Plugins DatabasePlugins Database logo
Back to plugins
Homepage WordPress

Actions

DownloadAuthor pageSee on WordPress

Plugin info

Total downloads: 144
Active installs: 0
Total reviews: 21
Average rating: 5
Support threads opened: 0
Support threads resolved: 0 (0%)
Available in: 1 language(s)
Contributors: 1
Last updated: 9/13/2025 (156 days ago)
Added to WordPress: 9/13/2025 (0 years old)
Minimum WordPress version: 5.5
Tested up to WordPress version: 6.8.3
Minimum PHP version: 7.4

Maintenance & Compatibility

Maintenance score

Maintained • Last updated 156 days ago • 21 reviews

54/100

Is Security Control by Reflecters abandoned?

Likely maintained (last update 156 days ago).

Compatibility

Requires WordPress: 5.5
Tested up to: 6.8.3
Requires PHP: 7.4

Ratings

21
0
0
0
0See all reviews

Developers

Reflecters (Owner)1

Languages

Similar & Alternatives

Explore plugins with similar tags, and compare key metrics like downloads, ratings, updates, support, and WP/PHP compatibility.

No similar plugins found yet.
See more alternatives to Security Control by Reflecters

Description

Security Control by Reflecters secures WordPress by detecting new devices, blocking them with a password overlay, and alerting users with sirens and banners.

Key Features

  • New Device Detection: Identifies new devices using a secure cookie-based system.
  • Siren Password Overlay: Blocks new devices with a full-screen password prompt (default password: 2210).
  • Broadcast Alerts: Notifies all admin, editor, and author users with a siren sound and warning banner when a new device logs in.
  • Master Admin Control: Only the designated master admin can manage settings, block/unblock users, or reset trusted devices.
  • IP Blocking: Temporarily blocks IPs after multiple failed password attempts.
  • Email Notifications: Sends alerts to admins, editors, and authors for new device logins, blocks, or trusted devices (configurable).
  • Trusted Device Management: Allows users to trust their devices after verification and admins to manage trusted devices.
  • Customizable Siren: Upload custom MP3 audio for the siren alert.
  • Security Headers: Adds X-Frame-Options, X-Content-Type-Options, and Referrer-Policy headers for admin pages.

This plugin is ideal for WordPress sites needing robust security for multi-user environments, ensuring only trusted devices access the admin area while keeping authorized users informed of potential threats.

Additional Notes

  • Default Password: The default siren stop password is 2210. Change it in the settings for security.
  • Security: The plugin uses nonces for AJAX security, secure cookies for device tracking, and hashes passwords client-side before transmission.
  • Performance: Uses transients for temporary data (new device detection, IP blocking) to minimize database load.
  • Compatibility: Tested with WordPress 6.8. Requires PHP 7.4+ for modern features like typed arrays.

For support, contact Reflecters at [email protected] or visit https://reflecters.com.

Installation

  1. Download and Upload:
    • Download the plugin zip file.
    • In your WordPress admin panel, go to Plugins > Add New > Upload Plugin.
    • Upload the zip file and click “Install Now.”
  2. Activate:
    • Activate the plugin through the Plugins menu in WordPress.
  3. Set Up Master Admin:
    • Upon activation, a notice will prompt an administrator to set the Master Admin.
    • Select an administrator from the dropdown and click “Set Master Admin.”
  4. Configure Settings:
    • Go to Settings > Siren Protector in the WordPress admin menu.
    • Enable the plugin (set Status to ON).
    • Configure the siren stop password, custom audio, and other features as needed.
    • Save settings to activate device monitoring and alerts.
  5. Folder Structure:
    • Ensure the plugin folder (security-controll-by-reflecters) contains:
      • security-controll-by-reflecters.php
      • js/scbr-settings.js
      • js/scbr-overlay.js
      • js/scbr-broadcast.js
      • css/scbr-admin.css

Frequently Asked Questions

What happens when a new device logs in?

When an admin, editor, or author logs in from a new device, that device is blocked with a full-screen overlay requiring the siren stop password (default: 2210). Other logged-in users (including the same user on trusted devices) see a warning banner and hear a siren (if enabled). The master admin can block the user, or any authorized user can trust the device.

How do I trust a new device?

Enter the correct siren stop password on the new device to trust it automatically. Alternatively, from another trusted device, click “Trust Device” in the warning banner. The master admin can also manage trusted devices in the settings.

Who can block or unblock users?

Only the master admin can block or unblock users via the warning banner or the settings page. Blocking a user logs them out, clears their trusted devices, and prevents further logins until unblocked.

Why don’t I hear the siren?

Browsers require user interaction (e.g., click, scroll) to play audio. The siren plays automatically after interaction. Check your browser’s sound settings (e.g., chrome://settings/content/sound). You can also mute the siren via the warning banner.

Can I change the siren sound?

Yes, in Settings > Siren Protector, upload an MP3 file for a custom siren sound. Leave it blank to use the default siren.

What roles are monitored?

The plugin monitors users with admin, editor, or author roles. Contributors and subscribers are not affected.

How do I debug issues?

Enable WP_DEBUG in wp-config.php (define('WP_DEBUG', true);). Check the browser console (DevTools > Console) for JavaScript errors and the Network tab for AJAX responses. Verify plugin options in wp_options (scbr_settings, scbr_blocked_users) and transients (scbr_trigger_*, scbr_broadcast).

Review feed

No reviews available

Screenshots

  1. <strong>Master Admin Setup</strong>: Prompt to select the master admin on first activation.

    Master Admin Setup: Prompt to select the master admin on first activation.

  2. <strong>Settings Page</strong>: Configure plugin status, siren password, custom audio, and features.

    Settings Page: Configure plugin status, siren password, custom audio, and features.

  3. <strong>New Device Overlay</strong>: Full-screen password prompt for untrusted devices.

    New Device Overlay: Full-screen password prompt for untrusted devices.

  4. <strong>Warning Banner</strong>: Alert for other users when a new device logs in, with trust/block/mute options.

    Warning Banner: Alert for other users when a new device logs in, with trust/block/mute options.

  5. <strong>Trusted Devices Management</strong>: View and remove trusted devices in the settings.

    Trusted Devices Management: View and remove trusted devices in the settings.

Changelog

1.1

  • Changed prefix from wrs to scbr for all options, transients, user meta, cookies, and scripts to avoid conflicts with other plugins.
  • Improved script and style enqueuing to load only on relevant admin pages.
  • Moved inline scripts and styles to proper JavaScript (scbr-overlay.js, scbr-settings.js, scbr-broadcast.js) and CSS (scbr-admin.css) files.
  • Added data migration during activation to preserve existing settings and user data.
  • Fixed plugin name to “Security Control by Reflecters” for consistency.

1.0

  • Initial release with device-based authentication, siren alerts, master admin control, and IP blocking.
  • Features new device detection, broadcast alerts, and trusted device management.
  • Supports admin, editor, and author roles with email notifications and customizable siren audio.
Back to plugins