Web Cybersecurity App for TSEO PRO. It allows you to log in via QR code, monitor access attempts, block IPs, detect file changes and manage the site’s security directly from your mobile phone, without depending on external services and reducing the risk that Google Search Console shows warnings of a hacked site or malicious content on your website.
Advanced Web Cybersecurity
TSEO Security is the official security application for administrators who use the TSEO PRO template in WordPress. Its goal is to turn access to your dashboard into a much more secure and controlled process, keeping away automated attacks, silent intrusions and unauthorized access.
QR codes and two-factor authentication (2FA)
The heart of the app is login via QR codes and two-factor authentication (2FA). Instead of relying only on username and password in wp-login.php, the administrator scans a QR code with TSEO Security to complete access. This makes brute force attacks or the use of leaked credentials much more difficult, since the attacker would also need physical access to the mobile phone.
The application connects to your TSEO PRO installation after verifying the domain and using a specific application password.
Once linked, it allows you to monitor in real time the access attempts: successful logins, failed attempts, suspicious patterns and activity that may indicate an ongoing attack.
From there you can make quick decisions: block IPs, strengthen firewall rules or review which user is being targeted by access attempts.
This way you prevent someone from entering the dashboard, changing content or creating junk URLs that later appear as security issues in Google Search Console.
Multiple Layers of Security
TSEO Security adds an extra layer of protection with advanced features: IP firewall integrated with your site, technical auditing, detection of changes and intrusions in files, and a clear focus on performance so as not to slow down your daily work. All storage is carried out locally and encrypted, without depending on external servers, which reduces the exposure surface and improves the administrator’s privacy.
The app is designed for those who manage sensitive WordPress projects (shops, corporate sites, intranets, sites with critical data) and want to go beyond a simple username/password. By combining TSEO PRO on the server and TSEO Security on the mobile, you turn access to the admin panel into a much more secure, traceable and easy-to-monitor flow.
Key strengths of TSEO Security
TSEO Security is the advanced security system for WordPress integrated into TSEO PRO and its mobile app. Together they turn access to your administration into a controlled, encrypted and real-time monitored process, far beyond the typical username and password of wp-login.php. The system is based on two main protection layers:
Extra lock with “Security Word”
Even before reaching the login form, TSEO PRO allows you to activate a security word or phrase that must be added to the URL to access wp-login.php or wp-admin.
For example: domain.com/wp-admin/?key=yoursecurityword.
When the key is correct, a secure cookie is generated with an encrypted hash and a configurable validity time (10 minutes by default). Without that cookie, any attempt to access the login or the dashboard is redirected and blocked. This directly filters out bots, automatic scanners and massive attacks that should not even see your login form.
By filtering these accesses before the login, you reduce the risk of intrusion and of the site ending up serving spam or hacked pages that damage your SEO.
Two-factor with QR and mobile app
The second layer is QR validation integrated with the TSEO Security app. Once the administrator enters their username and password in the login, the system generates a temporary token of only 30 seconds, encrypts it with a 256-bit AES key shared between the website and the app, and displays it in a QR code on the screen.
The TSEO Security app, previously paired by scanning the “Secure Key” (the AES key shown in the Security panel of TSEO PRO), scans that QR, decrypts the token and calls a secure endpoint on your website to validate the second factor. Only when the QR is validated does WordPress create the administrator session and allow access.
If the QR expires, the token is destroyed. If it is validated correctly, the temporary credentials are used only once and then deleted from the database. In this way, even with the correct username and password, without the authorized mobile phone there is no possible access to the admin panel.
Monitoring, logging and attempt limitation
In parallel, TSEO Security logs every access attempt in specific database tables: user, IP, user agent, method, status (success, failed, pending, attack), reason for failure (user does not exist, incorrect password, pending QR, XML-RPC attack, etc.), number of accumulated attempts and risk level (normal, suspicious, attack). On this data it applies an intelligent rate limiting system per IP and per user:
- After several failed attempts from the same IP, it is marked as suspicious behaviour.
- If an attempt threshold is exceeded, the IP enters a temporary block (minutes or hours).
- If the pattern is very aggressive, it is logged as an attack and the IP is persistently blocked for several days.
All these blocks are stored in their own firewall table and synchronized with a custom transients system, with automatic cleanup via cron to remove expired records.
Firewall manageable from your mobile phone
The TSEO Security app is not only used to scan the QR. From your mobile phone you can check the recorded access attempts, see aggregated statistics by days, methods and attack levels, and manage the firewall: list blocked IPs, manually add new ones, extend the duration of a block or remove it if it is a false positive. All this is done through specific REST endpoints, protected by WordPress administrator permissions.
User management and detection of suspicious accounts
Another key feature is user auditing. The system collects all users with critical roles (administrators, editors, authors, contributors and, if WooCommerce exists, shop managers) and displays them as “sensitive users”.
In addition, it analyses the entire user list to detect suspicious patterns: accounts without a valid email, without assigned roles, with massively generated or unclear usernames, etc. These accounts are marked as “suspicious”, which allows you to locate them quickly and act from the app: view details, deactivate the account (without deleting it), close all its active sessions or delete it from the site or from the network in Multisite installations.
Additional protection against XML-RPC and user enumeration
TSEO Security also controls common entry points in attacks on WordPress:
- XML-RPC: the system detects typical brute force methods (wp.getUsersBlogs, system.multicall) and logs them directly as attacks. In addition, it exposes an endpoint to enable or completely disable XML-RPC from the app, without needing to touch code or files.
- REST API: the public user endpoints (/wp/v2/users) are removed for non-authenticated visitors, reducing the exposure of usernames to bots that try to collect them in order to launch later attacks.
Automatic cleanups and Multisite compatibility
To prevent the security tables from growing indefinitely, TSEO PRO schedules automatic tasks that clean expired transients and keep the security database under control.
In Multisite environments, the system is prepared to display the information for each site separately (users with permissions, suspicious users, subscribers and customers), with support for super admins and temporary switching between blogs when managing users or reviewing data.
Taken together, TSEO Security turns TSEO PRO into more than just a simple theme: it transforms it into an advanced security layer for WordPress, with real two-factor authentication based on QR and mobile, integrated IP firewall, detailed logging of attempts, protection against XML-RPC attacks and user auditing tools, all manageable from the admin panel and from the official app on your phone.
Install TSEO Security from Google Play
Faq – TSEO Security
What is TSEO Security within TSEO PRO?
TSEO Security is the advanced security module integrated into the TSEO PRO theme that controls access to the WordPress administration panel and logs everything that happens around the login.
It is responsible for adding an extra layer with a security word in the URL, a two-factor system based on QR and a mobile app, and a detailed log of attempts, IPs, and failure reasons.
It does not aim to replace a server firewall, but to cover the critical part: who enters the back office, from where, and with what pattern. This reduces the risk of someone taking control of the site and turning it into a source of spam, malware, or hacked content.
What role does the TSEO Security mobile app play in all this?
The TSEO Security app works as the master key for administrators. It is paired with the website using a secure key that is displayed in the TSEO PRO panel and scanned only once.
From that moment on, every time the administrator logs in to WordPress with username and password, the application validates the second-factor QR code and confirms to the server that the attempt is legitimate.
In addition, it allows you to view access logs, check what is happening with login attempts, and manage the firewall and some settings without needing to enter the WordPress dashboard. In this way, an attacker with the password cannot gain access if they do not also have the mobile device.
How does TSEO Security help prevent hacked website issues in Google Search Console?
The problem does not start in Search Console, but when someone gains access to the dashboard and starts creating junk URLs, injecting links, or modifying content that was already ranking. That is what Google later detects and reflects as hacked content or security issues.
TSEO Security acts at the source by hardening access and logging all anomalous attempts, making it much more difficult to modify content from the inside. By reducing the likelihood of intrusion and blocking attack patterns before they succeed, it limits the chances of strange pages appearing in Google’s index.
In practice, it minimizes the appearance of hacked site or suspicious content warnings in Search Console, because the problem is stopped before anyone can alter the website’s content.
What do I need to have the complete security system up and running?
To use the basic part, it is enough to have TSEO PRO active and configure the security word in the Security section of the theme.
If you want to take advantage of two-factor authentication with QR, you also need to generate the Secure Key from the panel and scan it with the TSEO Security app installed on your mobile.
From that moment on, each administrator login will go through the mobile without you having to change anything in the way you work on a daily basis. Everything is controlled from the theme options, without the need to install additional plugins or touch code.
If I lose my phone or cannot use the app temporarily, what happens?
If you lose your phone or need to deactivate two-factor authentication for a while for any reason, the system includes an emergency mechanism. An administrator with access to the dashboard can temporarily disable QR validation from the security options or by using the corresponding endpoint, so that login works again with just username and password while the issue is resolved.
When you have a new device or restore the app, you can reactivate the QR and, if you consider it necessary, regenerate the secure key to invalidate the previous pairing. The idea is that 2FA provides protection, but does not leave you stranded in an extreme situation.
Can I use only the security word feature without enabling QR 2FA?
Yes, the two layers are independent. The security word in the URL works as a preliminary filter that blocks many bots and automatic scanners, even if you do not use the QR.
If you prefer not to work with the app or you have projects where mobile access does not fit, you can use only that layer and take advantage of the logging and attempt-limiting system. For more sensitive projects, the combination of security word and QR 2FA makes the dashboard much more difficult to breach.
How does TSEO Security handle suspicious attempts, blocked IPs, and unusual users?
Each access attempt is saved with all relevant data, and the system calculates whether the behavior is normal, suspicious, or directly an attack. When it detects too many failures from the same IP or aggressive patterns, it increases the response level: first it adds delays, then temporary blocks and, if necessary, persistent blocks that are stored in the firewall.
In addition, it analyzes the site’s users to detect incoherent or potentially dangerous accounts, such as profiles without a valid email, without defined roles, or with mass-generated names. From the panel or from the app you can review this information and make decisions, such as deactivating users, expelling active sessions, or cleaning IPs that should not be allowed back in.
Is it compatible with Multisite installations and with sites that use WooCommerce?
Yes, the system is designed to work both on single sites and on Multisite networks. On networks, it can identify which users have elevated permissions on each site, how many subscribers and customers there are, and which accounts are suspicious within each blog.
It also respects the super admin concept when it comes to deleting users at the network level or on a single site. If you use WooCommerce, additional roles such as shop manager are added to the list of profiles that should be closely monitored.
The goal is for security to adapt to the real structure of the project, not the other way around.
Languages
