Maintain. Protect. Optimize.

Admin Tools for WordPress

Subscribe for Pro Access

Perform maintenance tasks. Protection against hackers. Optimise your site. All in one, neat bundle.

Admin Tools Core

for WordPress

Download Core

Admin Tools Professional

for WordPress

Subscribe for Pro Access

Top Features

Maintain

Optimise your database tables. Clean your temporary directory. Or perform any of the countless other daily maintenance tasks with a single click each.

Redirect easily

PRO Do you find the Redirect component hard to use? Are you puzzled by its inability to redirect URLs with parameters? No problem! Admin Tools' URL Redirect can do that. And much more.

Change permissions

Fine-tune your file permissions without having to use FTP or SSH.

Protect your site

PRO Our Web Application Firewall protects your site against the vast majority of common attacks. You won't find any security tool more feature-complete than this.

.htaccess / web.config Maker

PRO Give your site the best overall protection. Create a sophisticated, secure .htaccess or web.config configuration with an easy GUI. You don't have to be an expert. Or even know how these files work.

Watch. Sniff. Catch.

PRO Admin Tools' PHP File Change Scanner will monitor your site's PHP files for changes. If something is amiss, it will let you know. It will even tell you which files might have been hacked.

Automate it

PRO Let the most useful maintenance operations run automatically. Use a CRON to keep the file change scanner ticking while you're fast asleep. Simply and efficiently.

All Features

Admin Tools for WordPress Core Professional
  Download Core Subscribe for Pro Access
Emergency Off-Line switch

Put your site securely off-line in the case of an attack

Included in Core Included in Pro
Master Password

Prevent that client from breaking their site by »doing nothing«

Included in Core Included in Pro
Customize Permissions

ACL: fine-grained permissions, controlling which Admin Tools features each user can access.

Included in Core Included in Pro
Password protect WP administration

Protect access to your wp-admin directory with a username and password.

Included in Core Included in Pro
Change File & Folder Permissions

Easily change the permissions of all files and folders on your server. Permissions are fully customizable.

Included in Core Included in Pro
On-the-fly link rewrite

Automatically rewrite links to point to your new site. Optionally convert HTTP links to HTTPS.

Included in Core Included in Pro
Update WordPress salts

Update the WordPress salts in wp-config.php for maximum security when you create copies of sites.

Included in Core Included in Pro
Password expiration

Force users to change their passwords at a regular interval you define. You can choose which roles this policy applies to.

Included in Core Included in Pro
Post auto-save optimization

Choose how often WordPress auto-saves posts as you edit them and how many revisions of each post it will keep.

Not Included in Core Included in Pro
WordPress trash interval

Choose when WordPress will permanently delete posts, pages, attachments and comments from the trash bin. Or have it skip the trash bin altogether.

Not Included in Core Included in Pro
Manage WordPress hidden features

Easily manage WordPress features which are normally only accessible by editing the wp-config.php file such as: disable file editing, WordPress debug mode and debug log, JavaScript concatenation, memory limit and WordPress page caching.

Not Included in Core Included in Pro
Repair and optimise tables

Repair and optimise all of your site's tables.

Included in Core Included in Pro
URL redirection

Redirect old URLs or make your own URL shortener with features far beyond Joomla!'s

Not Included in Core Included in Pro
Malware detection

Monitor your site for changed or added PHP files and assess their potential for malicious behaviour

Not Included in Core Included in Pro
Settings import / export

Easily duplicate Admin Tools settings between your WordPress sites.

Not Included in Core Included in Pro

.htaccess and web.config Maker

Disable directory listings
Not Included in Core Included in Pro
Protect against common file injection attacks
Not Included in Core Included in Pro
Disable PHP Easter Eggs
Not Included in Core Included in Pro
Block access to security-sensitive files

Block web access to files such as htaccess.txt, php.ini, wp-config-sample.php or readme.html in your site's root

Not Included in Core Included in Pro
Protect against clickjacking
Not Included in Core Included in Pro
Reduce MIME type security risks
Not Included in Core Included in Pro
Reflected XSS prevention
Not Included in Core Included in Pro
Remove Apache and PHP version signature
Not Included in Core Included in Pro
Prevent content transformation
Not Included in Core Included in Pro
Block specific user agents
Not Included in Core Included in Pro
Block direct access to PHP files

Protection against direct access to PHP files. It can even block access to uploaded hacking scripts, mitigating the attack.

Not Included in Core Included in Pro
Force index.php parsing before index.html
Not Included in Core Included in Pro
Optimise expiration time

(good for SEO)

Not Included in Core Included in Pro
Compress static resources

Automatically compress static resources such as images, CSS, JS

Not Included in Core Included in Pro
Redirect index.php to site root
Not Included in Core Included in Pro
Redirect www / non-www

Redirect www to non-www, or non-www to www site, e.g. http://example.com to http://www.example.com

Not Included in Core Included in Pro
Redirect old domain name to new domain name
Not Included in Core Included in Pro
Force HTTPS for specific URLs

Force HTTPS even when WordPress doesn't let you to

Not Included in Core Included in Pro
Force HSTS header

Increase HTTPS security by telling browsers to never access the unprotected HTTP version of your site.

Not Included in Core Included in Pro
Disable HTTP methods TRACE and TRACK

Protect your site against XST attacks

Not Included in Core Included in Pro
Control the Cross-Origin Resource Sharing (CORS) policy of your site
Not Included in Core Included in Pro
Control if and what ETags will be sent

Optimize client-side caching of your site's content, especially when it's behind a load balancer.

Not Included in Core Included in Pro

Web Application Firewall

Customised exceptions

Down to the component, view or query string level

Included in Core Included in Pro
Full logging of blocked requests
Included in Core Included in Pro
E-Mail Notification at security exception

Send out an email when a security exception occurrs

Included in Core Included in Pro
IP deny list

Prevent access to your site by specific IP addresses or blocks of IP addresses

Not Included in Core Included in Pro
Administrator IP exclusive allow list

Only allow access to your site's administrator section by specific blocks of IP addresses

Not Included in Core Included in Pro
Change administrator login URL

(e.g. use http://www.example.com/mylogin instead of http://www.example.com/wp-login)

Not Included in Core Included in Pro
Away schedule

Prevent logging into wp-admin during a preset period every day, e.g. when you're definitely asleep.

Included in Core Included in Pro
SQLiShield protection

Catch and prevent most SQL injection attacks

Included in Core Included in Pro
Remote File Inclusion block

(RFIShield)

Included in Core Included in Pro
Remote PHP protocol block

(PHPShield)

Included in Core Included in Pro
Uploads scanner

(UploadShield)

Included in Core Included in Pro
Anti-spam filtering

Based on Bad Words list

Not Included in Core Included in Pro
Custom login error message

Don't tell the bad guys if a certain username exists on your site or not

Not Included in Core Included in Pro
Remove RSS links
Not Included in Core Included in Pro
Remove blog client links
Not Included in Core Included in Pro
Change login session duration
Not Included in Core Included in Pro
Disable editing users' properties

Prevent Administrator / Super Administrator accounts from being edited.

Not Included in Core Included in Pro
Block email domains from user registration
Not Included in Core Included in Pro
Hide/customise generator meta tag
Included in Core Included in Pro
Project Honeypot's HTTP:BL integration

Integration with Project Honeypot's HTTP:BL anti-spam / anti-hacker IP blocking directory

Included in Core Included in Pro
Auto-ban IPs

Auto-ban IPs causing excessive security exceptions (fully customisable)

Not Included in Core Included in Pro
Login E-Mail Notification

Send email on successful or failed administrator login

Not Included in Core Included in Pro
Customisable email templates and rate throttling for Admin Tools emails
Not Included in Core Included in Pro
Disclaimer

Automated security software, like Admin Tools, can only enhance your site's security, not positively prevent all known and yet-to-be-known attacks against your site. You are strongly recommended, under all circumstances, to follow sane security practices —like updating your site's software regularly and keeping backups— on top of using this product.