional email notifications for unrecognized...