Secure Wordpress Site.

BRAVO WP ultimate security - Wordpress Plugin, Read full features to learn how to secure Wordpress site using Bravo.

Buy Now!

Bravo Features

Firewall Rules

The advanced feature in Firewall is the Rules Profiles. There are three profiles: High, Medium and Low, When you need the highest level of firewall security, you should turn it on High level.

All of these profiles contain some of awesome rules, like e.g.: Max Connections, PHP Security, 404 Pages Detection, XMLRPC & Ping Back Control, Bots Comments Blocking, Proxy Comments Blocking, Fake Google Crawlers Blocking, Front-end XSS and SQL Injection Protection and reCAPTCH Wrong Attempts Detection.

Learn more about Bravo Wordpress Firewall.

Two Factor Authentication

We designed some tools to make Wordpress login more secure than usual.
We have made some new options side by side the authentication mobile apps codes, We add Facebook login, Four numbers pin and Security question.

The two factor tool will require another step after user has a correct login using username/email and password, at the second step user will require to verify the another step.

The second step verification will protect you from random login attack.
If you enable Mobile Two Factor, The 2nd step will require a security code from a smart phone application.
So, Bravo is compatible with Authy, Google Authenticator, FreeOTP and Toopher.

Learn more about Bravo wordpress two factor authentication .

Hide Wordpress

Why should we hide Wordpress?
In order to prevent a random test for Wordpress exploits as one of the best practice to secure Wordpress site, We should hide Wordpress version from all stylesheet and scripts calling in the source of the page.
This not all everything, We should also hide wp-login.php and wp-admin.

Bravo offers you some smart options to hide your Wordpress, You able to enable/disable it.

If you choose to hide Wordpress Version, The plugin will hide Wordpress version from meta generator TAG, and it will encode Wordpress version in the last of the scripts and stylesheet links.

wp-login.php will go to a 404 error page and the Firewall (if enabled) will detect these 404 visits.

You would to login to your admin dashboard, But it will be in different name something like e.g.: mylogin, the_login123 or loginme... etc..

Wordpress admin dashboard (wp-admin) will show a 404 error page if you choose to hide it, No way to go to wp-admin directly, You should login at first.

Learn more about Hide Wordpress.

Wordpress Brute Force Protection

One of the favorite attack methods is the brute force, It depends on guessing and random attack.
If we can understand how are they using these styles to login or overload the WordPress blog, We can easily create a good defense.
So, We created some new method to make Wordpress security better more than normal.

By using Bravo WP Ultimate Security Plugin you can create some rules for make the protection at the highest level.
  • Set the login method, username only, email only or both.
  • Make a limit for max wrong login attempts.
  • Set a period to put an IP in the blacklist before coming to unblock.
  • Create a usernames blacklist to prevent these names from the login or/and register.
  • Create an email provider/hosts blacklist to prevent its emails from register.
  • Block some countries from logging, also you can except some IPs from the prevented countries.
  • You will can moderate new members, They can not use their accounts before you approve it.
  • Set minimum and maximum chars for the new login names.

Learn more about Anti Brute Force.

Wordpress Antivirus

An easy and important tool included in Bravo Plugin, This tools contians Six Scanners to let you test your website and make sure you are at the safe side.

Malware Scanner: [read more!]
Scan for web malicious codes like e.g: shell files.
PHPMussel Scanner:
Scan for viruses and malware files like e.g: uploaded files from affected computer.
Google Safe Browsing Scanner:
Scan for pages which marked by browsers as malware or phishing pages.
Spam Listing Scanner:
Check if your domain or URLs marked as spam.
Database Scanner:
Scan database to check if it contains any XSS codes via any SQL Injection bugs at your Wordpress.
File Change Scanner:
Scan directories and files to check if there are any changes (new, altered or deleted files).

Attachments Auto Scanner included, If you enable this option, all attachments will be scanned for viruses before displaying at your Wordpress.

Learn more about Wordpress Antivirus.

Wordpress Config Tweak

Databse Prefix: In order to protect your database from SQL injection, You should use a different prefix for WordPress database.
The default DB prefix is 'wp_' is a global and a known string for all developers and bad guys, So you we have created tool to let you change your WordPress DB prefix via Bravo DB Prefix Wizard.
Here is the article to teach you how to change the DB prefix. [click here]

Auto Update: The plugin gives you options to enable/disable Wordpress auto updates, themes auto updates and plugins auto updates.
This step will partly protect you from the old exploits which were discovered in Wordpress or any plugins/themes.
So, This is an important step for the complete security solutions side by side the other security steps.

Wordpress Salts & Keys: WordPress created these salts for more security, These salts help to encrypt cookie data in the browsers to define user and his capability (roles).
Now you know what is important for these salts and keys?! and why should it be unique?
Bravo helps you to change these Wordpress Salts easy, You have to click on only one button to do this.

Also Bravo helps you to change 'wp-config.php' permissions to read-only and disable error displaying to protect you from bad guys which try to find and exploits in your wordpress site.

So, Please read the full article to learn how to secure wordpress site using wp-config.php via Bravo

Learn more about Wordpress Config Security.


WordPress requires a little housekeeping, Because of unnecessary files and database rows.
The cleaning process depends on two actions from the administrator, First: delete manually unused themes and plugins.
and Second: to delete unused database raws.
Bravo helps you to do that, Only you need to turn on the unused themes and plugins notifications, If there were some unused plugins or themes, Bravo will show you popup to help you remember to delete it.

Housekeeping Module:
We created the housekeeping tool, You will be able to delete all unnecessary files and database rows by clicking "delete button" only.

Learn more about Wordpress Housekeeping.

Google reCAPTCHA

An extra protection layer is adding reCAPTCHA to your WordPress.

Bravo Lets you (optional) to add google reCAPTCHA to theses pages, beacuse it may vulnerable ages:
  • Comments for every post and page (for guests only).
  • Wordpress Login Page.
  • Wordpress Register Page.
  • Wordpress Lost Password Page.

Learn more about reCAPTCHA Wordpress.

Database Backups

It is important to store daily, weekly or/and monthly backups. The most important part in your Wordpress is its database.
So, Bravo provides a good tool to take database backups manually or using scheduled events.

When you decide to take backup of your database, You can make it easy by clicking one click on the backup button.
If you it daily (recommedned), twice daily, weekly or twice weekly, You are able to create new cronjob events using Bravo Cronjobs Module.

Learn more about Wordpress Backup.