Ultimate WordPress Admin Security: Stop Unauthorized Privilege Escalation

Has your WordPress site ever been compromised by a rogue administrator account created through a vulnerable plugin, database injection, or malicious script?

Vanguard Admin Protection & Notifications (v4.0.0) is an elite, enterprise-grade security plugin designed with a single, uncompromising goal: to protect your WordPress site from unauthorized privilege escalation and rogue administrators.

Whether an attacker tries to exploit a plugin vulnerability, run unauthorized WP-CLI commands, or inject users directly into your database, our plugin intercepts, blocks, and reverts the threat.

🚀 Powerful Features Built for Absolute Control

👥 1. The “Restricted Administrator” Role (New in v4.0.0)

Delegate safely without losing sleep. Natively split your admin team into two tiers:

  • Authorized Admins (Full Power): The trusted few who can create and manage other administrators.
  • Restricted Admins: Perfect for developers, SEO experts, or agency staff. They retain full Administrator access to manage plugins, themes, and content—but the plugin completely hides and blocks their ability to create, edit, or promote other administrators.

🛡️ 2. 6-Layer Real-Time Defense System

We don’t just hide menus; we block threats at the server and database level:

  • Role Change Interception: Automatically degrades any unauthorized attempt to grant the “administrator” role back to “subscriber”.
  • Meta-Data Shield: Blocks malicious updates to wp_capabilities and wp_user_level in the database.
  • WP-CLI Blocking: Prevents server-side terminal commands from creating or modifying users.
  • Self-Protection: Unauthorized users (even Restricted Admins) cannot deactivate or delete this security plugin.

⚡ 3. Ultra-Fast External Cron Scanning (Bypass Caching & Firewalls)

Don’t rely on unpredictable website traffic for your security scans. Our plugin features a highly secure, token-authenticated REST API endpoint (POST optimized). You can connect it directly to your server’s Cron Jobs (cPanel, ServerAvatar, Forge, etc.) using wget or cURL to perform database integrity checks every 1 or 5 minutes without slowing down your site.

📊 4. Military-Grade Audit Logging & Alerts

Never guess what happened behind the scenes.

  • Visual Dashboard: See exactly when the last security scan ran, right on your WordPress dashboard.
  • 90-Day Audit Trail: Tracks all logins, logouts, blocked promotions, removed ghost admins, and configuration changes with exact IP addresses.
  • Email Notifications: Get instant email alerts whenever a critical security event occurs (e.g., someone trying to inject an admin or modifying your wp-config.php file).
  • Exportable Data: Export your security logs to CSV in one click.

⚙️ 5. File Integrity Monitoring

Automatically monitors your core wp-config.php file. If a hacker or malicious script modifies this file, the plugin detects the hash change, logs the event, and alerts you immediately.

🛠️ How It Works (In 3 Simple Steps)

  1. Install & Activate: Once activated, you (the primary user) are immediately locked in as the sole Authorized Administrator.
  2. Configure Your Team: Go to the plugin settings and categorize your existing admins. Assign trusted partners as Authorized, and set your everyday staff as Restricted Admins. Any unrecognized “Ghost Admins” found in the system will be immediately degraded to subscribers.
  3. Let the Shield Work: The plugin runs silently in the background. If a vulnerability tries to grant admin access to a user, the plugin intercepts the database query, blocks the promotion, and sends you an email alert.

Take back control of your WordPress user roles. Protect your business, your clients, and your peace of mind with Admin Protection & Notifications.

Tested up to: 6.9
Requires PHP: 7.4
Stable tag: 4.0.6
License: GPLv2 or later
License URI: http://www.gnu.org/licenses/gpl-2.0.html

Donate Link: https://paypal.me/luisescoffie?locale.x=es_XC&country.x=MX

Download Plugin

Trademark Disclaimer

WordPress® is a registered trademark of the WordPress Foundation. This plugin, “Admin Protection & Notifications”, is an independent software developed by @luisescoffie and is not affiliated with, sponsored by, endorsed by, or associated with the WordPress Foundation, Automattic Inc., or any of their products or services. The use of the “WordPress” name is for descriptive and compatibility purposes only.

 

This website uses cookies to enhance your browsing experience and ensure the site functions properly. By continuing to use this site, you acknowledge and accept our use of cookies.

Accept All Accept Required Only