
Secupress Pro – Premium WordPress Security Plugin
/Year

Latest Version 2.6 Changes
SecuPress Pro version 2.6 (released January 2026) introduced a new GeoIP Login feature, a redesigned malware scanner interface, and an admin search field. The subsequent 2.6.1 update (April 2026) focused on performance and stability, optimizing the malware database scanner, fixing resource exhaustion issues caused by the host command, and improving GDPR compliance by updating ping requests.
- Version 2.6 (January 16, 2026) introduced the GeoIP Location on Login feature to block invalid connection locations.
- Version 2.6 redesigned and improved the malware scanner interface.
- Version 2.6 added a new search field in the admin UI to easily find features.
- Version 2.6 updated the minimum PHP requirement to version 7.3.
- Version 2.6.1 (April 3, 2026) improved Malware Database Scanner performance to reduce time and memory consumption.
- Version 2.6.1 removed the usage of shell_exec() and the ‘host $ip’ command to prevent resource overconsumption and server crashes.
I. Download Limits & Account Benefits
- Free Downloads: Each email address receives 3 downloads per day for free products
- Upgrade Benefits: Purchase any paid product to increase your daily download limit by 3 for each paid product
- No Account Required: You can download immediately by receiving the download link via email
- Account Recommended: Create an account for easier access to your order history and direct update downloads
II. Understanding GPL vs Official Versions
Important: The products available on WPPick are GPL-licensed versions, which differ from official developer versions. Before purchasing, please read our comprehensive guide: Understanding GPL & Official Differences at WPPick
Key Points:
- GPL versions may not include premium support from original developers
- Updates may be delayed compared to official releases
- Some premium features might have limitations
- Always consider your specific needs and support requirements
III. Support & Assistance
We’re here to help through multiple channels:
- Email Support: Direct email assistance for all inquiries
- Live Chat: Real-time support during business hours
- Comprehensive Documentation: Detailed guides and tutorials
IV. Order Tracking
Access your complete purchase history and download links anytime: Order History
V. Account Access
New to WPPick? Login or Create Account to manage your downloads and orders efficiently.
VI. Refund Protection
We stand behind our products with a clear refund policy. Review our terms: Refund Policy
VII. Privacy & Security
Your data security is our priority. Learn how we protect your information: Privacy Policy
VII. Terms of Service
Understanding our service terms ensures a smooth experience: Terms of Use
Quick Tips for Best Experience
- Verify Compatibility: Check plugin/theme compatibility with your WordPress version
- Backup First: Always backup your site before installing new plugins or themes
- Test Environment: Consider testing on a staging site first
- Stay Updated: Regularly check for updates in your account dashboard
- Read Documentation: Review any included documentation for optimal setup
Need Help?
If you have questions about downloads, licensing, or need technical assistance, don’t hesitate to contact our support team. We’re committed to ensuring you have the best possible experience with WPPick products.
Ready to get started? Your download adventure begins with just one click!
- Possible fatal error when the data files are not correctly extracted.
- Users with same email domain present before the activation of the same name module were still tagged as bad.
- Fatal error on empty JSON
- Users from REST API still visible, it's CASE SENSITIVE!?
- Require module tools on submodule activation
- User secupress.me instead of google.com for testing
- Do not unvalidate passwordless email on plugin deactivation or licence deco
- GeoIP Location on Login
- Search field in admin UI.
- Scanner for malwares in our 35 scanners.
- UI for Malware Scanner has been improved, and will be again. You'll find a "WP File Integrity" which has always been there since 1.0, just not mentionned as is.
- Add WP 2FA compatibility to Easy Login scan
- Dashboard Widget not displaying graphs
- PHP Version Scanner was saying that the last version was "ok tier"
- PasswordLess activation checkbox was not checked after reload
- Remove secupress-data directory on uninstall (I forgot, my bad)
- "wp-includes/version.php" should not be tagged "different" anymore if you use a localised zip (in malware scanners)
- Possible fatal error when deactivating the module "Disable all actions on plugins" + "disable all actions on FTP"
- Possible fatal error "Call to undefined method SecuPress_Background_Process_Bad_Plugins::is_processing()"
- Colored notices can be added up in the plugins page to help you prioritize updates by showing you since when the update is available.
- The standalone "SF Move Login" is now renamed "SP Move Login" and since it's the same feature as the one here, it will be deactivated and this feature here activated.
- "Move Login" feature can now display a Honeypot instead of a message or page. This is an expert setting, also, only available if you only have Admins on your site.
- Translations are now done using the new `.l10n.php` format.
- "Move login" feature will now display every other slugs, it now depends on the login one. "Register" is only available is the registration is open.
- Dashboard widget finally get a skin, can display a graph to check evolution of monthly attacks.
- All the messages from the "unlock yourself as an admin" on login page have been set to the same one to prevent guessing an admin email. props to Lohen Florent
- JS Error when Antispam Comment Timer module is active.
- Correct custom validity for roles in some cases.
- Warning for undefined SECUPRESS_INSTALLED_MUPLUGINS constant.
- Warning when the distant DB was not accessible.
- Passwords couldn't be updated when Passwordless was active, even if your role was not targeted, or module activation not validated yet.
- Changelogs couldn't be opened in the iframe popup in plugins.php page when "Prevent Actions on Plugins" feature was activated.
- Force Better Encryption System
- Add the filter "secupress.get_wp_directory" to make a better compat with BedRock (with which we are not compatible natively)
- Password reset cannot be asked for account using PasswordLess
- Add a message on "Forbid user enumeration" to recall that author front pages will be replaced by homepage
- Remove ajax call from antispam delay module to prevent unwanted indexed ajax URL
- Password reset was not possible for some roles, due to activation+deactivation of the PasswordLess module
- Some notices where duplicated
- Password not updating in "Force Strong Passwords" module
- Fix: Check allowed IP before auth_redirect in "bad usernames" module
- Update: Allowed IP List
- Remove "1" from "Bad Usernames" because Man/age WP use it as a fake login and it break the connection
- Possible multiple notices when malware database is updating
- Possible PHP Warning when renaming a username
- Fatal error when saving Firewall settings
- Missing captcha session on registration page
- Better UI and UX. We use the WP login page and not our own page design
- Module "Password Lifespan" now depends of "Force Strong Passwords"
- Constant SECUPRESS_MODE improved, read the doc: https://docs.secupress.me/article/237-secupressmode
- Updated ZXCVBN libs
- Cookie hash file was not created when running the autofix
- "Bad Url Access" and "Bad File Extensions" were tagged as "fixable in pro only"
- "Already done your way" message on "Security Keys" module was wrong.
- Upgrader should always check the mu version file
- Remove "mail*" from the bad usernames list, too wide (Hello Maïlis & Mailisa...)
- Regenerating salt keys will now display a notice message as a feedback #UX
- Some strings were not translated.
- Better handling for "Rename User Names"
- "Show Admin Bar Menu" & "Hide Contextual Help & Tips"
- "Show Contextual Help & Tips" and "Admin Bar Menu" are now a user setting