{"id":298697,"date":"2026-04-29T04:57:09","date_gmt":"2026-04-29T04:57:09","guid":{"rendered":"https:\/\/vi.wordpress.org\/plugins\/siteops\/"},"modified":"2026-05-05T10:00:06","modified_gmt":"2026-05-05T10:00:06","slug":"sitevorx","status":"publish","type":"plugin","link":"https:\/\/ro.wordpress.org\/plugins\/sitevorx\/","author":20572425,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.7","stable_tag":"1.0.7","tested":"6.9.4","requires":"5.5","requires_php":"7.4","requires_plugins":null,"header_name":"Sitevorx","header_author":"iNET","header_description":"All-in-one WordPress toolkit for optimization, security, SMTP, disk cleanup, and maintenance monitoring.","assets_banners_color":"","last_updated":"2026-05-05 10:00:06","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/inet.vn","rating":5,"author_block_rating":0,"active_installs":0,"downloads":127,"num_ratings":2,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.2":{"tag":"1.0.2","author":"inetcorp","date":"2026-04-29 06:02:13"},"1.0.3":{"tag":"1.0.3","author":"inetcorp","date":"2026-04-29 06:21:54"},"1.0.4":{"tag":"1.0.4","author":"inetcorp","date":"2026-05-05 01:41:29"},"1.0.5":{"tag":"1.0.5","author":"inetcorp","date":"2026-05-05 08:55:53"},"1.0.6":{"tag":"1.0.6","author":"inetcorp","date":"2026-05-05 09:46:06"},"1.0.7":{"tag":"1.0.7","author":"inetcorp","date":"2026-05-05 10:00:06"}},"upgrade_notice":[],"ratings":{"1":0,"2":0,"3":0,"4":0,"5":2},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3517991,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3517991,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7"],"block_files":[],"assets_screenshots":[],"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[3786,732,187,600,6696],"plugin_category":[41,52,54],"plugin_contributors":[261342],"plugin_business_model":[],"class_list":["post-298697","plugin","type-plugin","status-publish","hentry","plugin_tags-cleanup","plugin_tags-maintenance","plugin_tags-optimization","plugin_tags-security","plugin_tags-smtp","plugin_category-communication","plugin_category-performance","plugin_category-security-and-spam-protection","plugin_contributors-inetcorp","plugin_committers-inetcorp"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/sitevorx\/assets\/icon-128x128.png?rev=3517991","icon_2x":"https:\/\/ps.w.org\/sitevorx\/assets\/icon-256x256.png?rev=3517991","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p><strong>Sitevorx<\/strong> is a lightweight, all-in-one WordPress plugin that helps you optimize performance, harden security, and manage your website from a single, modern dashboard. No bloat, no external dependencies \u2014 just the tools you need.<\/p>\n\n<h4>Speed Optimization &amp; Security<\/h4>\n\n<ul>\n<li><strong>Malware Scanner<\/strong>: Scan your entire codebase and database for suspicious injections.<\/li>\n<li><strong>Database Cleanup<\/strong>: Remove revisions, spam comments, expired transients in one click.<\/li>\n<li><strong>System Tweaks<\/strong>: Lazy load images, limit revisions, disable Heartbeat API, allow safe SVG uploads.<\/li>\n<li><strong>Google reCAPTCHA v2<\/strong>: Protect your login form from bots.<\/li>\n<li><strong>Login Attempt Limiter<\/strong>: Lock out IPs after repeated failed login attempts.<\/li>\n<li><strong>Secret Login URL<\/strong>: Hide the default <code>wp-login.php<\/code> with a custom keyword.<\/li>\n<li><strong>Disable XML-RPC<\/strong>: Block DDoS and brute-force attacks via XML-RPC.<\/li>\n<li><strong>Disable File Editor<\/strong>: Prevent code editing from the WordPress dashboard.<\/li>\n<\/ul>\n\n<h4>SMTP Configuration<\/h4>\n\n<ul>\n<li>Send emails via <strong>Gmail<\/strong> (App Password) or a <strong>custom SMTP server<\/strong> (SSL\/TLS).<\/li>\n<li>Built-in <strong>Test Email<\/strong> sender.<\/li>\n<li>Email delivery log with success\/failure tracking.<\/li>\n<li>Force From Name and From Email to prevent address drift.<\/li>\n<\/ul>\n\n<h4>Website Utilities<\/h4>\n\n<ul>\n<li>Inject tracking codes in <strong>Header\/Footer<\/strong> (Google Analytics, Facebook Pixel, etc.).<\/li>\n<li><strong>Content Protection<\/strong>: Disable right-click, text selection, and drag-and-drop.<\/li>\n<li><strong>Maintenance Mode<\/strong>: Display a professional \"under construction\" page to visitors.<\/li>\n<li><strong>Custom Login Logo<\/strong>: Replace the WordPress logo on the login screen with your own brand.<\/li>\n<\/ul>\n\n<h4>Disk Space Manager<\/h4>\n\n<ul>\n<li>Recursively scan your hosting for large files (&gt;50 MB).<\/li>\n<li>Auto-categorize files (backups, error logs, large media).<\/li>\n<li>Bulk delete to free up disk space instantly.<\/li>\n<\/ul>\n\n<h4>Floating Contact Buttons<\/h4>\n\n<ul>\n<li><strong>Phone Hotline<\/strong> button with animated icon.<\/li>\n<li><strong>Zalo<\/strong> chat button (auto-opens Zalo app).<\/li>\n<li><strong>Messenger<\/strong> chat button (m.me deep link).<\/li>\n<li>Fully responsive floating widget in the corner of your site.<\/li>\n<\/ul>\n\n<h4>Import \/ Export Settings<\/h4>\n\n<ul>\n<li><strong>Export<\/strong> all Sitevorx settings as a JSON file.<\/li>\n<li><strong>Import<\/strong> settings from another site in one click.<\/li>\n<li><strong>Reset<\/strong> all settings to factory defaults.<\/li>\n<\/ul>\n\n<h4>Scheduled Cleanup (WP-Cron)<\/h4>\n\n<ul>\n<li>Automatic cleanup: daily, twice daily, or weekly.<\/li>\n<li>Clears temp files, auto-drafts, spam, and optimizes database tables.<\/li>\n<li>Activity log showing the last 20 cleanup runs.<\/li>\n<\/ul>\n\n<h4>Maintenance &amp; Update Monitor<\/h4>\n\n<ul>\n<li>Track plugins and themes that need updating.<\/li>\n<li>Check WordPress core, PHP version, SSL status, and WP_DEBUG.<\/li>\n<li>Maintenance health score with actionable recommendations.<\/li>\n<\/ul>\n\n<h4>Server Info<\/h4>\n\n<ul>\n<li>View Web Server, PHP, MySQL, and WordPress versions at a glance.<\/li>\n<li>PHP limits: memory, execution time, input vars, upload size.<\/li>\n<li>List all loaded PHP extensions.<\/li>\n<li>Database size monitoring.<\/li>\n<\/ul>\n\n<h3>External Services<\/h3>\n\n<h4>Google reCAPTCHA<\/h4>\n\n<p>Sitevorx can optionally integrate with Google reCAPTCHA v2 to protect the WordPress login form. This feature is disabled by default and only works when an administrator explicitly enables it and provides valid API keys.<\/p>\n\n<p>When enabled, the plugin loads the Google reCAPTCHA JavaScript on the login screen and sends the generated verification token to Google's verification endpoint during login validation.<\/p>\n\n<p>This service is provided by Google:\n* Service URL: https:\/\/www.google.com\/recaptcha\/\n* Terms of Service: https:\/\/policies.google.com\/terms\n* Privacy Policy: https:\/\/policies.google.com\/privacy<\/p>\n\n<h3>Highlights<\/h3>\n\n<ul>\n<li><strong>All-in-one<\/strong>: Replaces 5-7 single-purpose plugins (SMTP, Security, Optimization, Cleanup, Maintenance).<\/li>\n<li><strong>Modern UI<\/strong>: Gradient banners, collapsible sidebar, toast notifications, fully responsive.<\/li>\n<li><strong>Secure by design<\/strong>: Nonce verification, input sanitization, CSRF protection, prepared database queries.<\/li>\n<li><strong>Lightweight<\/strong>: Modular architecture \u2014 only loads what you use. Zero frontend impact. No Composer or NPM required.<\/li>\n<li><strong>Localized<\/strong>: Full Vietnamese (vi) translation included via .po\/.mo files.<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>sitevorx<\/code> folder to <code>\/wp-content\/plugins\/<\/code>, or install the ZIP file via <strong>Plugins &gt; Add New &gt; Upload Plugin<\/strong>.<\/li>\n<li>Activate the plugin through the <strong>Plugins<\/strong> menu in WordPress.<\/li>\n<li>Navigate to the <strong>Sitevorx<\/strong> menu item in your admin sidebar.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20plugin%20conflict%20with%20wp%20mail%20smtp%3F\"><h3>Does this plugin conflict with WP Mail SMTP?<\/h3><\/dt>\n<dd><p>Yes, both plugins hook into <code>phpmailer_init<\/code>. We recommend deactivating other SMTP plugins before using Sitevorx's built-in SMTP module.<\/p><\/dd>\n<dt id=\"does%20it%20detect%20real%20ips%20behind%20cloudflare%3F\"><h3>Does it detect real IPs behind Cloudflare?<\/h3><\/dt>\n<dd><p>Yes. Sitevorx reads the <code>CF-Connecting-IP<\/code> header to identify the real visitor IP behind Cloudflare's proxy.<\/p><\/dd>\n<dt id=\"i%20forgot%20my%20secret%20login%20url.%20how%20do%20i%20get%20back%20in%3F\"><h3>I forgot my secret login URL. How do I get back in?<\/h3><\/dt>\n<dd><p>Open phpMyAdmin (or any database tool), find the <code>wp_options<\/code> table, and delete the row where <code>option_name<\/code> is <code>sitevorx_sec_login_key<\/code>. Then access <code>\/wp-login.php<\/code> as usual.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.7<\/h4>\n\n<ul>\n<li>Fixed the Google reCAPTCHA key link so it opens the key creation screen instead of the last-used site analytics page.<\/li>\n<li>Updated the reCAPTCHA settings heading to match the available v2\/v3 selector.<\/li>\n<\/ul>\n\n<h4>1.0.6<\/h4>\n\n<ul>\n<li>Removed the Security Center module from the admin UI and runtime loader to avoid overlap with the existing Optimizer &amp; Security hardening controls.<\/li>\n<li>Disabled the unfinished WAF, 2FA, Security Headers, and Activity Log hooks by no longer loading the Security Center module.<\/li>\n<\/ul>\n\n<h4>1.0.5<\/h4>\n\n<ul>\n<li>Improved: Heartbeat optimization now throttles the API to 60 seconds instead of fully disabling it, preserving autosave and post-locking.<\/li>\n<li>Improved: SVG sanitizer now rejects DOCTYPE, ENTITY, SYSTEM, and PUBLIC declarations to defend against XXE attacks; admin-only upload still required.<\/li>\n<li>Improved: SMTP \"Force From Email\" now warns when the sender domain differs from the site domain (SPF\/DKIM mismatch hint).<\/li>\n<li>Improved: Scheduled cleanup skips <code>OPTIMIZE TABLE<\/code> on tables larger than 500MB to avoid long table locks on shared hosting.<\/li>\n<li>New: reCAPTCHA v3 (invisible, score-based) is now selectable alongside v2; configurable score threshold filter <code>sitevorx_recaptcha_v3_score_threshold<\/code> (default 0.5).<\/li>\n<li>Compliance: Added empty <code>index.php<\/code> files in <code>\/assets<\/code>, <code>\/includes<\/code>, <code>\/languages<\/code> for directory listing protection.<\/li>\n<\/ul>\n\n<h4>1.0.4<\/h4>\n\n<ul>\n<li>Fixed the in-plugin language switch so Vietnamese mode stays Vietnamese even when the WordPress site\/user locale is English.<\/li>\n<\/ul>\n\n<h4>1.0.3<\/h4>\n\n<ul>\n<li>Added dashboard, support, and rating links to the WordPress Plugins screen.<\/li>\n<\/ul>\n\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Second pass on WordPress Plugin Directory automated review feedback:\n\n<ul>\n<li>Header\/footer script output now goes through <code>wp_kses()<\/code> with a strict allow-list (<code>sitevorx_kses_tracking_tags()<\/code>) that permits only tracking \/ verification markup (script, noscript, meta, link, iframe, img, a, div, span, p). Every attribute value is still run through <code>wp_kses_bad_protocol()<\/code> which strips <code>javascript:<\/code>, <code>data:<\/code> and <code>vbscript:<\/code> URLs.<\/li>\n<li>The \"Clear error log\" feature now targets the canonical <code>WP_CONTENT_DIR\/debug.log<\/code> location and uses the WordPress <code>WP_Filesystem<\/code> API. The plugin no longer writes anywhere outside <code>wp-content\/<\/code>.<\/li>\n<li>Escaped the secret login URL preview with <code>esc_url( home_url( '\/?' . $key ) )<\/code>.<\/li>\n<li>Removed the runtime <code>.po<\/code> -&gt; <code>.mo<\/code> translation compiler. The plugin previously regenerated <code>languages\/sitevorx-en_US.mo<\/code> on demand; that wrote to the plugin folder, which is not allowed. The compiled <code>.mo<\/code> is now shipped pre-built with the plugin and WordPress loads it normally.<\/li>\n<li>Removed the runtime machine-translation fallback. The plugin no longer contacts any translation service. The bundled <code>.mo<\/code> file is now the only source of English strings.<\/li>\n<li>Wrapped every remaining dynamic CSS class \/ inline style ternary (e.g. <code>echo $active ? 'on' : 'off'<\/code>) with <code>esc_attr()<\/code> across the sidebar, dashboard overview, SMTP\/Optimizer\/Utilities\/Disk Cleaner tab navigation, and server stat cards, so automated scanners can see the escape explicitly.<\/li>\n<\/ul><\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Security hardening per WordPress Plugin Review feedback:\n\n<ul>\n<li>Added <code>sanitize_text_field()<\/code> wrapper around every nonce value passed to <code>wp_verify_nonce()<\/code>.<\/li>\n<li>Sanitized <code>$_POST<\/code> raw script fields (header\/footer injection) with a dedicated helper (<code>sitevorx_sanitize_raw_script<\/code>) before <code>update_option()<\/code>; save path remains gated by the <code>unfiltered_html<\/code> capability.<\/li>\n<li>Replaced <code>esc_url_raw()<\/code> with <code>esc_url()<\/code> for inline CSS output in the custom login logo.<\/li>\n<li>Escaped every translated\/output string that previously used <code>__()<\/code> inside <code>echo<\/code>\/<code>printf<\/code>\/<code>sprintf<\/code>: now wrapped with <code>esc_html__()<\/code>, <code>esc_html( sprintf(...) )<\/code>, or the <code>sitevorx_kses_basic()<\/code> helper (allowlisted <code>&lt;strong&gt;<\/code>, <code>&lt;a&gt;<\/code>, <code>&lt;br&gt;<\/code>, <code>&lt;code&gt;<\/code>, ...).<\/li>\n<li>Hardened the JSON import flow with explicit <code>wp_unslash()<\/code> + <code>wp_check_invalid_utf8()<\/code> before <code>json_decode()<\/code>; per-field sanitization was already enforced on every decoded value.<\/li>\n<li>Escaped integer counters and dynamic CSS class\/style values with <code>(int)<\/code>, <code>esc_attr()<\/code>, and <code>esc_html()<\/code> across all admin screens.<\/li>\n<li>Sanitized the <code>heavy_files[]<\/code> array from the disk cleaner with <code>array_map( 'sanitize_text_field', wp_unslash(...) )<\/code>.<\/li>\n<\/ul><\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial public release.<\/li>\n<li>Full security audit: nonce verification, capability checks, input sanitization on all forms.<\/li>\n<li>Malware scanner for files and database.<\/li>\n<li>System optimizer with scheduled WP-Cron cleanup.<\/li>\n<li>Maintenance &amp; Update monitor module.<\/li>\n<li>Modern Flex\/Grid responsive dashboard UI.<\/li>\n<li>Complete Vietnamese localization.<\/li>\n<li>Dashboard: complete UI redesign \u2014 hero banner, storage visualization bars, health progress, feature module cards with status badges, 6-card server info grid.<\/li>\n<li>Dashboard: \"Xem dung l\u01b0\u1ee3ng chi ti\u1ebft\" links directly to Detailed Storage tab.<\/li>\n<li>Disk Space Manager: two-tab interface \u2014 \"File C\u1ee1 L\u1edbn (&gt;50 MB)\" (scan &amp; delete) and \"Dung L\u01b0\u1ee3ng Chi Ti\u1ebft\" (WP Content breakdown by plugins\/themes\/uploads\/other + top-10 DB tables + Refresh).<\/li>\n<li>Security: added validation \u2014 cannot enable \"\u0110\u1ed5i \u0110\u01b0\u1eddng D\u1eabn \u0110\u0103ng Nh\u1eadp\" or \"Kh\u00f3a T\u1ef1 \u0110\u1ed9ng \u0110\u0103ng Nh\u1eadp\" without filling required fields; shows error instead of silently reverting.<\/li>\n<li>i18n: bundled language files included for English and Vietnamese.<\/li>\n<li>i18n: added new translation strings for all new UI elements.<\/li>\n<\/ul>","raw_excerpt":"An all-in-one WordPress toolkit for site optimization, security hardening, SMTP configuration, disk cleanup, and maintenance monitoring.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/298697","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=298697"}],"author":[{"embeddable":true,"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/inetcorp"}],"wp:attachment":[{"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=298697"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=298697"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=298697"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=298697"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=298697"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/ro.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=298697"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}