Current Version: 8.5.4
Author: Diego F.
License: GPLv2 or later
Compatibility: WordPress 6.x+
Develop a modular, secure, and scalable WordPress plugin that provides cybersecurity and hardening features with a centralized dashboard, clean design, and future-ready architecture, designed to evolve into a Pro/Freemium version.
Built with PHP, HTML, JavaScript, and CSS, following modern best practices in coding and security:
- Strong validation (
try/catch, sanitization, nonces). - Clear separation between logic, presentation, and configuration.
- Use of native WordPress hooks.
- High modularity and maintainability.
- Fully compliant with WordPress Coding Standards (WPCS).
roosecure-security-suite/ βββ roosecure-security-suite.php β Main plugin file. βββ includes/ β βββ menu.php β Registers main and submenu pages. β βββ settings.php β Global configuration and options management. β βββ roles.php β Custom capability definitions. β βββ logger.php β Internal logging and auditing module. β βββ helpers.php β Common reusable functions. β βββ security-hooks.php β Core security hooks (login, IP blocking, etc.) βββ admin/ β βββ dashboard.php β Main dashboard with metrics and status. β βββ login-protection.php β Login protection configuration page. β βββ firewall.php β Firewall settings. β βββ email-alert.php β Email alert configuration. β βββ hardening.php β WordPress hardening options. β βββ fast-scanner.php β Quick security scan tool. β βββ multiusuario.php β User access and role management. β βββ rendimiento.php β Performance and optimization. βββ assets/ β βββ css/ β β βββ main.css β β βββ dashboard.css β βββ js/ β βββ main.js β βββ dashboard.js βββ uninstall.php β Safe cleanup on plugin uninstall.
- Defines namespace and constant
ROOSECURE_VERSION. - Registers activation and deactivation hooks.
- Loads dependencies (
includes/*.php). - Initializes menu, scripts, and global styles.
- Creates the βRooSecure Security Suiteβ sidebar menu in the WordPress Admin.
- Dynamically loads tabs (Dashboard, Firewall, Login Protection, etc.).
- Implements a global Dark Mode using
localStoragewith smooth transitions.
- Registers plugin options via WordPress Settings API (
register_setting). - Stores and manages global security configurations:
- Maximum failed login attempts.
- Lockout duration.
- Blocked IP list.
- Future support for export/import configuration.
- Contains main security logic:
wp_login_failedβ tracks failed login attempts.wp_authenticateβ blocks suspicious users or IPs.initβ loads firewall rules dynamically.
- Handles temporary user/IP blocking and notification events.
A clean, modern admin UI for login protection:
- Fields for failed login attempts, lockout time, and blocked IPs.
- Uses
update_option()to save values securely. - Displays confirmation message (ββ Settings saved successfullyβ).
- Includes data validation and nonce protection.
Interactive visual dashboard:
- Displays three modern info cards with animated completion percentages (e.g., 80%, 60%, 50%).
- Circular progress indicators using CSS + JS.
- Glassmorphism design with dark-mode compatibility.
- Toggle available under Settings tab.
- State persistence using
localStorage. - Smooth transitions (
fadeand color animation). - Applies globally to all plugin tabs (text, forms, cards, and buttons).
- Fully synchronized across sessions.
- Sanitization:
sanitize_text_field(),esc_html(),wp_verify_nonce(). - Custom roles & capabilities for granular control.
- CSRF and XSS protection via nonces and escaping.
- Modular architecture ready for OOP and REST API expansion.
- Complete data cleanup via
uninstall.php:- Removes options and transient logs safely.
Pro/Freemium Version Plans:
- 2FA (Two-Factor Authentication).
- Advanced malware scanning.
- GeoIP blocking by country.
- Integration with external APIs (Slack, Telegram, Cloudflare).
- Real-time notification center.
- Remote monitoring via REST API.
Author: Diego F.
Contact:
Project: RooSecure Security Suite