Royal Security Pro Documentation
Complete guide to securing your WordPress site with Royal Security Pro. This comprehensive security solution includes 25+ features including firewall, malware scanning, two-factor authentication, file monitoring, and automated backups.
Getting Started
Royal Security Pro is a comprehensive WordPress security plugin that protects your site from hackers, malware, and security threats. It combines essential security features with advanced protection tools in one unified solution.
All Features
Brute Force Protection
Block repeated login attempts and ban malicious IPs.
Login Security
Custom login URL, CAPTCHA, and login limiting.
WordPress Hardening
Disable XML-RPC, hide version, secure permissions.
Activity Logging
Track all user actions and security events.
FirewallPRO
Block malicious requests, SQLi, XSS attacks.
IP ManagementPRO
Whitelist/blacklist IPs, block countries.
Malware ScannerPRO
Detect and remove malicious code from files.
Vulnerability ScannerPRO
Find outdated plugins, themes, and security issues.
Two-Factor AuthPRO
TOTP authenticator app support for all users.
File MonitorPRO
Detect unauthorized file changes in real-time.
BackupPRO
Automated database backups with email notifications.
Database SecurityPRO
Change table prefix, optimize, and protect.
Spam ProtectionPRO
Block comment spam and form submissions.
Uptime Monitoring
Get notified when your site goes down.
Requirements
- WordPress 5.8 or higher
- PHP 7.4 or higher
- Valid Royal Security Pro license
Installation
Download the plugin
Log in to my.royalplugins.com and download the Royal Security Pro ZIP file.
Upload to WordPress
Go to Plugins > Add New > Upload Plugin, select the ZIP file, and click Install Now.
Activate the plugin
Click "Activate Plugin" after installation completes.
Enter your license key
Navigate to Royal Security > License and enter your license key to unlock all Pro features.
Deactivate Royal Security Lite before installing Pro. Your settings and logs will be preserved.
License Activation
Your license key unlocks all Pro features and enables automatic updates.
Activating Your License
Find your license key
Your license key is in your member account and was emailed after purchase.
Enter the license key
Go to Royal Security > License and paste your license key.
Click Activate
The plugin will verify your license and unlock all Pro features.
You can deactivate a license from one site and activate it on another through your member account or the plugin settings.
Security Dashboard
The security dashboard gives you an at-a-glance view of your site's security status.
Dashboard Widgets
- Security Score - Overall security grade (A-F) based on enabled features
- Failed Logins - Failed login attempts in the last 7 days
- Blocked IPs - Currently blocked IP addresses
- Active Threats - Malware detected by the scanner
- Recent Alerts - Latest security events and warnings
- Quick Actions - One-click access to scan, backup, and settings
WordPress Dashboard Widget
See your security status at a glance right from the WordPress dashboard. The Dashboard Widget provides instant visibility into your site's security health without navigating to the full Royal Security dashboard.
Widget Features
- Security Score - Your overall security score displayed prominently with color-coded indicator (green for good, yellow for needs attention, red for critical)
- Threat Count - Number of active threats detected by the malware scanner
- Vulnerability Count - Known vulnerabilities found in your plugins, themes, or core
- Quick Access - One-click link to the full security dashboard for detailed information
Color-Coded Status
| Score Range | Color | Status |
|---|---|---|
| 70-100 | Green | Good - Your site is well protected |
| 40-69 | Yellow | Needs Attention - Review security settings |
| 0-39 | Red | Critical - Immediate action recommended |
The widget appears automatically on the WordPress Dashboard for all administrators. Check your security status every time you log in!
Brute Force Protection
Automatically detect and block brute force login attacks.
Settings
| Setting | Description | Recommended |
|---|---|---|
| Max Login Attempts | Failed attempts before lockout | 5 |
| Lockout Duration | How long to block the IP | 15 minutes |
| Permanent Ban Threshold | Lockouts before permanent ban | 3 |
Login Security
Additional measures to protect your login page.
Features
- Custom Login URL - Hide wp-login.php behind a custom URL
- Login CAPTCHA - Math-based CAPTCHA to prevent bot attacks
- Password Strength - Enforce strong password requirements
WordPress Hardening
Close common security vulnerabilities in WordPress.
Available Options
- Disable XML-RPC - Block remote publishing attacks
- Hide WordPress Version - Remove version from source code
- Disable File Editor - Prevent file editing in admin
- Disable Directory Browsing - Block directory index listing
- Security Headers - Add X-Frame-Options, X-XSS-Protection, etc.
- Remove Meta Tags - Remove RSD, WLW manifest, and shortlinks
FirewallPRO
The firewall blocks malicious requests before they reach your WordPress site.
Protection Types
- SQL Injection - Block database injection attempts
- XSS Attacks - Prevent cross-site scripting
- File Inclusion - Block LFI/RFI attacks
- Bad Bots - Block known malicious bots and user agents
- Rate Limiting - Prevent DDoS and scraping attacks
- IP Whitelist/Blacklist - Allow or block specific IP addresses
Firewall Rules
The firewall includes built-in rules to detect and block common attack patterns. Administrators are automatically whitelisted to prevent lockouts.
Add trusted IP addresses to the whitelist in Settings to ensure they're never blocked by the firewall.
IP ManagementPRO
Take full control of who can access your site with comprehensive IP whitelisting and blacklisting.
Features
- IP Whitelist - Permanently allow trusted IPs (your home, office, VPN)
- IP Blacklist - Block specific IPs or IP ranges from accessing your site
- Country Blocking - Block entire countries based on IP geolocation
- Auto-Block Repeat Offenders - Automatically blacklist IPs after multiple violations
- IP Range Support - Block or allow entire subnets (e.g., 192.168.1.0/24)
Managing IPs
Access IP Management
Go to Royal Security > IP Management in your WordPress admin.
Add IPs to Whitelist or Blacklist
Enter IP addresses manually or select from the list of recently blocked IPs.
Set Expiration (Optional)
For temporary blocks, set an expiration time. Permanent blocks have no expiration.
Before enabling strict firewall rules, add your own IP address to the whitelist to prevent accidentally locking yourself out.
Malware ScannerPRO
Scan your WordPress files for malware, backdoors, and suspicious code.
Scan Types
- Quick Scan - Scans only WordPress core files
- Full Scan - Scans all files in wp-content
- Custom Scan - Scan specific directories
What Gets Detected
- Known malware signatures
- Suspicious PHP code patterns
- Base64-encoded payloads
- Hidden backdoors
- Unauthorized file changes
Always review detected issues before deleting. Some legitimate plugins use patterns that may trigger false positives.
Self-Detection (Expected Behavior)
The scanner may detect its own signature files - this is normal and expected! It proves your malware scanner is working correctly. These detections are shown in a separate "Self-Detection" section with a green indicator, so you can easily distinguish them from real threats.
Vulnerability ScannerPRO
Proactively identify security vulnerabilities before hackers can exploit them.
What Gets Scanned
- Outdated Plugins - Check all plugins for available security updates
- Outdated Themes - Identify themes that need updating
- WordPress Core - Verify you're running the latest secure version
- Abandoned Plugins - Flag plugins not updated in 2+ years
- Known Vulnerabilities - Check against vulnerability databases
- Security Misconfigurations - Detect weak settings (debug mode, admin username, etc.)
Severity Levels
| Level | Description | Action |
|---|---|---|
| Critical | Known exploited vulnerabilities | Update immediately |
| High | Significant security risk | Update within 24 hours |
| Medium | Moderate risk | Update when convenient |
| Low | Best practice recommendation | Consider updating |
Enable weekly vulnerability scans to stay ahead of security issues. You'll receive email alerts when new vulnerabilities are detected.
Two-Factor AuthenticationPRO
Add an extra layer of security with TOTP-based two-factor authentication.
Setup
Enable 2FA
Go to Royal Security > Settings and enable Two-Factor Authentication.
Users configure 2FA
Each user goes to their User Profile page where they'll see the 2FA setup section.
Scan QR code
Users scan the QR code with their authenticator app (Google Authenticator, Authy, etc.) and enter the verification code to complete setup.
When enabled, 2FA setup is available to all users including administrators. Each user must configure it individually from their profile page.
Supported Apps
- Google Authenticator
- Microsoft Authenticator
- Authy
- 1Password
- Any TOTP-compatible app
File Integrity MonitorPRO
Detect unauthorized changes to your WordPress files in real-time.
Monitored Files
- WordPress core files - compared against official checksums
- Plugin files - detect unauthorized modifications
- Theme files - track template changes
- Uploads directory - scan for suspicious files
Alerts
Get email notifications when files are modified or deleted. The daily scan runs automatically and sends alerts if changes are detected.
File integrity scans run daily as part of the scheduled security checks. You can also run a manual scan anytime from the File Monitor page.
BackupPRO
Automated database backups to protect your WordPress data.
Backup Features
- Database Backup - Complete SQL export of your WordPress database
- Scheduled Backups - Automatic daily backups via WordPress cron
- Manual Backup - Create a backup instantly with one click
- Automatic Cleanup - Keeps the last 10 backups, removes older ones
Storage
Backups are stored securely on your server in a protected directory with .htaccess protection to prevent direct access.
Backup Notifications
Get email notifications when backups complete successfully or if errors occur.
Database SecurityPRO
Protect and optimize your WordPress database.
Features
- Change Table Prefix - Change from default wp_ prefix
- Database Cleanup - Remove post revisions, transients, spam
- Optimize Tables - Defragment and repair tables
- Export/Import - Database migration tools
Always create a backup before changing the table prefix or running cleanup operations.
Troubleshooting
Select a troubleshooting guide below for detailed step-by-step solutions:
🔒 Locked Out Recovery
Blocked by firewall or brute force protection? Database and FTP recovery methods.
🔗 Forgot Login URL
Can't find your custom login URL? How to recover or reset it.
📱 2FA Recovery PRO
Lost your authenticator or recovery codes? Regain account access.
🛡️ Firewall Issues PRO
Firewall blocking WooCommerce, Stripe, or legitimate requests?
⚪ White Screen / Error
Fatal error or white screen after enabling a feature? Debug steps.
🦠 Malware Removal PRO
Scanner found real malware? Complete cleanup and recovery guide.
Quick Tips
License not activating?
- Check for extra spaces in the license key
- Verify you haven't exceeded your site limit
- Ensure your license hasn't expired
Contact our support team at support@royalplugins.com with details about your issue and we'll help you resolve it.
Frequently Asked Questions
Does Royal Security Pro slow down my site?
No. The plugin is optimized for performance. The firewall adds minimal overhead, and features like malware scanning run in the background without affecting page load times.
Can I use this with other security plugins?
We recommend using only one security plugin to avoid conflicts. Royal Security Pro provides comprehensive protection on its own.
What if I get hacked?
Use the malware scanner to identify infected files. Restore from a clean backup if available. Contact our support team for assistance with cleanup.
How often should I run malware scans?
We recommend weekly full scans. Enable scheduled scans in the settings to automate this.
Can I use the same license on multiple sites?
Depends on your license type. Single licenses work on 1 site, Multi on 5 sites, Developer on 25 sites, and Agency on 100 sites.