WordPress Login Protection, Protect Login, Disable Json API, Disable Rest API, Security Tools Against Cyber Attacks, Malware Scanner, Disable XML-RPC Pingback, Disable Feeds, Stop User Enumeration Anti Hacker Plugin



Improve system security, protect login (Login Security), firewall, scan for malware, block user enumeration and TOR, disable Json WordPress Rest API, xml-rpc (xmlrpc) & Pingback and more a lot of security tools.

  • Anti Hacker free Central provides a powerful and efficient way to manage the Anti Hacker configuration and pro license of many WordPress sites via a single interface.
  • No DNS API (entryPoint) or Cloud Traffic Redirection. No Slow Down Your Site! No Google penalties for slow sites.

Features and Tools Included

  • Prevent unauthorized access to your account by protect your login page also against bots and brute force.
  • Firewall to Block Malicious Requests, Queries, User Agents and URLS. 100% Plug-n-play, no configuration required.
  • View Table of the Blocked Visits and add IP to Whitelist from table and logs failed login attempts.
  • Option to disable Json WordPress Rest API (also new WordPress 4.7 Rest API).
  • You can also disable the WordPress xml-rpc (xmlrpc) (or disable only Pingback) API with just one click.
  • You can turn on login alerts with just one click. Also login fails alert.
  • Send alert email when any new plugin is installed. (First thing hackers do when gain access to your site)
  • Send email alert when AntiHacker plugin in deactivated.
  • WordPress Debug enabled warning.
  • Disable file editing within the WordPress dashboard.
  • Replace insecure login error message.
  • Hide WordPress version number.
  • Disable Application Passwords: Block external applications to request permission to connect to a site and generate a password (WordPress 5.6 new feature)
  • Limit Visits, Limit Bots Attempts (Premium Version)
  • limit only 404 requests (Premium Version)
  • Check Google Safe Browsing Blacklist
  • Check and alert for deactivated Plugins and themes
  • Check and alert for extra files and dangerous files on root folder.
  • Multilingual ready.
  • Disable WordPress native sitemap (for user’s) creation.
  • Disable xml-rpc
  • Disable Pingback

Malware Scanner

  • Security Malware scanner (one click scan) for 797 malwares also in free version (unlimited files).
  • 7 speed options to scan and the scan run on your local computer to not overload your server.
  • Scans every folder and inspects every file on a website (deep scanner) for traces of malware, exploits, trojans, worms, viruses, backdoors as well as JavaScript code obfuscation, exploits, malicious iframes, malicious code injection, malicious code obfuscation, auto-generated malicious content, redirects, hidden eval code and more.
  • Scan all Pages, Posts and Comments against malwares.
  • Alert for plugins and themes without updates for long time or with old versions.
  • Scan your site now before Google blacklists it or your web host takes it down.


  • User enumeration. (is one of the most popular attacks to identify the valid user names)
  • Comments in media page.
  • Bad Queries.* Block All Feeds (Optional).
  • Creation of new Administrators from plugins and themes with vulnerabilities.
  • False Google and Bing (MSN) bots (Premium Version)
  • Search for Theme’s vulnerabilities (Premium Version)
  • Search for Plugin’s vulnerabilities (Premium Version)
  • Tor (The Onion Router) Traffic — Optional — (Premium Version) Tor anonymity provides value to online attackers.
  • HTTP Tools (you can manage the strings)
  • Blank User Agent

Useful Links

Demo Video
Premium Version with more features
StartUp Guide
Online Documentation
FAQ Page
Plugin Site
Plugin Blog with a lot of tips
Compatible with Stop Bad Bots Plugin
Share 🙂

Why disable the WordPress xml-rpc

This plugin disables XML-RPC API in WordPress 3.5+ or above, which is enabled by default.
XML-RPC on WordPress is actually an API or “application program interface“.
It gives developers who make mobile apps, desktop apps and other services the ability to talk to your WordPress site.
Most users don’t need WordPress XML-RPC functionality, and it’s one of the most common causes for exploits.
If you want to access and publish to your blog remotely, then you need XML-RPC enabled.

Why should we disable pingbacks?

Pingback allows you to notify other bloggers that you have linked to their article on your website.
A WordPress website with Pingback enabled can be used in DDOS attacks against other websites.
An attacker can exploit pingback functionality through simple command and an XML-RPC request.

Why disable Json WordPress Rest API

(disable WordPress Rest API)
Block User enumeration to improve security.

The REST API (new WordPress 4.7) allows for anonymous access and this means that anyone can list all
the users of a website. This will enable botnets to try and Bruteforce attack a website with the user’s credentials.

Brute Force Login Protection

A brute-force attack is an attempt to discover a password by systematically trying every
possible combination of letters, numbers, and symbols until you discover the one correct combination
that works.
Our plugin will protect your site against Brute Force Attack, by restrict access to login page to
whitelisted IP addresses.
Otherwise, your login page will request your wordpress user email.
It is not necessary Limit Login Attempts. Read below about Rate Limiting.

Rate Limiting

Rate Limiting is a substitute to Limit Login Attempts.
Bots and Hackers can make a lot of visits in a short time period.
We can just limit a number of visits.

Simple Login Lockdown

Rate Limiting is a substitute to Simple Login Lockdown. Read above.

Rename wp-login.php

Rate Limiting is a substitute to Rename wp-login.php. Read above.


  • Pingback Malware
  • Disable PingBack
  • Remove and Disable XML-RPC Pingback
  • Disable XML-RPC Pingback
  • Anti Hack
  • Free Anti Hack
  • Free Anti Hacker
  • Anti hacking security
  • anti hacker security
  • Security
  • Firewall
  • Disable Json WordPress Rest API
  • Brute Force
  • Limit Login
  • Hide WordPress version number
  • Block user enumeration
  • Protect Login


  • Plugin Dashboard
  • Main Settings Page
  • Block Visits Log


1) Install via wordpress.org

2) Activate the plugin through the ‘Plugins’ menu in WordPress


Extract the zip file and just drop the contents in the wp-content/plugins/ directory of your WordPress installation and then activate the Plugin from Plugins page.


How to Install?

1) Install via wordpress.org

2) Activate the plugin through the ‘Plugins’ menu in WordPress


Extract the zip file and just drop the contents in the wp-content/plugins/ directory of your WordPress installation and then activate the Plugin from Plugins page.

Where is the OnLine Manual?


Where is the OnLine FAQ page?


How can i get support?


Where Can I get more free tips?



8 Ապրիլի, 2021
Bill is slow to update and immediately demanding payment which was made. Antihacker plugin kills ability to edit in Elementor pro. Doesn't seem to be any updates available or other support site that actually works. I go to the support page where it says I can create a ticket, but no ticket is created when I complete the data and no signin occurs either. Weird cuz I've paid for the pro upgrade. Too much time on the beach in Florida or what? Then I get an email to add my server to the whitelist? I attached my PayPal proofs and sent Bill. I don’t have time to waste going through his code to whitelist my server, etc. My IP was already whitelisted. Cmon. Stop hiding behind wordpress.org and provide some support if you’re going to charge for plugins.
30 Մարտի, 2021
Managed to lock people out yet again with an update. do you even bother to test your changes or do you just dump them out there? Tired of the screwups, dumping your plugin permanently. Tired of having to manually go in and remove just to get access back to sites.
15 Դեկտեմբերի, 2020
I had a lot of problems with invalid traffic, that I could solve with this tiny and fast plugin. Thank you.
Read all 10 reviews

Contributors & Developers

“WordPress Login Protection, Protect Login, Disable Json API, Disable Rest API, Security Tools Against Cyber Attacks, Malware Scanner, Disable XML-RPC Pingback, Disable Feeds, Stop User Enumeration Anti Hacker Plugin” is open source software. The following people have contributed to this plugin.



3.31 2021-12-07 — Minor Improvements

3.30 2021-11-19 — Minor Improvements

3.29 2021-11-18 — Minor Improvements

3.28 2021-10-21 — Improved Scanner

3.27 2021-10-19 — Improved Help

3.26 2021-09-23 — Minor Improvements

3.25 2021-07-02 — Improved check integrity of plugin files and others.

3.24 2021-05-31 — Improved HTTP Tools.

3.23 2021-05-26 — Improved Notification email filter.

3.22 2021-05-26 — Fixed Scan issue when user has customized table prefix.

3.21 2021-05-25 — Improved Notifications and http tools.

3.20 2021-05-12 — Removed warning from central.

3.19 2021-05-11 — Minor bug fixed on firewall.

3.18 2021-05-10 — Removed CORS header to avoid PHP warning.

3.17 2021-05-03 — Minor Improvements.

3.16 2021-04-29 — Minor changes to avoid conflict with other malware scan

3.15 2021-04-29 — Added Anti Hacker Free Central

3.14 2021-04-27 — Minor https improvements.

3.13 2021-04-17 — Minor https improvements.

3.12 2021-04-10 — Improved compatibility.

3.11 2021-04-09 — Improved charts and removed version control.

3.10 2021-04-09 — Improved whitelist.

3.9 2021-04-06 — Fixed small bug on activation.

3.8 2021-04-06 — Improved notifications and alerts.

3.7 2021-04-05 — Improved notifications and alerts.

3.6 2021-04-01 — Adjustment to sync with WordPress.

3.5 2021-04-01 — Added Scan to Pages, Posts and Comments.

3.4 2021-03-29 — Improved Login.

3.3 2021-03-28 — Increased size of the scan window.

3.2 2021-03-27 — Added Ruler file.

3.1 2021-03-27 — Added Scan for malware feature.

2.82 2021-03-03 — Improved Memory Management.

2.81 2021-02-26 — Improved httptools management.

2.80 2021-02-23 — Added Google safe browsing check, root folder files and themes/plugins deactivated, added more httptools.

2.79 2021-01-31 — Minor Improvements.

2.78 2021-01-31 — Removed Warning message.

2.77 2021-01-31 — Improved update plugin index.

2.76 2021-01-31 — Improved update plugin index.

2.75 2021-01-31 — Increased table HTTP TOOLS and fixed error on write table fingerprint.

2.74 2021-01-24 — Fixed error on write table fingerprint.

2.73 2021-01-20 — Improved Notification emails.

2.72 2021-01-10 — Minor Improvements.

2.71 2021-01-09 — Minor Improvements.

2.70 2020-12-21 — Improved Search Engine Bot detect.

2.69 2020-12-12 — Improved compatibility with cache plugins.

2.68 2020-12-09 — Added (optional) block to Application Password.

2.67 2020-11-30 — Improvements on Visits Log and login block.

2.66 2020-11-18 — Improvements on dashboard.

2.65 2020-11-17 — Improved Update of table tor.

2.64 2020-11-17 — Improved Creation of table tor.

2.63 2020-11-09 — Included Limiting 404.

2.62 2020-10-28 — Improved Security.

2.61 2020-10-18 — Add View Table Blocked Visits, included Block Blank User Agent, Block HTTP Tools.

2.60 2020-07-15 — Improved TOR blocking.

2.59 2020-04-07 — Small Improvements.

2.58 2020-03-29 — Added Tor Filter (Premium Version).

2.57 2020-02-20 — Small Improvements.

2.56 2020-02-10 — Removed 4 characters message when activate.

2.55 2020-02-10 — Improved Dashboard.

2.54 2020-01-02 — Improved Dashboard.

2.53 2019-12-25 — Improved Database Creation.

2.52 2019-12-20 — Improved Memory Management.

2.51 2019-12-10 — Improved Dashboard Graph Type.

2.49/2.50 2019-12-07 — Improved Dashboard Graph Type.

2.48 2019-12-06 — Improved Dashboard with more info.

2.47 2019-11-25 — Fixed Small bug in database of record visits.

2.46 2019-11-19 — Created Premium Version with more features.

2.45 2019-11-01 — Improved Settings.

2.44 2019-10-23 — Improved Dashboard.

2.43 2019-09-11 — Improved Help.

2.42 2019-09-10 — Improved Help.

2.41 2019-09-02 — Added Protection from plugins and themes with vulnerabilities.

2.40 2019-07-24 — Improved email about new plugim installed.

2.39 2019-07-23 — Allow to block comments in media page.

2.38 2019-07-05 — Improved Help and Documentation.

2.37 2019-05-15 — Improved Site Health Feature.

2.36 2019-05-06 — Block All Feeds to avoid bots exploit.

2.35 2019-04-23 — Block User Enumeration.

2.34 2019-04-01 — Hidyng WordPress Version Information.

2.33 2019-03-23 — Improved Low Memory Help Messages.

2.32 2019-03-13 — Improved Dashboard and added Fix to low memory issue.

2.31 2019-02-28 — Improved Dashboard and added Fix to low memory issue.

2.30 2019-01-24 — Improved Help.

2.29 2019-01-22 — Improved Help.

2.28 2019-01-18 — Included Dashboard and now Forewall exit with 403 Forbidden Error.

2.27 2018-12-26 — Improved Firewall.

2.26 2018-12-26 — Added Firewall.

2.25 2018-08-08 — Improved Help.

2.24 2018-01-05 — Improved Security.

2.23 2018-01-05 — Improved Security.

2.22 2018-01-04 — Improved Security.

2.21 2017-12-23 — Improved Security.

2.20 2017-12-10 — Improved Security.

2.19 2017-12-09 — Improved Security.

2.18 2017-12-05 — Improved Security.

2.17 2017-08-15 — Help and Feedback improved.

2.16 2017-07-06 — Fixed minor bug at notification emails

2.15 2017-06-09 — Tested With WordPress 4.8

2.14 2017-05-25 — eMail Message Notifications improved.

2.13 2017-04-12 — Security Improvement.

2.12 2017-04-11 — Improved feedback System.

2.11 2017-04-05 — Improved Help System.

2.10 2017-03-09 — Improved Help and Start Up page.

2.09 2017-02-13 — Add WordPress Debug enabled warning, disable edit file at dashboard and replace inscure login error message.

2.08 2017-01-30 — Option to Set WordPress to automatically download and install themes and plugin updates.

2.07 2017-01-26 — Minor Improvements at Help.

2.06 2017-01-25 — Included language file.

2.05 2017-01-06 — Improved Help.

2.04 2016-12-17 — Improved the procedure to get IP Address.

2.03 2016-12-13 — Disable Json WordPress Rest API (also new WordPress 4.7 Rest API).

2.02 2016-12-05 — Minor Improvements.

2.01 2016-09-30 — Minor Improvements.

2.0 2016-09-02 — Add email alert when install new plugin or antihacker plugin is deactivated.

1.9 2016-07-08 — Security improvements.

1.8 2016-06-30 — Improved the email message.

1.7 2016-06-29 — Updated the Screenshot image.

1.6 2016-06-29 — Renamed some functions to avoid conflict.

1.5 2016-05-30 — Included Option to disable only PingBack xml-rpc API.

1.5 2016-05-30 — Included Option to disable only PingBack xml-rpc API.

1.4 2016-05-27 — Included Option to disable xml-rpc API.

1.3 2016-05-05 — Renamed some functions to avoid conflits.

1.2 2016-04-30 — Added more features.

1.1 2016-04-18 — Added On Line Start Up Guide, improved design.

1.0 2015-10-18 — Initial Release