Help Documentation

VMP™ Security plugin documentation and support

Free Support

Support for users of the free version of the plugin is available on our support forums. The majority of features shown are available in the free version of VMP™ Security which helps protect millions of sites around the world.

Go to support forums

Access Upgraded Support Now

Our support engineers, equipped in Premium tickets within a few hours on weekdays, will be pleased to help you with advanced topics, provide comprehensive answers to your questions, and respond to all others in 24 hours or less.

Premium Support

VMP Security Free

VMP Security Free is the free tier of our WordPress security plugin. It includes 280+ real-time firewall rules, all 9 specialized malware scanners (170,000+ signatures), country blocking, the audit log, two-factor authentication, brute force protection, and live traffic monitoring — without paywalled rule delays. Premium adds an extra premium signature feed and the Real-Time IP Blocklist; for most personal sites, the free tier is enough.

In This Article

Web Application Firewall

The free version includes the full VMP Security Web Application Firewall (WAF) with 280+ real-time rules covering SQL injection, cross-site scripting, file inclusion, malicious uploads, and other request-level attack patterns — tuned specifically for WordPress, its core, and its plugin ecosystem. Rules are delivered in real time; there is no 30-day rule delay on the free tier.

The firewall runs at the WordPress endpoint, which means it can inspect TLS-terminated traffic and enforce based on logged-in user state. Cloud-only WAFs cannot do either.

Security Scanner

The scanner inspects your site for compromise indicators using nine specialised scanners: malware signatures (170,000+), file integrity, CVE/vulnerability data, user-account audit, content safety, public-file leaks, server state, binary file analysis, and domain reputation.

Findings can be acted on directly: repair a modified file from the official repository, delete a file that should not exist, update a vulnerable plugin, or mark a finding as ignored if it is a known false positive.

Login Security

The free version includes every login-side defense the plugin offers. There is no Premium-only login feature.

  • Two-factor authentication using TOTP authenticator apps.
  • Brute-force lockout after configurable failed-login thresholds.
  • Username harvest protection that closes the standard WordPress username-leak vectors.
  • Strong password enforcement for selected roles.
  • Optional CAPTCHA on the login and registration forms.
  • Login alerts when administrators sign in or when sign-ins occur from new locations.

Centralized Management

VMP Security Portal is available to free users at no cost. Connect any number of free-tier sites to Portal and manage them from a single dashboard: review findings across the fleet, push configuration templates, configure cross-site alerting, and grant team members role-based access to the sites they need.

Additional tools

Live Traffic shows real-time requests reaching your site, with the ability to identify and act on individual visitors. WHOIS Lookup helps you investigate the origin of suspicious traffic. The Diagnostics page surfaces the environmental information you need to debug unusual behavior, with a one-click bundle for support tickets if it comes to that.

What you do not get on Free

The Premium-only features are limited:

  • The premium malware signature feed (the dashboard shows “Premium Protection Disabled” while you are on the community feed).
  • The Real-Time IP Blocklist — IPs currently attacking other VMP-protected sites are not blocked automatically on free.
  • Premium support response times.

Country Blocking, Audit Log, IP Blocklist, scheduled scans, the full firewall rule set (280+), and 2FA are all included free.

If you find yourself wanting any of these, see the VMP Security Premium article for what an upgrade includes and how to install a Premium license key.

Contents