وەسف

CoxWall is a powerful and lightweight WordPress security plugin designed to protect your website from modern security threats, brute-force attacks, malware attempts, and unauthorized access.

It provides advanced security tools including firewall protection, login hardening, security headers, file integrity monitoring, WooCommerce security, and detailed audit logging — all in an easy-to-use interface.

Whether you run a blog, business website, membership platform, or WooCommerce store, CoxWall helps keep your WordPress site secure and protected in real time.

Key Features:

Login Protection – Limit login attempts per IP, lock out attackers, and receive email alerts.
Hide Login – Move your login URL away from the default wp-login.php.
CAPTCHA – Google reCAPTCHA v2 / v3 on login, registration, and WooCommerce forms.
Firewall – Block SQLi, XSS, directory traversal, malicious bots, and XML-RPC abuse.
Security Headers – Set X-Frame-Options, CSP, HSTS, Referrer-Policy, and more.
File Integrity – Detect changes to WordPress core and plugin files.
WooCommerce – Extra security for WooCommerce stores.
Audit Log – Full event log with IP, user, and timestamp for every security event.

Why Choose CoxWall?

Lightweight and performance-friendly
Beginner-friendly setup
Modern security protection
WooCommerce compatible
Advanced firewall system
Detailed security logging
Real-time protection and monitoring

CoxWall helps you secure your WordPress website with enterprise-level protection while keeping the setup simple and user-friendly.

Features:

Login Protection
Hide Login URL
Google reCAPTCHA v2 / v3
Firewall Protection
SQL Injection (SQLi) Blocking
XSS Attack Protection
Directory Traversal Protection
Malicious Bot Blocking
XML-RPC Protection
Security Headers Management
Content Security Policy (CSP)
HSTS Support
Referrer Policy Protection
File Integrity Monitoring
Core File Change Detection
Plugin File Change Detection
WooCommerce Security
Audit Log System
IP Activity Logging
User Activity Tracking
Real-time Security Alerts
Email Notifications
Brute-force Protection
Login Attempt Limiting
IP Lockout System
Malware Defense
Website Hardening
Real-time Monitoring
WordPress Security Suite

External services

This plugin optionally connects to the following third-party / external services. Each service is only contacted when its corresponding module is enabled and the described conditions are met.

Google reCAPTCHA (Google LLC)

What it is and what it is used for:
Google reCAPTCHA is a bot-detection service. CoxWall uses it to protect the WordPress login, registration, lost-password, comment, and WooCommerce My Account forms from automated attacks.

What data is sent and when:
When the CAPTCHA module is enabled, two types of requests are made to Google:

Front-end (page load) – the visitor’s browser loads the reCAPTCHA JavaScript library directly from Google’s CDN (www.google.com). Google receives the visitor’s IP address, browser and device information, and the site’s public reCAPTCHA site key.
Back-end (form submission) – when a visitor submits a protected form, the plugin sends the reCAPTCHA response token, the site’s secret key, and the visitor’s IP address to Google’s verification endpoint (www.google.com/recaptcha/api/siteverify) to confirm the response is valid.

No data is sent if the CAPTCHA module is disabled or if no reCAPTCHA site/secret key has been configured.

Service provider links:
* Terms of Service: https://policies.google.com/terms
* Privacy Policy: https://policies.google.com/privacy
* reCAPTCHA-specific information: https://developers.google.com/recaptcha

WordPress.org Core Checksums API (WordPress.org)

What it is and what it is used for:
The WordPress.org Checksums API provides official MD5 hashes for every file in each WordPress core release. CoxWall’s File Integrity module uses these hashes to detect unauthorized modifications to core files.

What data is sent and when:
When a file integrity scan runs (manually triggered or on schedule), the plugin sends a GET request to https://api.wordpress.org/core/checksums/1.0/ containing: