Maintain. Protect. Optimise.

Admin Tools for WordPress

Join the Public Beta

View Compatibility Requirements

Previous Releases

Support & Documentation

Perform maintenance tasks. Protection against hackers. Optimise your site. All in one, neat bundle.

Admin Tools Core

for WordPress

Download Core v. 1.0.0.b2

Admin Tools Pro

for WordPress

Join the Public Beta

Top Features

Maintain

Optimise your database tables. Clean your temporary directory. Or perform any of the countless other daily maintenance tasks with a single click each.

Redirect easily

Redirect any URL to another. Even one outside your site. Prevent 404s when you change your site's structure. Or even use your WordPress site as your very own URL shortener.

Change permissions

Fine-tune your file permissions without having to use FTP or SSH.

Protect your site

Our Web Application Firewall protects your site against the vast majority of common attacks against WordPress sites.

.htaccess Maker

Give your site the best overall protection. Improve your site's performance. Create a sophisticated, secure .htaccess with an easy GUI. You don't have to be an expert.

Watch. Sniff. Catch.

Admin Tools' Malware Scanner will monitor your site's PHP files for changes. If something is amiss, it will let you know. It will even tell you which files are more likely to have been hacked.

Automate it

Let the most useful maintenance operations run automatically. Use a real CRON job to keep the malware scanner ticking while you're fast asleep. Simply and efficiently.

All Features

Download Core 1.0.0.b2 Join the Public Beta

Emergency Off-Line switch

Put your site securely off-line in the case of an attack

 Included in Core Included in Pro

Master Password

Prevent that client from breaking their site by »doing nothing«

 Included in Core Included in Pro

Password protect WP administration

Protect access to your WordPress administration (wp-admin) directory with a username and password.

 Included in Core Included in Pro

Customize Permissions

ACL: fine-grained permissions, controlling which Admin Tools features each user can access.

 Included in Core Included in Pro

Change File & Folder Permissions

Easily change the permissions of all files and folders on your server. Permissions are fully customizable.

Included in Core Included in Pro

On-the-fly link rewrite

Automatically rewrite links to point to your new site. Optionally convert HTTP links to HTTPS.

 Included in Core Included in Pro

Update WordPress salts

Update the WordPress salts in wp-config.php for maximum security when you create copies of sites.

 Included in Core Included in Pro

Password expiration

Force users to change their passwords at a regular interval you define. You can choose which roles this policy applies to.

 Included in Core Included in Pro

Post auto-save optimization

Choose how often WordPress auto-saves posts as you edit them and how many revisions of each post it will keep.

 Not Included in Core Included in Pro

WordPress trash interval

Choose when WordPress will permanently delete posts, pages, attachments and comments from the trash bin. Or have it skip the trash bin altogether.

 Not Included in Core Included in Pro

Manage WordPress hidden features

Easily manage WordPress features which are normally only accessible by editing the wp-config.php file such as: disable file editing, WordPress debug mode and debug log, JavaScript concatenation, memory limit and WordPress page caching.

 Not Included in Core Included in Pro

Repair and optimise tables

Repair and optimise all of your site's database tables

 Included in Core Included in Pro

URL redirection

Redirect old URLs or make your own URL shortener.

 Included in Core Included in Pro

Malware detection

Monitor your site for changed or added PHP files and assess their potential for malicious behaviour.

 Not Included in Core Included in Pro

Settings import / export

Easily duplicate Admin Tools settings between your WordPress sites.

 Not Included in Core Included in Pro

.htaccess Maker

Disable directory listings

 Not Included in Core Included in Pro

Protect against common file injection attacks

Not Included in Core Included in Pro

Disable PHP Easter Eggs

 Not Included in Core Included in Pro

Block access to security-sensitive files

Block web access to files such as htaccess.txt, php.ini, wp-config-sample.php or readme.html in your site's root

 Not Included in Core Included in Pro

Protect against clickjacking

 Not Included in Core Included in Pro

Reduce MIME type security risks

 Not Included in Core Included in Pro

Reflected XSS prevention

 Not Included in Core Included in Pro

Remove Apache and PHP version signature

 Not Included in Core Included in Pro

Prevent content transformation

 Not Included in Core Included in Pro

Block specific user agents

 Not Included in Core Included in Pro

Block direct access to arbitrary PHP files

Protection against direct access to PHP files. It can even block access to uploaded hacking scripts, mitigating the attack.

Not Included in Core Included in Pro

Force index.php parsing before index.html

 Not Included in Core Included in Pro

Optimise expiration time

(good for SEO)

 Not Included in Core Included in Pro

Compress static resources

Automatically compress static resources such as images, CSS, JS

 Not Included in Core Included in Pro

Redirect index.php to site root

 Not Included in Core Included in Pro

Redirect www / non-www

Redirect www to non-www, or non-www to www site, e.g. http://example.com to http://www.example.com

 Not Included in Core Included in Pro

Redirect old domain name to new domain name

 Not Included in Core Included in Pro

Force HTTPS for specific URLs

Force HTTPS even when WordPress doesn't let you to

 Not Included in Core Included in Pro

HSTS header

Increase HTTPS security by telling browsers to never access the unprotected HTTP version of your site.

 Not Included in Core Included in Pro

Disable HTTP methods TRACE and TRACK

Protect your site against XST attacks

 Not Included in Core Included in Pro

Control the Cross-Origin Resource Sharing (CORS) policy of your site

 Not Included in Core Included in Pro

Control if and what ETags will be sent

Optimize client-side caching of your site's content, especially when it's behind a load balancer.

 Not Included in Core Included in Pro

Web Application Firewall

Customised exceptions

Make specific URLs or URL patterns exempt from firewall protection

 Included in Core Included in Pro

Full logging of security exceptions

 Included in Core Included in Pro

E-Mail Notification at security exception

Send out an email when a security exception occurrs

 Included in Core Included in Pro

Geographic Blocking

Prevent access to your site by specific countries or continents

 Not Included in Core Included in Pro

IP black-listing

Prevent access to your site by specific IP addresses or blocks of IP addresses

 Not Included in Core Included in Pro

Administrator IP whitelist

Only allow access to your site's administrator section by specific blocks of IP addresses

 Not Included in Core Included in Pro

Administrator secret URL parameter.

You can only access the administration (wp-admin) pages if you append ?secretWord to the URL. The secret word is customisable.

 Included in Core Included in Pro

Change administrator login URL

(e.g. use http://www.example.com/mylogin instead of http://www.example.com/wp-login)

Not Included in Core Included in Pro

Away schedule

Prevent logging into wp-admin during a preset period every day, e.g. when you're definitely asleep.

 Included in Core Included in Pro

SQLiShield protection

Against SQL injection attacks

Included in Core Included in Pro

Remote File Inclusion block

(RFIShield)

Included in Core Included in Pro

Remote PHP protocol block

(PHPShield)

Included in Core Included in Pro

Direct File Inclusion shield

(DFIShield)

Included in Core Included in Pro

Uploads scanner

(UploadShield)

Included in Core Included in Pro

Anti-spam filtering

Based on Bad Words list

Not Included in Core Included in Pro

Custom login error message

Don't tell the bad guys if a certain username exists on your site or not

 Not Included in Core Included in Pro

Remove RSS links

 Not Included in Core Included in Pro

Remove blog client links

 Not Included in Core Included in Pro

Change login session duration

 Not Included in Core Included in Pro

Disable editing users' properties

Prevent Administrator / Super Administrator accounts from being edited.

 Not Included in Core Included in Pro

Block email domains from user registration

 Not Included in Core Included in Pro

Hide/customise generator meta tag

Included in Core Included in Pro

Project Honeypot's HTTP:BL integration

Integration with Project Honeypot's HTTP:BL anti-spam / anti-hacker IP blocking directory

Included in Core Included in Pro

Auto-ban IPs

Auto-ban IPs causing excessive security exceptions (fully customisable)

Not Included in Core Included in Pro

Login E-Mail Notification

Send email on successful or failed administrator login

Not Included in Core Included in Pro

Customisable email templates and rate throttling for Admin Tools emails

Not Included in Core Included in Pro
Disclaimer
Automated security software, like Admin Tools, can only enhance your site's security, not positively prevent all known and yet-to-be-known attacks against your site. You are strongly recommended, under all circumstances, to follow sane security practices —like updating your site's software regularly and keeping backups— on top of using this product.

Cookies Notification - Action required This website uses cookies to provide user authentication and improve your user experience. Please indicate whether you consent to our site placing these cookies on your device. You can change your preference later, from the controls which will be made available to you at the bottom of every page of our site.