Name: Sitevorx
Rating: 5 (2 reviews)

Description

Sitevorx is a lightweight, all-in-one WordPress plugin that helps you optimize performance, harden security, and manage your website from a single, modern dashboard. No bloat, no external dependencies — just the tools you need.

Speed Optimization & Security

Malware Scanner: Scan your entire codebase and database for suspicious injections.
Database Cleanup: Remove revisions, spam comments, expired transients in one click.
System Tweaks: Lazy load images, limit revisions, disable Heartbeat API, allow safe SVG uploads.
Google reCAPTCHA v2: Protect your login form from bots.
Login Attempt Limiter: Lock out IPs after repeated failed login attempts.
Secret Login URL: Hide the default wp-login.php with a custom keyword.
Disable XML-RPC: Block DDoS and brute-force attacks via XML-RPC.
Disable File Editor: Prevent code editing from the WordPress dashboard.

SMTP Configuration

Send emails via Gmail (App Password) or a custom SMTP server (SSL/TLS).
Built-in Test Email sender.
Email delivery log with success/failure tracking.
Force From Name and From Email to prevent address drift.

Website Utilities

Inject tracking codes in Header/Footer (Google Analytics, Facebook Pixel, etc.).
Content Protection: Disable right-click, text selection, and drag-and-drop.
Maintenance Mode: Display a professional “under construction” page to visitors.
Custom Login Logo: Replace the WordPress logo on the login screen with your own brand.

Disk Space Manager

Recursively scan your hosting for large files (>50 MB).
Auto-categorize files (backups, error logs, large media).
Bulk delete to free up disk space instantly.

Floating Contact Buttons

Phone Hotline button with animated icon.
Zalo chat button (auto-opens Zalo app).
Messenger chat button (m.me deep link).
Fully responsive floating widget in the corner of your site.

Import / Export Settings

Export all Sitevorx settings as a JSON file.
Import settings from another site in one click.
Reset all settings to factory defaults.

Scheduled Cleanup (WP-Cron)

Automatic cleanup: daily, twice daily, or weekly.
Clears temp files, auto-drafts, spam, and optimizes database tables.
Activity log showing the last 20 cleanup runs.

Maintenance & Update Monitor

Track plugins and themes that need updating.
Check WordPress core, PHP version, SSL status, and WP_DEBUG.
Maintenance health score with actionable recommendations.

Server Info

View Web Server, PHP, MySQL, and WordPress versions at a glance.
PHP limits: memory, execution time, input vars, upload size.
List all loaded PHP extensions.
Database size monitoring.

External Services

Google reCAPTCHA

Sitevorx can optionally integrate with Google reCAPTCHA v2 to protect the WordPress login form. This feature is disabled by default and only works when an administrator explicitly enables it and provides valid API keys.

When enabled, the plugin loads the Google reCAPTCHA JavaScript on the login screen and sends the generated verification token to Google’s verification endpoint during login validation.

This service is provided by Google:
* Service URL: https://www.google.com/recaptcha/
* Terms of Service: https://policies.google.com/terms
* Privacy Policy: https://policies.google.com/privacy

Highlights

All-in-one: Replaces 5-7 single-purpose plugins (SMTP, Security, Optimization, Cleanup, Maintenance).
Modern UI: Gradient banners, collapsible sidebar, toast notifications, fully responsive.
Secure by design: Nonce verification, input sanitization, CSRF protection, prepared database queries.
Lightweight: Modular architecture — only loads what you use. Zero frontend impact. No Composer or NPM required.
Localized: Full Vietnamese (vi) translation included via .po/.mo files.

Installation

Upload the sitevorx folder to /wp-content/plugins/, or install the ZIP file via Plugins > Add New > Upload Plugin.
Activate the plugin through the Plugins menu in WordPress.
Navigate to the Sitevorx menu item in your admin sidebar.

FAQ

Does this plugin conflict with WP Mail SMTP?: Yes, both plugins hook into phpmailer_init. We recommend deactivating other SMTP plugins before using Sitevorx’s built-in SMTP module.
Does it detect real IPs behind Cloudflare?: Yes. Sitevorx reads the CF-Connecting-IP header to identify the real visitor IP behind Cloudflare’s proxy.
I forgot my secret login URL. How do I get back in?: Open phpMyAdmin (or any database tool), find the wp_options table, and delete the row where option_name is sitevorx_sec_login_key. Then access /wp-login.php as usual.

Reviews

kiennt1412 May 6, 2026

Thật ra tôi là người Ấn Độ, sau khi dùng tôi thấy là Dễ dùng, dễ hiểu, dễ kiểm soát. Cảm ơn đội ngũ.

hoangnga April 29, 2026

Thật ra tôi là người Việt, plugin này rất tiện, giúp tôi quản lý tập trung và gần như không phải mở gì ngoài nó, cảm ơn đội ngũ phát triển

Read all 2 reviews

Contributors & Developers

“Sitevorx” is open source software. The following people have contributed to this plugin.

iNET

Translate “Sitevorx” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.7

Fixed the Google reCAPTCHA key link so it opens the key creation screen instead of the last-used site analytics page.
Updated the reCAPTCHA settings heading to match the available v2/v3 selector.

1.0.6

Removed the Security Center module from the admin UI and runtime loader to avoid overlap with the existing Optimizer & Security hardening controls.
Disabled the unfinished WAF, 2FA, Security Headers, and Activity Log hooks by no longer loading the Security Center module.

1.0.5

Improved: Heartbeat optimization now throttles the API to 60 seconds instead of fully disabling it, preserving autosave and post-locking.
Improved: SVG sanitizer now rejects DOCTYPE, ENTITY, SYSTEM, and PUBLIC declarations to defend against XXE attacks; admin-only upload still required.
Improved: SMTP “Force From Email” now warns when the sender domain differs from the site domain (SPF/DKIM mismatch hint).
Improved: Scheduled cleanup skips OPTIMIZE TABLE on tables larger than 500MB to avoid long table locks on shared hosting.
New: reCAPTCHA v3 (invisible, score-based) is now selectable alongside v2; configurable score threshold filter sitevorx_recaptcha_v3_score_threshold (default 0.5).
Compliance: Added empty index.php files in /assets, /includes, /languages for directory listing protection.

1.0.4

Fixed the in-plugin language switch so Vietnamese mode stays Vietnamese even when the WordPress site/user locale is English.

1.0.3

Added dashboard, support, and rating links to the WordPress Plugins screen.

1.0.2

Second pass on WordPress Plugin Directory automated review feedback:
- Header/footer script output now goes through wp_kses() with a strict allow-list (sitevorx_kses_tracking_tags()) that permits only tracking / verification markup (script, noscript, meta, link, iframe, img, a, div, span, p). Every attribute value is still run through wp_kses_bad_protocol() which strips javascript:, data: and vbscript: URLs.
- The “Clear error log” feature now targets the canonical WP_CONTENT_DIR/debug.log location and uses the WordPress WP_Filesystem API. The plugin no longer writes anywhere outside wp-content/.
- Escaped the secret login URL preview with esc_url( home_url( '/?' . $key ) ).
- Removed the runtime .po -> .mo translation compiler. The plugin previously regenerated languages/sitevorx-en_US.mo on demand; that wrote to the plugin folder, which is not allowed. The compiled .mo is now shipped pre-built with the plugin and WordPress loads it normally.
- Removed the runtime machine-translation fallback. The plugin no longer contacts any translation service. The bundled .mo file is now the only source of English strings.
- Wrapped every remaining dynamic CSS class / inline style ternary (e.g. echo $active ? 'on' : 'off') with esc_attr() across the sidebar, dashboard overview, SMTP/Optimizer/Utilities/Disk Cleaner tab navigation, and server stat cards, so automated scanners can see the escape explicitly.

1.0.1

Security hardening per WordPress Plugin Review feedback:
- Added sanitize_text_field() wrapper around every nonce value passed to wp_verify_nonce().
- Sanitized $_POST raw script fields (header/footer injection) with a dedicated helper (sitevorx_sanitize_raw_script) before update_option(); save path remains gated by the unfiltered_html capability.
- Replaced esc_url_raw() with esc_url() for inline CSS output in the custom login logo.
- Escaped every translated/output string that previously used __() inside echo/printf/sprintf: now wrapped with esc_html__(), esc_html( sprintf(...) ), or the sitevorx_kses_basic() helper (allowlisted <strong>, <a>, <br>, <code>, …).
- Hardened the JSON import flow with explicit wp_unslash() + wp_check_invalid_utf8() before json_decode(); per-field sanitization was already enforced on every decoded value.
- Escaped integer counters and dynamic CSS class/style values with (int), esc_attr(), and esc_html() across all admin screens.
- Sanitized the heavy_files[] array from the disk cleaner with array_map( 'sanitize_text_field', wp_unslash(...) ).

1.0.0

Initial public release.
Full security audit: nonce verification, capability checks, input sanitization on all forms.
Malware scanner for files and database.
System optimizer with scheduled WP-Cron cleanup.
Maintenance & Update monitor module.
Modern Flex/Grid responsive dashboard UI.
Complete Vietnamese localization.
Dashboard: complete UI redesign — hero banner, storage visualization bars, health progress, feature module cards with status badges, 6-card server info grid.
Dashboard: “Xem dung lượng chi tiết” links directly to Detailed Storage tab.
Disk Space Manager: two-tab interface — “File Cỡ Lớn (>50 MB)” (scan & delete) and “Dung Lượng Chi Tiết” (WP Content breakdown by plugins/themes/uploads/other + top-10 DB tables + Refresh).
Security: added validation — cannot enable “Đổi Đường Dẫn Đăng Nhập” or “Khóa Tự Động Đăng Nhập” without filling required fields; shows error instead of silently reverting.
i18n: bundled language files included for English and Vietnamese.
i18n: added new translation strings for all new UI elements.

Very Good

Very good, help me alot