FortressX Security – Firewall, Security Scan & Hardening

FortressX Security is a WordPress security plugin for site owners, freelancers and agencies who want a clear overview of important protection settings.

The plugin focuses on practical WordPress security tasks: login protection, request protection, hardening checks, file integrity monitoring, security status information and clear administration screens.

Core Features

• Login protection and brute-force mitigation
• Firewall and request protection tools
• XML-RPC protection
• REST user enumeration protection
• Security checks and hardening recommendations
• File integrity monitoring
• Security reports and status overview
• Clean administration interface

Optional Pro Add-on

A separate commercial add-on may be offered outside WordPress.org. The WordPress.org plugin remains fully functional on its own and does not require a license key to use its included features.

External Services

FortressX Security can connect to external services only for specific plugin features. The services listed below are used for security intelligence or optional integrations configured by the site administrator.

The plugin does not intentionally transmit WordPress user passwords, private post content, customer order data or full website files to these services.

FortressX Intelligence Feed

Service URL: https://fortessx-licenses.com/fx-intel

Purpose: Retrieves signed security intelligence data and rule updates for FortressX security checks.

Data transmitted: Technical request data required to retrieve the feed, such as the requesting site domain, plugin version, WordPress/PHP environment metadata and standard server request information such as the server IP address.

When used: Only after the administrator explicitly enables or manually starts FortressX Intelligence functionality. Until then, FortressX works with local rules only.

Service provider: Aorist / FortressX.

Terms and privacy information: https://fortressx-security.com/privacy/

AbuseIPDB

Service URL: https://api.abuseipdb.com/

Purpose: Optional IP reputation lookup for login protection when configured by the administrator.

Data transmitted: The IP address selected for reputation lookup, the configured AbuseIPDB API key and request metadata required by AbuseIPDB.

When used: Only when the administrator enables and configures the AbuseIPDB integration.

Service provider: AbuseIPDB.

Terms: https://www.abuseipdb.com/legal
Privacy policy: https://www.abuseipdb.com/privacy

Cloudflare API

Service URL: https://api.cloudflare.com/

Purpose: Optional Cloudflare-related security or cache actions when configured by the administrator.

Data transmitted: Cloudflare zone/account information, API credentials configured by the administrator and the data required for the selected Cloudflare action.

When used: Only when the administrator enables and configures Cloudflare integration.

Service provider: Cloudflare.

Terms: https://www.cloudflare.com/website-terms/
Privacy policy: https://www.cloudflare.com/privacypolicy/

Data Handling and Privacy

FortressX Security scans local WordPress files for security purposes. Full files are not transmitted externally by the scanner.

The plugin stores security settings, scan results, file integrity information, logs and status information locally in the WordPress installation. This information is used to show security status, support administrator actions and help identify changes or risks.

External communication is limited to the services documented in the External Services section and only where the related feature is enabled or configured.

Background Tasks

FortressX Security may use WordPress scheduled tasks (WP-Cron) for security-related maintenance, such as scheduled checks, local monitoring or retrieving signed rule updates after opt-in.

These tasks are designed to avoid unnecessary load and run only as required for the related feature.