< ]\@UU$V VVVVVVV VV WW7WRW gW uWWRW!W X$X8X>XEXLX TX_X0vX&XXXXY Y$(YMYYZZZ"ZZ[h;\I\T\CC]]^<^l^TM__!__ _$`C`S`n` ``!```aaabbb bbDb#cJ3c"~c$cc!c$d,d Cddd~d d d3d9de!9e3[e9ePef#f6fSf[fd2ggL+h_xh2h i+i;iAiTi!jb5j jj'j$j$k3kmFkSkTl*]llmOm2m$"n#Gnkn!n(n1nno (oIo?\oko pspp'p^pqMqU1r9rrArs&ss JtHUtt~t 9uEuKUuuuulu-v:>vyv!vvvv w wwwwwxx37xkxx%xx x.y#2yVypyyy&[zzzzSz {2{'G{"o{c{ {.| /|*9|d| ||2}"P}s}} } }}}G}$~~~[~(;d&z(,/)JtƁ,E5N _i ny%$& &(Oh" %"ӄP O![} ЅPG \ frzÆӆ! .G PZb<|Ї#`$ |QΊ Ԋ$0P3i`!o ":KfIЍ ;KRgԎ U!k%A 2"Svm ++͑)#>\$o [gٓ$s7z&5=.Y#ܕ!'2I | җ3ݗ4DFb=,=P j(,Leyߠ8 ƥ #+5<Fr ĦѦ rԧGYBMcY@5F|SȬu í˭ "7 M W-b-î '8O^ o}GIe* I T^ { ±ѱ^ #2GgU s& Ĵϴ L8  ҵ p| ķ ׷U80Ӹ# 1 D,N{j%$J5Z' ĺ08i9>&Q xCcg):Je'd=$Ŀ/#Sqy'9 KU isZ61;Hm]8tMMIZ 3)/]GN($ MoZKLI-"3SZl J<Kgx~5[3X12-]mblV5 <!^8*.2Y']>Z =_VANG$%B[ k[w 8 >C&8>7!#Yj})$ 7 CP5j6,bg(#$4!Y{2" )"Fi$` < N=[ .!d;TG=O^-c !+,0X8#())BlFB cj<CPc #$6[v+!# ?Y]  *H[{mzL!8ng6FUz@F(5Ho~ePTFGD4>y?%y[F';-c+1~; 9IiH6%+'=ZI=|pK @#BRN@6]%-Sa;zQY`V:Lx T D " L9  hu q P A   (sN?R+D~l0  GsiY7O*cy%.'Iqy. b>{]YErF3=3qv.dx68@w]UZn  'TJ`} HAFUh5x"<D O T8!/!3!!M""!#<#Q# o#{#P###$$) %67%Jn%i%|#&&p'3(WL(&(g(3)**GT+Q+I+G8,M,H,-7-F-?.dP..QA//l0@0&0s0#c1=1#1>15(2C^2(22#223B3#304K4 5/5:5%/62U6;6[6` 7:7j79'8a8j8n8s82z88888&8!9 89D9L9a9 t9 99n9;$; ;;<<<#<+< 4<?< H<R<7Z<< < <<R<!+=M=d=x=~=== ==0=&=>>8> S> ^>$k>>3???@"@A@@hAIAT4BCBBZC<Cl&DTDD!E'E CE$dEEEE EE!EF+FGFVF"GGGG GGDH#UHJyH"H$H I"+I$NIsI III I I3I9'JaJ!J3J9JPKaKjK}KK[LdyLLLrM_M2NRN+VNNNN!ZOb|O OP'P$0P$UPzPmPSPTOQ*QQbROR27S$jS#SS!S(S1TETWT pTT?TkT PUs]UU'U^U^VM,WUzW9W XA%XgXoXY YHYY~Z ZZKZZZ[m [w[:[[![[\4\S\ \\\]0]L]e]3]]]%]^ ,^.M^#|^^^^^&____S`j`|`'`"`c` @a.Ja ya*aa aa|b"bbb b b ccG&cncdd[)d(dd&d(d,eAeZeye)eeeeefffg-gHgegvgE9hhh hh hh%h$i&*i Qi&riii"i i%i"j@jPHj j!jjjj jk kk+kP@kk k kkkkk ll;l!Vlxll lll<lm mm#+mOmXm`nmm nn|op p,p$Dp0ipp3pp`kqqoq Ur"arrrrrIrs8sLs dsssRstt >tU_t!t%tAt?u]ueu |u"uuGvm`v v+vw+w)Cwmwww$ww w ww[ xggxxx y#y$Cyhysyzypzzz.zzz#{&{/{C{R{!q{2{ {{{|||| }3'}4[}D}b}=8~v~~~I hjr-eȃ.ӆF  3O T^rz5F    r#YBBߎc@ M5ˑSuk 0L dq  -ߓ- @MVv ̔GI/eyߕ   ʖՖ  T dr ™&  /6K\kM՚  " ̜՜ ܜ '5IhUޝ0#C#] ,˞jT%t5' 1Kch0Р& ȡ֡C1UjyУnwd$9U/sɥҥ_hw  æӦZ6T1H]8dtMI`\3y/GݪN%(t oKI-2"`Z '2JAȮٮ)~,531ܱ2A-&]Tm ´V˴5" X<b8X*o2Ͷ'W\Zܹ 7=X_AN8=$7%\ [  &298J>&¿8>"7a#j)(Rd w 56,bD('#P$t!2"*Mi"$` [| = .)2C!Yd{TG5}- a+l08# (/)X)FB`|P ,3#R$v+!##G O?]Y  &G\l"{+zLc8g6Q2FYj5}oe#PFG!Di>?%-yS^F,'s-+1';E9iH%n% +3_uKI+u|p @#VzR%Nx66]Ne~a7;zwYV:7rx5TDHL_hqvB> (N?RRDlW  Gs i7"O:*y%/U'p. b?>]Y?EF3&=Z. d:6(_gw|  'Tq H in}5."AdlOT`/3M&!Bdy P    )5 6_ J i |K   3@ Wt & g [8G|LIG[MH:ZF?3dsQdl=@&s#=#> 5KC(#22e#0=n./:%R2x;[`C:j9J2&D [go  -Lxd9#1^DPDbqVGjxPK qZXT kf.Wh\6e[}Rl(bH &2c5F%;EP9E,W% pHn!U\iXM FcSN>_8q ?xnn,6U3+tyC4kv:}#-N/uE<=>(Q]O~F/\s!IN'mV.f@KAjuM@J:hmcmp{aab+V:(i.L{=*Gq'1v *D& Y,\5alrA"zp 8d@H)+OC7TX{<7o`36&k<U`tlyZ82&G xL;^Q0gZ'nK|Cm9:$]%b4}oEQ2X)uAy!5 *|QU^ z;VlBY~ A>fz0w Yr|d3S0)+wfe`6gMM@y-h}/BpZ3 {h g$= , Sz4'RR7jG_<i"S"N 2~W 9eW]ai[0vP/J >[?g~I|#u%-  _wc*rF1o;tBY!I?=e7"_$voOs?jJ1. Dt]$)Tw`8CR5krdsTB^I#sJ(4OKLH[ Please note that you can always save and finish the wizard later, use our %sdocumentation%s for additional information or log a %ssupport ticket%s if you need our assistance.%1$s ‹ %2$s — WordPress%d seconds%d:%02d minutes%d:%02d:%02d hours%s day%s days%s hour%s hours%s minutes%s month%s months%s week%s: %s vulnerability found%s: %s vulnerabilities found(opens in a new tab)(recommended)(unknown).htaccess does not exist.htaccess file (%s) is not writable. Redirects cannot be configured automatically..htaccess in uploads not writable.htaccess not writable.htaccess redirect.1 day1 hour1 year2 years30 minutes301 .htaccess redirect301 .htaccess redirect (read instructions first)301 .htaccess redirect is not enabled.301 PHP redirect301 SSL redirect enabled301 redirect to https set.4 hours404 Blocking404 errors detected on your homepage404 errors detected on your homepage. 404 blocking is unavailable, to prevent blocking of legitimate visitors. It is strongly recommended to resolve these errors.404 errors detected on your homepage. This means that the page requests images, scripts or other resources that are no longer available. It can interfere with your Firewall as well.48 hours (default)6 months8 hours (recommended)A %s vulnerability has been found.A correctly configured Content Security Policy can protect your visitors from the most common web attacks. It all starts with denying and upgrading insecure requests on your website.A debug.log is publicly accessible and has a standard location. This will change the location to a randomly named folder in /wp-content/A definition of a site url or home url was detected in your wp-config.php, but the file is not writable.A firewall rule was enabled, but /the wp-content/ folder is not writable.A firewall rule was enabled, but the firewall does not seem to get loaded correctly.A firewall rule was enabled, but the wp-config.php is not writable.A lockout will occur if an IP address exceeds the threshold within the given timeframe. Select ‘%s’ if you want to disable 404 blocking.A networkwide SSL activation process has been started, but has not been completed. Please go to the SSL settings page to complete the process.A new verification code has been sent to your email address.A verification code has been sent to the email address associated with your account to verify functionality.A verification code has been sent to the email address associated with your account.API login for user disabled.Able to create destination folderAbout Cross Origin PoliciesAbout Essential Security HeadersAbout HTTP Strict Transport SecurityAbout HardeningAbout Limit Login AttemptsAbout VulnerabilitiesAbout XML-RPCAbout notificationsAbout the Content Security PolicyAbout the Mixed Content ScanAbout the Permission PolicyAccess denied.According to our information, your hosting provider does not allow any kind of SSL installation, other than their own paid certificate. For an alternative hosting provider with SSL, see this %sarticle%s.According to our information, your hosting provider supplies your account with an SSL certificate by default. Please contact your %shosting support%s if this is not the case.ActionActionsActivateActivate SSLActivate SSL on the site.Activate SSL per site or install a wildcard certificate to fix this.Activate Two-Factor Authentication.Activate a license key. Usage: wp rsssl activate_license YOUR_LICENSE_KEY.Activate all recommended features.Activate essential security headers.Activate limit login attempts.Activate networkwide to fix this.Activate password security features.Activate the firewall.Activate vulnerability scanning.Activate your license keyActivating plugin...Add DeviceAdd IP block.Add a blocked IP to the limit login attempts table.Add a blocked username to the limit login attempts table.Add a lock file for safe mode.Add a trusted IP to the firewall.Add a trusted IP to the limit login attempts table.Add a trusted username to the limit login attempts table.Add additional domains which can embed your website, if needed. Comma separated.AdvancedAdvanced HardeningAdvanced WordPress HardeningAdvanced hardening features complement the basic hardening functions by protecting your site against advanced threats and attacks.Advanced hardening features to protect your site against sophisticated threats and attacks.After completing the installation, you can continue to the next step to complete your configuration.After completing the installation, you can let Really Simple Security automatically configure your site for SSL by using the 'Activate SSL' button.After enabling this feature, you can submit your site to %shstspreload.org%sAfter this number of failed login attempts the user and IP address will be temporarily blocked.Alias domain check is not relevant for a subdomainAllAll recommended hardening features enabled.AllowAllow grace periodAllow only necessary third-party resources to be loaded on your website, thus preventing common attacks. Use our unique learning mode to automatically configure your Content Security Policy.Allow secure log in with PasskeysAllow visitors that might accidentally exceed the threshold to unblock themselves using a Captcha.Allow your domain to be embeddedAllowedAllows you to enter a custom login URL.An SSL certificate has been detectedAn error occurred, please try again.An error occurred:An option that requires the .htaccess file in the uploads directory is enabled, but the file is not writable.An option that requires the .htaccess file is enabled, but the file does not exist.An option that requires the .htaccess file is enabled, but the file is not writable.And many more powerful Security features..As Really Simple Security handles all the functionality this plugin provides, we recommend to disable this plugin to prevent unexpected behavior.As a security precaution, the username ‘admin’ has been changed on %s. From now on, you can login with '%s' or an email address.As your order will be regenerated, you'll need to update your DNS text records.Attempting to install certificate using AutoSSL...Attempting to install certificate...Attempting to set DNS txt record...Authentication Code:Authentication code is incorrect.Authentication codes will be sent to %s.Authentication provider not specified or invalid.Authenticator AppAuthenticator App (TOTP)Authorization not completed yet.Automated MeasuresAutomatic certificate detection is not possible on your server.Automatic renewal of your certificate was not possible. The SSL certificate should be %srenewed%s manually.Backup CodesBased on your settings, Really Simple Security will take appropriate action, or you will need to solve it manually.BasicBasic security configuration completed!Because the $_SERVER["HTTPS"] variable is not set, your website may experience redirect loops.Below you will find the instructions for different hosting environments and configurations. If you start the process with the necessary instructions and credentials the next steps will be done in no time.Below you will find your login code for %1$s. It's valid for 15 minutes. %2$sBelow you'll find the email activation code for %1$s. It's valid for 15 minutes. %2$sBlack Friday sale! Get 40% Off Really Simple Security ProBlock the username 'admin'Block user registrations when login and display name are the sameBlockedBlocked IP addresses will be automatically unblocked after the above-configured interval. In the table below you can instantly unblock IP addresses.Blocked usernames will be automatically unblocked after the above-configured interval. In the table below you can instantly unblock usernames.BlocklistsBrowser features are plentiful, but most are not needed on your website.Bundle not available yet...By default, WordPress shows if a username or email address exists when a login fails. This will change it to generic feedback.CPanel hostCPanel passwordCPanel recognized. Possibly the certificate can be installed automatically.CPanel usernameCancelCaptchaCaptcha has not yet been verified, you need to complete the process of a Captcha to verify its availability.Captcha providerCertificate already generated. It was renewed if required.Certificate not created.Challenge directory not writable.Change debug.log file locationChange passwords everyChanged debug.log location to:Changing redirect methods should be done with caution. Please make sure you have read our instructions beforehand at the right-hand side.Check againCheck manuallyCheck your %slicense%s.Check your site's SMTP settingsChecking SSL certificate...Checking alias domain...Checking certs directory...Checking challenge directory reachable over http...Checking challenge directory...Checking for subdomain setup...Checking for website configuration...Checking host...Checking if CURL is available...Checking if Terms & Conditions are accepted...Checking if plugin folder exists...Checking key directory...Checking permissions...Checking server software...Choose between Email Verification (less secure and not recommended for administrators) or the TOTP method with an authenticator app, depending on your convenience and security needs.Choose new username to replace 'admin'Choose the max-age for HSTSChoose your providerClaim your 6 Free monthsClick the button below to confirm your email address, or copy the following URL: %sCloudWays API keyCloudWays user emailCode was was invalid, try "Resend Code"Codes only available for 5 minutesComplete email validation and enable notifications to make sure you will receive security warnings.CompletedComplianz - Consent Management as it should beComponentCompromised password for %s has been resetCompromised password resetConfigurationConfigure your Cookie Notice, Consent Management and Cookie Policy with our Wizard and Cookie Scan. Supports GDPR, DSGVO, TTDSG, LGPD, POPIA, RGPD, CCPA and PIPEDA.Configured for HTTP challengeConsent Management as it should beContent Security PolicyContent Security Policy HeadersContinentContinentsContinueContinue to renew.Control and monitor the use of XML-RPC on your site with learning mode.Control browser features that could allow third parties to misuse data collected by microphone, camera, GEO Location etc, when enabled for your website.Copy setup keyCopyright warning!Could not automatically add TXT record. Please proceed manually, following the steps below.Could not copy code execution test file.Could not copy text: Could not create test folder and file.Could not find code execution test file.Could not reach challenge directory over %s.Could not rename folder!Could not retrieve server listCould not test certificateCould not verify TXT record for domain %sCould not verify alias domain.CountCountryCrawlers might scan your site looking for possible exploits. One way to detect this is the fact that they trigger more 404 (not found) errors than legitimate visitors would. Below you can set the threshold and lockout duration for 404 blocking.Creating account...CriticalCritical (default)Cross Origin Embedder PolicyCross Origin Opener PolicyCross Origin Resource PolicyCustom login URLCustomize login attempts, intervals, and temporary lockouts according to your preferences to regulate the level of security on your website during authentication. No additional settings requiredDNS records were not verified yet. Please complete the previous step.DNS token not retrieved.DNS verificationDashboardDateDate AddedDeactivate SSL on the site.Deactivate Two-Factor Authentication.Deactivate all recommended features.Deactivate essential security headers.Deactivate limit login attempts.Deactivate password security features.Deactivate the firewall.Deactivate the license.Deactivate vulnerability scanning.Debug.logDebugging with Really Simple SecurityDelete all data on plugin deletionDeletedDepending on your hosting provider, %1$smanual installation%2$s may be required.DescriptionDestination folder already existsDetailsDetected status of your setup.DeviceDevice NameDevicesDirect Admin URLDirectAdmin hostDirectAdmin passwordDirectAdmin recognized. Possibly the certificate can be installed automatically.DirectAdmin usernameDirectiveDirectoriesDisableDisable "anyone can register"Disable HTTP methodsDisable OCSP staplingDisable XML-RPCDisable application passwordsDisable directory browsingDisable the built-in file editorsDisable user enumerationDisabledDiscover:DismissDismiss all notificationsDo you want to store these credentials for renewal purposes?DomainDon't ask againDon't show againDon't use Two-Factor AuthenticationDownloadDownload Backup CodesDue to a change in challenge type, the order had to be reset. Please start at the previous step.During the grace period users can configure their secure authentication method. When the grace period ends, users for which secure authentication is enforced won’t be able to log in unless secure authentication is correctly configured. The grace period is also applied to new users.E-mail loginEasily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate generation.Elevate your security with our Premium Support! Our expert team ensures simple, hassle-free assistance whenever you need it.EmailEmail addressEmail address not validEmail address successfully verified.Email authentication is not active for this userEmail could not be sent.Email could not be sent. No message or subject set.Email log in will send an authentication code to the user’s email address. This is considered less secure than other 2FA methods.Email not verified yet. Verify your email address to get the most out of Really Simple Security.Email notification errorEmail notifications are only sent for important updates, security notices or when certain features are enabled.Email sent!Email sent! Please check your mailEmail validationEmail validation completedEmail verification errorEnableEnable .htaccess only if you know how to regain access in case of issues.Enable 301 .htaccess redirectEnable 301 redirectEnable Custom login URLEnable Email Authentication for:Enable FirewallEnable Limit Login AttemptsEnable Limit Login Attempts to protect the login form against brute-force attacks.Enable Permissions PolicyEnable TOTP Authentication for:Enable Two-Factor AuthenticationEnable a .htaccess redirect or PHP redirect in the settings to create a 301 redirect.Enable compromised password checkEnable open source blocklist API etc.Enable the Vulnerability scan to detect possible vulnerabilities.Enable vulnerability scanningEnabledEnabling auto renew...Enforce frequent password changeEnforce secure authentication for:Enforce secure password policies for your users by requiring strong passwords, and expiring passwords after a period of your choosing.Enforce strong passwordsEnter a custom login URL. This allows you to log in via this custom URL instead of /wp-admin or /wp-login.phpError code %sError enabling auto renew for Let's EncryptError occurredError occurred when retrieving the webpage.Errors were reported during installation.Essential Security HeadersEssential WordPress hardeningEssential securityEssential security headers installedEventEvent LogEvent LogsEvery three hoursExample: If you want to change your login page from /wp-admin/ to /control/ answer: controlExperience all powerful features of Really Simple Security Pro using this %slimited time discount%s: %sFailed retrieving access tokenFailed retrieving account.Failed to activate pluginFailed to create a login nonce.Failed to gather package informationFailed to install pluginFailed to reach %s. The site does not appear to be accessible over HTTPS (Error: %s). Check debug logs for details.Failed to reach %s. The site does not appear to be accessible over HTTPS. Please ensure your server is configured for SSL.Failed to sendFeatureFeedback in plugin overviewFile missing. Please retry the previous steps.File permissions checkFiles not created yet...Filter by user role (default: all).FirewallFirewall ProtectionFirewall RulesFlag to add a permanent block.Flag to remove a permanent block.For more information, please read this %sarticle%sForbidden.Force confirm emailFrom now on, the debug.log won’t be publicly accessible whenever wp-debugging is enabled. The debug log will be stored in a randomly named folder in /wp-content/. This prevents possible leakage of sensitive debugging information.GDPR/CCPA Privacy SuiteGeneralGeneral SettingsGenerating SSL certificate...GenerationGet Login Protection with %sReally Simple SSL Pro%sGet Login Protection with Really Simple Security ProGet more information from the Really Simple Security dashboard on %sGet notified of important changes, updates and settings. Recommended when using security features.Get two-factor authentication with Really Simple Security ProGo to activationGo to installationHSTS forces browsers always to load a website via HTTPS. It prevents unnecessary redirects and prevents manipulation of data originating from communication with your website.HTTP Strict Transport SecurityHardeningHardening features limit the possibility of potential weaknesses and vulnerabilities which can be misused.Heavyweight security features, in a lightweight performant plugin from Really Simple Plugins. Get started with below features and get the latest and greatest updates for peace of mind!Hello %1$s, an unusually high number of failed login attempts have been detected on your account at %2$s. These attempts successfully entered your password, and were only blocked because they failed to enter your second authentication factor. Despite not being able to access your account, this behavior indicates that the attackers have compromised your password. The most common reasons for this are that your password was easy to guess, or was reused on another site which has been compromised. To protect your account, your password has been reset, and you will need to create a new one. For advice on setting a strong password, please read %3$s To pick a new password, please visit %4$s This is an automated notification. If you would like to speak to a site administrator, please contact them directly.Hello, this is a notice from your website to inform you that an unusually high number of failed login attempts have been detected on the %1$s account (ID %2$d). Those attempts successfully entered the user's password, and were only blocked because they entered invalid second authentication factors. To protect their account, the password has automatically been reset, and they have been notified that they will need to create a new one. If you do not wish to receive these notifications, you can disable them with the `two_factor_notify_admin_user_password_reset` filter. See %3$s for more information. Thank youHere you can add IP addresses that should never be blocked by the Firewall. We will automatically add the IP address of the administrator that enabled the Firewall.Here you can configure vulnerability detection, notifications and measures. To learn more about the features displayed, please use the instructions linked in the top-right corner.Here you can see which users have configured Two-Factor Authentication. The reset button will trigger the 2FA onboarding for the selected user(s) again and allow the configured grace period.Here you control the users that are automatically, and temporarily blocked. You can also add or remove users manually. We recommend blocking ‘admin’ as username as a start.HiHi %s %sHi, Really Simple Security has kept your site secure for a month now, awesome! If you have a moment, please consider leaving a review on WordPress.org to spread the word. We greatly appreciate it! If you have any questions or feedback, leave us a %1$smessage%2$s.Hi, Really Simple Security has kept your site secure for some time now, awesome! If you have a moment, please consider leaving a review on WordPress.org to spread the word. We greatly appreciate it! If you have any questions or feedback, leave us a %1$smessage%2$s.Hide the remember me checkboxHide your WordPress versionHighHigh-riskHigh-risk (default)HostingHosting providerI agree to the Terms & Conditions from Let's Encrypt.I have read and understood the risks to intervene with these measures.IP AddressIP AddressesIP Addresses can be allowed, blocked or will show up when your settings add them to a temporary blocklist. If you want to add your IP to the allowlist, please read the article provided at the right-hand side for instructions.IP BlocklistIP address overviewIf the number of failed login attempts is exceeded within this timeframe, the IP address and user will be blocked.If the username 'admin' currently exists, you can rename it here. Please note that you can no longer use this username, and should use the new username or an email addressIf there's a vulnerability, you will also get feedback on the themes and plugin overview.If this is not the case, don't add this alias to your certificate.If this option is set to true, the mixed content fixer will fire on the init hook instead of the template_redirect hook. Only use this option when you experience problems with the mixed content fixer.If you are the owner of this account, please check your email for instructions on regaining access.If you entered your DNS records before, they need to be changed.If your hosting provider auto-renews your certificate, no action is required. Alternatively, you have the option to generate an SSL certificate with Really Simple Security.If your site is only intended for users to login from specific geographical regions, you can entirely prevent logins from certain continents or countries.Implement Two-Factor Authentication or Passkey login.Import and insert fileImportant security noticeImprove security - UpgradeImprove security by requiring strong passwords and forced periodic password changesImprove the default WordPress password strength check. You can also enforce frequent password changes for user roles.Include aliasInclude preloadInclude subdomainsInstallInstall %sManually%s.Install Authentication app:Install SSL certificateInstallationInstallation failed.Installation finishedInstalledInstallingInstalling SSL certificate using PLESK API...Installing SSL certificate...Installing plugin...Instantly configure these essential features.InstructionsIntervalInvalid authentication request.Invalid license.Invalid login details.Invalid nonce.Invalid providerInvalid user.Invalid verification code.It is not possible to install Let's Encrypt on a localhost environment.It is not possible to install Let's Encrypt on a subfolder configuration.It is not possible to install Let's Encrypt on a subsite. Please go to the main site of your website.It seems that no valid license key is activated for this domain. Activate your license key using the `%s` command, or purchase a valid license key via https://really-simple-ssl.com/proKey copiedLast UsedLax - 10 errors in 2 secondsLearn moreLearn more about our features!Leave a reviewLet's EncryptLet's Encrypt.Letʼs Encrypt is a free, automated and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).Leveraging your SSL certificate with HSTS is a staple for every website. Force your website over SSL, mitigating risks of malicious counterfeit websites in your name.License invalidLicense validLimit AttemptsLimit Login AttemptsLimit Login Attempts ProtectionLimit Login Attempts protects your site from login attempts by unauthorized users. When you enable Limit Login Attempts, all login attempts are logged and repeated attempts to login with invalid credentials will be blocked automatically.Limit Password Reset AttemptsLimit logged in session durationLimit to a single blog_id (multisite).LocationLocked-outLockout durationLog InLogin AuthenticationLogin ProtectionLogin attemptsLogin credentials incorrectLogin credentials incorrect. Please check your login credentials for cPanel.Login protectionLogin statusLogsLowLow-riskLow-risk Low-risk (default)Maintain peace of mind with our simple, but effective automated measures when vulnerabilities are discovered. When needed Really Simple Security will force update or quarantine vulnerable components, on your terms!Many vulnerabilities are exploited by injecting a user with administrator capabilities outside of the native WordPress creation process. Under advanced hardening you can prevent this from happening.Maybe laterMeasuresMediumMedium-riskMethodMissing license.Mixed Content FixerMixed Content ScanMixed contentMixed content fixerMixed content fixer - back-endMixed content fixer - init hookMixed content fixer not enabled. Enable the option to fix mixed content on your site.Mixed content in %sMixed content in CSS/JS file from another domainMixed content in PHP file in %sMixed content in post: %sMixed content in the postmeta tableMixed content scanMore infoMultiple %s vulnerabilities have been found.Name of the option to update.No 301 redirect is set. Enable the WordPress 301 redirect in the settings to get a 301 permanent redirect.No 301 redirect to SSL enabled.No SSL certificate has been detected.No SSL detectedNo SSL detected. Use the retry button to check again.No recommended redirect rules detected.No redirectNo subdomain setup detected.No valid list of domains.Nonce validation failedNoneNormal - 10 errors in 5 secondsNot all essential security headers are installedNot recognized server.Not sure if you're using XML-RPC, or want to restrict unauthorized use of XML-RPC? With learning mode you can see exactly which sources use XML-RPC, and you can revoke where necessary.NoteNotification by %sNotification by Really Simple SecurityNotificationsNotifications by emailOCSP not supported, the certificate will be generated without OCSP.OCSP stapling is configured as enabled by default. You can disable this option if this is not supported by your hosting provider.OffOn Apache you can use a .htaccess redirect, which is usually faster, but may cause issues on some configurations. Read the instructions in the sidebar first.Once every 5 minutesOnce every dayOnce every monthOnce every weekOne click SSL optimizationOne day (for testing only)One of the most powerful features, and therefore the most complex are the Cross-Origin headers that can isolate your website so any data leaks are minimized.One yearOnline Booking SystemOnly enable this if you experience mixed content in the admin environment of your WordPress website.OpenOptional note for the block.Order ID mismatch, regenerate order.Order successfully created.Order successfully retrieved.Output format: table|json|csv (default: table).Package information retrievedPasskeyPasskeysPasskeys are a very secure and convenient way to log in. It allows the user to authenticate using their device, browser or password manager.PasswordPassword ResetPassword SecurityPassword securityPasswordsPerformant FirewallPermanentPermanent blockPermission denied.Permissions PolicyPlease %sconsider upgrading to Pro%s to enjoy all simple and performant security features.Please activate it manually on your hosting dashboard.Please activate it on your dashboard %smanually%sPlease add the following lines to your .htaccess, or set it to writable:Please adjust the CAA records via your DNS provider to allow Let’s Encrypt SSL certificatesPlease change your email address %shere%s and try again.Please check if the advanced-headers.php file is included in the wp-config.php, and exists in the wp-content folder.Please check if the non www version of your site also points to this website.Please check if the www version of your site also points to this website.Please check your inbox and click the confirm button to confirm that your site is correctly configured to send emails. Didn't receive the e-mail? %1$s, or try to: %2$s %3$s %4$sPlease complete %smanually%sPlease complete manually in your hosting dashboard.Please complete the following step(s) first: %sPlease configure your %sCaptcha settings%s before enabling this settingPlease create a folder 'rsssl' in the uploads directory, with 644 permissions.Please double check your DNS txt record.Please loginPlease make sure to configure a method, access to your account will be denied if no method is configured today.Please make sure to configure a method, access to your account will be denied if no method is configured within the next %s days.Please refresh the SSL status if a certificate has been installed recently.Please set the wp-config.php to writable until the rule has been written.Please set the wp-content folder to writable:Please start at the previous step.Please take appropriate action.Please verify your emailPlease wait %s before trying again, as this is the expiration of the DNS record currently.Plesk admin URLPlesk hostPlesk passwordPlesk recognized. Possibly the certificate can be installed automatically.Plesk usernamePlesk username and passwordPlugin activatedPlugin installedPowered by WordPressPre-flight checks passed.Preferred MethodPremium SupportPrevent account theft by offering more secure authentication methods. You can configure which methods are available per user role, or even enforce usage of secure authentication. Secure authentication can be either Two-Factor Authentication or Passkey login.Prevent clickjacking and other malicious attacks by restricting sources that are permitted to embed content from your website.Prevent code execution in the public 'Uploads' folderPrevent login feedbackPrevent session hijackingPrevent usage of passwords that have been included in a databreach. This securely verifies part of the hashed password via the Have I Been Pwned API.Preview users in scope for 2FA reminders (dry-run).Protect your login form with Limit Login AttemptsProtect your login form with Limit Login Attempts.Protect your site against brute force login attacks by limiting the number of login attempts. Enabling this feature will temporary lock-out a username and the IP address that tries to login, after the set number of false logins.Protect your site with a performant Firewall.Protect your user logins with Two-Factor Authentication (at least for Administrator accounts)Protect your website against brute-force attacks with a captcha. Choose between Google reCAPTCHA or hCaptcha.Protecting your website visitors from malicious attacks and data breaches should be your #1 priority, start with the essentials with Really Simple SecurityProvider LabelEmailRe-checkReached %s, but received an error response code: %d. HTTPS is not properly configured.Read about our journey towards Really Simple SecurityRead moreRead more about security concerns with debug display enabledReally Simple Plugins is also the author of the below privacy-focused plugins including consent management and legal documents!Really Simple SSL is now %1$sReally Simple Security!%2$sReally Simple SecurityReally Simple Security - Notification TestReally Simple Security - Verify your email addressReally Simple Security allows you to limit the default logged in session duration. By default, WordPress will keep users logged in for 48 hours, or even 14 days when clicking the ‘remember me’ checkbox. An attacker could possibly steal the logged in cookie and gain access to a user’s account. Limiting the logged in duration to 8 hours will greatly reduce the risk of session hijacking.Really Simple Security and Really Simple Security add-ons do not process any personal identifiable information, so the GDPR does not apply to these plugins or usage of these plugins on your website. You can find our privacy policy here.Really Simple Security can trigger a Captcha to limit access to your site or the log in form.Really Simple Security collects information about plugins, themes, and core vulnerabilities from our database powered by WPVulnerability. Anonymized data about these vulnerable components will be sent to Really Simple Security for statistical analysis to improve open-source contributions. For more information, please read our privacy statement.Really Simple Security dashboardReally Simple Security detected a vulnerability in this themeReally Simple Security detected an SSL certificate, but has not been configured to enforce SSL.Really Simple Security has received no response from the webpage.Really Simple Security is installed, but no valid SSL certificate is detected.Really Simple Security will scan for insecure file and folder permissions on a weekly basis. You will receive an email report and Dashboard notice if insecure permissions are found.Really Simple Security will send email notifications and security warnings from your server. We will send a test email to confirm that email is correctly configured on your site. Look for the confirmation button in the email.Receive a code by emailRecommended by Really Simple PluginsRecommended security headers enabled.Recovery Mode — %sRedirect methodRedirectionRedirects your site to https with a SEO friendly 301 redirect if it is requested over http.RegionsRegisteredRemember MeRemoveRemove IP block.Remove a blocked IP from the limit login attempts table.Remove a blocked username from the limit login attempts table.Remove a trusted IP from the firewall.Remove a trusted IP from the limit login attempts table.Remove a trusted username from the limit login attempts table.Remove from public location with Really Simple SecurityRemove the lock file for safe mode.Rename admin user enabled: Please choose a new username of at least 3 characters, which is not in use yet.Rename and randomize your database prefixRenew certificateRenew installationResend CodeResend emailResend verification emailReset rsssl_two_fa_reminder_sent meta before sending.Reset rsssl_two_fa_reminder_sent meta for a clean run.Reset the 2FA status and methods for a user.Restrict access from specific countries or continents. You can also allow only specific countries.Restrict access to your site based on user location. By default, all regions are allowed. You can also block entire continents.Restrict creation of administrator rolesRetrieving Cloudways server data...Retrieving DNS verification token...Retrieving package information...RetryRiskRulesSSL Status TestSSL activation in progressSSL certificate should be generated and installed.SSL certificate will expire on %s.SSL is enabled networkwide.SSL is enabled on your site.SSL is not enabled on your networkSSL is not enabled yet.SSL is not enabled.SSL is not yet enabled on this site.SSL is now activated. Follow the three steps in this article to check if your website is secure.SSL successfully installed on %sSave and continueScan resultsSearching for link to SSL installation page on your server...Secure your site with a FirewallSecure your site with the performant Firewall.SecuritySecurity HeadersSecurity Headers TestSecurity configuration completed!Security configuration not completed yet. You still have %s task open.You still have %s tasks open.Security through obscurity. Your site is no longer using the default wp_ prefix for database tables. The process has been designed to only complete and replace the tables after all wp_ tables are successfully renamed. In the unlikely event that this does lead to database issues on your site, please navigate to our troubleshooting article.See which recommended security headers are not present on your website.Selected providerSelf (Default)SendSend 2FA reminders for the current selection.Send an email code during login. You can force user roles to use two-factor authentication, or leave the choose with your users, if so desired.Sending...Serve encrypted and authenticated responsesSet permissions to 644 to enable SSL generation.Set your wp-config.php to writable and reload this page.SettingsSettings update: .htaccess redirectSettings update: Database prefix changedSettings update: Debug.log file relocatedSettings update: Username 'admin' renamedShow blocked IP's.Site-wide, admin notificationSkipSkip (%1$d %2$s remaining)Skip (Only today remaining)Sorry, you are not allowed to access user data without authentication.Sorry, you are not allowed to access users without authentication.SourceStart login protection by adding an additional layer during authentication. This will leave authentication less dependent on just a single password. Want to force strong passwords? Check out Password Security.StatusStop editing the .htaccess fileStore for renewal purposes. If not stored, renewal may need to be done manually.Strict - 10 errors in 10 secondsStrong Password policySubmitSuccessfully added TXT record.Successfully generated certificate.Successfully installed Let's EncryptSuccessfully installed SSLSuccessfully retrieved accountSuccessfully retrieved server id and app idSuccessfully verified DNS recordsSuccessfully verified alias domain.SupportSystem statusTOTP means authentication using apps like Google Authenticator.TOTP requires users to authenticate using a third-party app such as Google Authenticator.TemporaryTemporary blockTerms & ConditionsTerms & Conditions are accepted.Terms and ConditionsTest not found.Test notification email errorTest notificationsTest notifications can be used to test email delivery and shows how vulnerabilities will be reported on your WordPress installation.Thank you for being a long-time user! As a token of our gratitude, we want to offer you %s6 months Really Simple Security Pro, 100%% Free!%sThe 'force-deactivate.php' file has to be renamed to .txt. Otherwise your ssl can be deactivated by anyone on the internet.The .htaccess redirect has been enabled on your site. If the server configuration is non-standard, this might cause issues. Please check if all pages on your site are functioning properly.The .htaccess redirect rules selected by this plugin failed in the test. Set manually or dismiss to leave on PHP redirect.The 301 .htaccess redirect is the fastest and most reliable redirect option.The 301 redirect with .htaccess to HTTPS is now enabled.The DISALLOW_FILE_EDIT constant is defined and set to false. You can remove it from your wp-config.php.The DNS response for %s was %s, while it should be %s.The EssentialsThe Event Log shows all relevant events related to limit login attempts. You can filter the log using the dropdown on the top-right to only show warnings.The Event Log shows all relevant events related to the Firewall and IP lockouts. You can filter the log using the dropdown on the top-right to only show warnings.The Firewall can also block traffic from malicious or resource-consuming bots that might crawl your website. A list of well-known bad User-Agents is automatically included. You can manually add or delete user-agents if so desired.The Firewall, LLA and 2FA are currently inactive, as you have activated Safe Mode with the rsssl-safe-mode.lock file. Remove the file from your /wp-content folder after you have finished debugging.The Hosting Panel software was not recognized. Depending on your hosting provider, the generated certificate may need to be installed manually.The IP address will see a locked-out screen for the selected duration.The IP to block.The IP to remove the block for.The PHP function CURL has successfully been detected.The PHP function CURL is not available on your server, which is required. Please contact your hosting provider.The SSL certificate has been renewed, and requires manual %sinstallation%s in your hosting dashboard.The Terms & Conditions were not accepted. Please accept in the general settings.The Two-Factor Authentication setup for TOTP failed. Please try again.The Two-Factor Authentication setup for email failed. Please try again.The URL you use to access your DirectAdmin dashboard. Ends on :2222.The URL you use to access your Plesk dashboard. Ends on :8443.The URL you use to access your cPanel dashboard. Ends on :2083.The authentication code is not valid.The automatic installation of your certificate has failed. Please check your credentials, and retry the %sinstallation%s.The certificate generation was rate limited for 5 minutes because the authorization failed.The certificate installation was rate limited. Please try again later.The certs directory is not created yet.The certs directory was successfully created.The challenge directory is not created yet.The challenge directory was successfully created.The code to block code execution in the uploads folder cannot be added automatically on nginx. Add the following code to your nginx.conf file:The content security policy has many options, so we always recommend starting in ‘learning mode’ to see what files and scripts are loaded.The email address was not set. Please set the email addressThe essential security headers are detected on your site.The extensive mixed content scan will list all issues and provide a fix, or instructions to fix manually.The following directories do not have the necessary writing permissions.The following information is attached when you send this form: license key, scan results, your domain, .htaccess file, debug log and a list of active plugins.The key directory is not created yet.The key directory was successfully created.The key is not valid.The license key to activate.The lightweight Firewall can be used to lockout malicious traffic from your site. You can configure generic rules below, or block specific IP addresses by adding them to the Blocklist.The mixed content fixer could not be detected due to a cURL error: %s. cURL errors are often caused by an outdated version of PHP or cURL and don't affect the front-end of your site. Contact your hosting provider for a fix.The mixed content fixer is active, but was not detected on the frontpage.The non-www version of your site does not point to this website. This is recommended, as it will allow you to add it to the certificate as well.The onboarding wizard will help to configure essential security features in 1 minute! Select your hosting provider to start.The order is invalid, possibly due to too many failed authorization attempts. Please start at the previous step.The preferred method is not set.The required directories have the necessary writing permissions.The selected provider is not valid.The settings below determine how strict your site will be protected. You can leave these settings on their default values, unless you experience issues.The site's security policy requires you to configure Two-Factor Authentication to protect against account theft. %1$s and configure Two-Factor authentication %2$swithin three days%3$s. If you haven't performed the configuration by then, %4$syou will be unable to login%5$s.The system is not ready for the DNS verification yet. Please run the wizard again.The system is not ready for the installation yet. Please run the wizard again.The used domain for your email address is not allowed.The user ID is not valid.The user ID to reset 2FA for.The user and IP address will be temporarily unable to login for the specified duration. You can block IP addresses indefinitely via the IP addresses block.The user object is not valid.The user will be blocked after entering too many incorrect logins on the password reset page.The username to block.The username to remove the block for.The value, WP_DEBUG_DISPLAY, has either been enabled by WP_DEBUG or added to your configuration file. This will make errors display on the front end of your site.The value, WP_DEBUG_LOG, has been added to this website’s configuration file. This means any errors on the site will be written to a file which is potentially available to all users.The wp-config.php file is not writable, and needs to be edited. Please set this file to writable.The www version of your site does not point to this website. This is recommended, as it will allow you to add it to the certificate as well.There are existing keys, the order had to be cleared first.There have been too many failed two-factor authentication attempts, which often indicates that the password has been compromised. The password has been reset in order to protect the account.These notifications are set to the minimum risk level that triggers a notification. For example, the default site-wide notification triggers on high-risk and critical vulnerabilities.These security headers are the fundamental security measures to protect your website visitors while visiting your website.These user roles will be enforced to either configure Two-factor Authentication or Passkey log in. We recommend to enforce at least administrators.They might be misused if you don’t actively tell the browser to disable these features.This adds extra requirements for strong passwords for new users and updated passwords.This appears to be an invalid license key for this plugin.This command is related to functionality available in Really Simple Security Pro, please consider upgrading to unlock all powerful security features. Read more: https://really-simple-ssl.com/proThis email address is used to create a Let's Encrypt account. This is also where you will receive renewal notifications.This email is confirmation that any security notices are likely to reach your inbox.This email is part of the Really Simple Security Notification SystemThis email was sent toThis feature allows you to block visitors from your website based on countryThis feature depends on multiple standard background processes. If a process fails or is unavailable on your system, detection might not work. We run frequent tests for this purpose. We will notify you accordingly if there are any issues.This feature is disabled because you have not verified that e-mail is correctly configured on your site.This is a multisite configuration with subdomains. You should generate a wildcard certificate on the root domain.This is a security feature implemented by web browsers to control how web pages from different origins can interact with each other.This is a vulnerability alert from Really Simple Security for %s.This is the vulnerability overview. Here you will find current known vulnerabilities on your system. You can find more information and helpful, actionable insights for every vulnerability under details.This leads to issues when activating SSL networkwide since subdomains will be forced over SSL as well while they don't have a valid certificate.This list shows all individually blocked IP addresses. On top the top-right you can filter between permanent blocks and temporary blocks. By default, blocks are only temporary, as attackers and bots will frequently alter between IP addresses. However, you can manually configure permanent blocks.This option is handled by the Content Security Policy/frame-ancestors setting.This setting will block attempts to assign administrator roles outside the native user creation process by WordPress. This might include other plugins that create, edit or assign roles to users. If you need to create an administrator in a third-party plugin, temporarily disable this setting while you make the changes.This site requires you to secure your account with a second authentication method.This will include both the www. and non-www. version of your domain.This will limit or fully disable HTTP requests that are not needed, but could be used with malicious intent.This will permanently change your database prefixes and you can NOT rollback this feature. Please make sure you have a back-up.This will send emails about vulnerabilities directly from your server. Make sure you can receive emails by the testing a preview below. If this feature is disabled, please enable notifications under general settings.ThresholdTime leftTo ensure all traffic passes through SSL, please enable a 301 redirect.To safely enable SSL on your server configuration, you should add the following line of code to your wp-config.php.To use certain features in Really Simple Security we need to confirm emails are delivered without issues.Token not generated. Please complete the previous step.Token not received yet.Token successfully retrieved. Click the refresh button if it's not visible yet.Too many attempts. Please try again later.Too many invalid verification codes, you can try again in %s. This limit protects your account against automated attacks.Traverse all subsites in the network.Trigger Captcha on lockoutTrigger captcha on failed login attemptTrustedTrusted IP addressesTrying to create directory in root of website.Two years (required for preload)Two-Factor AuthenticationTwo-Factor Authentication SetupTwo-Factor Authentication adds an extra layer of security to your account. You can enable it here.Two-Factor Authentication cannot be disabled for this account.Two-Factor Authentication for TOTP failed. No Authentication code provided, please try again.Two-Factor Authentication is mandatory for your account, so you need to make a selection.Two-Factor Authentication must be completed before it can be changed.Two-Factor Authentication must be completed before it can be disabled.Two-Factor Authentication settings have been reset.Two-Factor Authentication setup is required for this account.TypeUnable to connect to cPanelUnable to send test notification at this time.Unauthorized administratorsUnknown plugin encountered.Unset X-Powered-By headerUpdate Really Simple SSL Pro: the plugin needs to be updated to the latest version to be compatible.Update a Really Simple Security option. Usage: wp rsssl update_option --name=option_name --value=option_value. Use 0 and 1 for booleans.Update the advanced-headers.php with the latest rules.UpgradeUploads folder not writable.Usage of the title attribute on the login logo is not recommended for accessibility reasons. Use the link text instead.Use your authenticator app like Google Authenticator to scan the QR code below, then paste the provided Authentication code. %sUserUser not logged in.User roles for password changeUser-AgentUser-AgentsUsernameUsername 'admin' has been changed to %sUsername or Email AddressUsersUsers trying to enter via /wp-admin or /wp-login.php will be redirected to this URL.Validating license...Value to set for the option.Verification Code:Verification code re-sentVerification code sentVerification email sentVerify emailVerify your emailVerify your email address to get the most out of Really Simple Security.ViewView DashboardView settings pageVisit DashboardVisit the plugins overview or %srenew your license%s.VulnerabilitiesVulnerabilities OverviewVulnerability Alert: %sVulnerability MeasuresVulnerability scanVulnerability scanning is enabled.WarningWarning: There has been %1$s failed login attempt on your account without providing a valid two-factor token. The last failed login occurred %2$s ago. If this wasn't you, you should reset your password.Warning: %1$s failed login attempts have been detected on your account without providing a valid two-factor token. The last failed login occurred %2$s ago. If this wasn't you, you should reset your password.WarningsWe detected suspected bots triggering large numbers of 404 errors on your site.We have detected administrator roles where the login and display names are the same.We have detected the %s plugin on your website.We have not detected any known hosting limitations.We have tried to make our Wizard as simple and fast as possible. Although these questions are all necessary, if there’s any way you think we can improve the plugin, please let us %sknow%s!We recommend to enable Two-Factor Authentication at least for administrators.We think you will like thisWelcome to Really Simple SecurityWhy Premium Support?Why did I receive this email?Widget areaWidget with mixed contentWordPress 301 redirect enabled. We recommend to enable a 301 .htaccess redirect.XML-RPCXML-RPC is a mechanism originally implemented into WordPress to publish content without the need to actually login to the backend. It is also used to login to WordPress from devices other than desktop, or the regular wp-admin interface.XML-RPC with Learning ModeYes (don't set header)You already have a valid SSL certificate.You already have free SSL on your hosting environment.You are receiving this email because you have an account registered at %s.You are using the Really Simple Security Shell Exec add on, but your current version needs to be updated.You can add any non-existing username to this table, to instantly block IP addresses that try common usernames like "admin".You can choose to automate the most common actions for a vulnerability. Each action is set to a minimum risk level, similar to the notifications. Please read the instructions to learn more about the process.You can easily block countries, or entire continents. You can act on the event log below and see which countries are suspicious, or exclude all countries but your own.You can find your Plesk username and password in %sYou can find your api key %shere%s (make sure you're logged in with your main account).You can follow these %sinstructions%s.You can indefinitely block known abusive IP addresses, to completely prevent them from trying to login.You can prevent IP addresses from being temporarily blocked by adding them to this list. This can be convenient if you share an IP address with other site users. Usernames that trigger false logins will still be blocked.You can prevent usernames from being temporarily blocked by adding them to this list. The IP address that triggers false logins will still be blocked.You can protect your account with a second authentication layer. Please choose one of the following methods, or click %s if you don't want to use Two-Factor Authentication.You have %s critical vulnerabilityYou have %s critical vulnerabilitiesYou have %s critical-risk vulnerabilityYou have %s critical-risk vulnerabilitiesYou have %s high-risk vulnerabilityYou have %s high-risk vulnerabilitiesYou have %s low-risk vulnerabilityYou have %s low-risk vulnerabilitiesYou have %s medium-risk vulnerabilityYou have %s medium-risk vulnerabilitiesYou have %s open hardening feature.You have %s open hardening features.You have changed your login URLYou have enabled a feature on %s. We think it's important to let you know a little bit more about this feature so you can use it without worries.You have set a 301 redirect to SSL. This is important for SEO purposesYou may need to login in again, have your credentials prepared.You run a Multisite installation with subdomains, but your site doesn't have a wildcard certificate.You run a Multisite installation with subfolders, which prevents this plugin from fixing your missing server variable in the wp-config.php.You should have the www domain pointed to the same website as the non-www domain.You're using a feature where email is an essential part of the functionality. Please validate that you can send emails on your server.Your 2FA grace period expired. Please contact your site administrator to regain access and to configure 2FA.Your Key and Certificate directories are not properly protected.Your SSL certificate will expire soon.Your Two-Factor Authentication configuration is corrupted. Please contact your site administrator to regain access.Your certificate is valid until: %sYour certificate will be renewed and installed automatically.Your certificate will expire on %s.Your certificate will expire on %s. You can renew it %shere%s.Your domain meets the requirements for Let's Encrypt.Your hosting environment does not allow automatic SSL installation.Your license is not active for this URL.Your license key expired on %s.Your license key has been disabled.Your license key has reached its activation limit.Your login URL has changed to {login_url} to prevent common bot attacks on standard login URLs. Learn more about this feature, common questions and measures to prevent any issues.Your login confirmation code for %sYour password was compromised and has been resetYour password was reset because of too many failed Two Factor attempts. You will need to create a new password to regain access. Please check your email for more information.Your server provides shell functionality, which offers additional methods to install SSL. If installing SSL using the default methods is not possible, you can install the shell add on.Your site is protected by Limit Login Attempts.Your site is protected by Two-Factor Authentication (2FA).Your site is protected by a firewall.Your site is set to display errors on your websiteYour site is set to log errors to a potentially public fileYour site uses Divi. This can require some additional steps before getting the secure lock.Your site uses Elementor. This can require some additional steps before getting the secure lock.Your website does not send all essential security headers.Your website's ip address is blocked. Please add your domain's ip address to the security policy in CPanelYour wp-config.php has to be edited, but is not writable.attemptsdaydayseg. %sforbidden - number in author name not allowed = %shCaptchahCaptcha secret keyhCaptcha site keyhttps://really-simple-ssl.comhttps://really-simple-ssl.com/about-ushttps://wordpress.org/no responsenot setreCaptcha secret keyreCaptcha site keyreCaptcha v2recommendedsite← Go to %sPO-Revision-Date: 2026-04-29 11:07:28+0000 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=n != 1; X-Generator: GlotPress/4.0.3 Language: en_GB Project-Id-Version: Plugins - Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) - Stable (latest release) Please note that you can always save and finish the wizard later, use our %sdocumentation%s for additional information or log a %ssupport ticket%s if you need our assistance.%1$s ‹ %2$s — WordPress%d seconds%d:%02d minutes%d:%02d:%02d hours%s day%s days%s hour%s hours%s minutes%s month%s months%s week%s: %s vulnerability found%s: %s vulnerabilities found(opens in a new tab)(recommended)(unknown).htaccess does not exist.htaccess file (%s) is not writable. Redirects cannot be configured automatically..htaccess in uploads not writable.htaccess not writable.htaccess redirect.1 day1 hour1 year2 years30 minutes301 .htaccess redirect301 .htaccess redirect (read instructions first)301 .htaccess redirect is not enabled.301 PHP redirect301 SSL redirect enabled301 redirect to https set.Four hours404 Blocking404 errors detected on your homepage404 errors detected on your homepage. 404 blocking is unavailable, to prevent blocking of legitimate visitors. It is strongly recommended to resolve these errors.404 errors detected on your homepage. This means that the page requests images, scripts or other resources that are no longer available. This could interfere with the Firewall as well.48 hours (default)6 months8 hours (recommended)A %s vulnerability has been found.A correctly configured Content Security Policy can protect your visitors from the most common web attacks. It all starts with denying and upgrading insecure requests on your website.A debug.log is publicly accessible and has a standard location. This will change the location to a randomly named folder in /wp-content/A definition of a site url or home url was detected in your wp-config.php, but the file is not writable.A firewall rule was enabled, but /the wp-content/ folder is not writable.A firewall rule was enabled, but the firewall does not seem to get loaded correctly.A firewall rule was enabled, but the wp-config.php is not writable.A lockout will occur if an IP address exceeds the threshold within the given timeframe. Select ‘%s’ if you want to disable 404 blocking.A networkwide SSL activation process has been started, but has not been completed. Please go to the SSL settings page to complete the process.A new verification code has been sent to your email address.A verification code has been sent to the email address associated with your account to verify functionality.A verification code has been sent to the email address associated with your account.API login for user disabled.Able to create destination folderAbout Cross Origin PoliciesAbout Essential Security HeadersAbout HTTP Strict Transport SecurityAbout HardeningAbout Limit Login AttemptsAbout VulnerabilitiesAbout XML-RPCAbout notificationsAbout the Content Security PolicyAbout the Mixed Content ScanAbout the Permission PolicyAccess denied.According to our information, your hosting provider does not allow any kind of SSL installation, other than their own paid certificate. For an alternative hosting provider with SSL, see this %sarticle%s.According to our information, your hosting provider supplies your account with an SSL certificate by default. Please contact your %shosting support%s if this is not the case.ActionActionsActivateActivate SSLActivate SSL on the site.Activate SSL per site or install a wildcard certificate to fix this.Activate Two-Factor Authentication.Activate a license key. Usage: wp rsssl activate_license YOUR_LICENSE_KEY.Activate all recommended features.Activate essential security headers.Activate limit login attempts.Activate network-wide to fix this.Activate password security features.Activate the firewall.Activate vulnerability scanning.Activate your license keyActivating plugin...Add DeviceAdd IP block.Add a blocked IP to the limit login attempts table.Add a blocked username to the limit login attempts table.Add a lock file for safe mode.Add a trusted IP to the firewall.Add a trusted IP to the limit login attempts table.Add a trusted username to the limit login attempts table.Add additional domains which can embed your website, if needed. Comma separated.AdvancedAdvanced HardeningAdvanced WordPress HardeningAdvanced hardening features complement the basic hardening functions by protecting your site against advanced threats and attacks.Advanced hardening features to protect your site against sophisticated threats and attacks.After completing the installation, you can continue to the next step to complete your configuration.After completing the installation, you can let Really Simple Security automatically configure your site for SSL by using the 'Activate SSL' button.After enabling this feature, you can submit your site to %shstspreload.org%sAfter this number of failed login attempts the user and IP address will be temporarily blocked.Alias domain check is not relevant for a subdomainAllAll recommended hardening features enabled.AllowAllow grace periodAllow only necessary third party resources to be loaded on your website, thus preventing common attacks. Use our unique learning mode to automatically configure your Content Security Policy.Allow secure log in with PasskeysAllow visitors that might accidentally exceed the threshold to unblock themselves using a Captcha.Allow your domain to be embeddedAllowedAllows you to enter a custom login URL.An SSL certificate has been detectedAn error occurred, please try again.An error occurred:An option that requires the .htaccess file in the uploads directory is enabled, but the file is not writable.An option that requires the .htaccess file is enabled, but the file does not exist.An option that requires the .htaccess file is enabled, but the file is not writable.And many more powerful Security features..As Really Simple Security handles all the functionality this plugin provides, we recommend to disable this plugin to prevent unexpected behaviour.As a security precaution, the username ‘admin’ has been changed on %s. From now on, you can login with '%s' or an email address.As your order will be regenerated, you'll need to update your DNS text records.Attempting to install certificate using AutoSSL...Attempting to install certificate...Attempting to set DNS txt record...Authentication Code:Authentication code is incorrect.Authentication codes will be sent to %s.Authentication provider not specified or invalid.Authenticator AppAuthenticator App (TOTP)Authorisation not completed yet.Automated MeasuresAutomatic certificate detection is not possible on your server.Automatic renewal of your certificate was not possible. The SSL certificate should be %srenewed%s manually.Backup CodesBased on your settings, Really Simple Security will take appropriate action, or you will need to solve it manually.BasicBasic security configuration completed!Because the $_SERVER["HTTPS"] variable is not set, your website may experience redirect loops.Below you will find the instructions for different hosting environments and configurations. If you start the process with the necessary instructions and credentials, the next steps will be done in no time.Below you will find your login code for %1$s. It's valid for 15 minutes. %2$sBelow you'll find the email activation code for %1$s. It's valid for 15 minutes. %2$sBlack Friday sale! Get 40% Off Really Simple Security ProBlock the username 'admin'Block user registrations when login and display name are the sameBlockedBlocked IP addresses will be automatically unblocked after the above-configured interval. In the table below you can instantly unblock IP addresses.Blocked usernames will be automatically unblocked after the above-configured interval. In the table below you can instantly unblock usernames.BlocklistsBrowser features are plentiful, but most are not needed on your website.Bundle not available yet...By default, WordPress shows if a username or email address exists when a login fails. This will change it to generic feedback.cPanel hostcPanel passwordcPanel recognised. Possibly the certificate can be installed automatically.cPanel usernameCancelCaptchaCaptcha has not yet been verified, you need to complete the process of a Captcha to verify it's availability.Captcha providerCertificate already generated. It was renewed if required.Certificate not created.Challenge directory not writable.Change debug.log file locationChange passwords everyChanged debug.log location to:Changing redirect methods should be done with caution. Please make sure you have read our instructions beforehand at the right-hand side.Check againCheck manuallyCheck your %slicence%s.Check your site's SMTP settingsChecking SSL certificate...Checking alias domain...Checking certs directory...Checking challenge directory reachable over http...Checking challenge directory...Checking for subdomain setup...Checking for website configuration...Checking host...Checking if cURL is available...Checking if Terms & Conditions are accepted...Checking if plugin folder exists...Checking key directory...Checking permissions...Checking server software...Choose between Email Verification (less secure and not recommended for administrators) or the TOTP method with an authenticator app, depending on your convenience and security needs.Choose new username to replace 'admin'Choose the max-age for HSTSChoose your providerClaim your 6 Free monthsClick the button below to confirm your email address, or copy the following URL: %sCloudWays API keyCloudWays user emailCode was was invalid, try "Resend Code"Codes only available for 5 minutesComplete email validation and enable notifications to make sure you will receive security warnings.CompletedComplianz - Consent Management as it should beComponentCompromised password for %s has been resetCompromised password resetConfigurationConfigure your Cookie Notice, Consent Management and Cookie Policy with our Wizard and Cookie Scan. Supports GDPR, DSGVO, TTDSG, LGPD, POPIA, RGPD, CCPA and PIPEDA.Configured for HTTP challengeConsent Management as it should beContent Security PolicyContent Security Policy HeadersContinentContinentsContinueContinue to renew.Control and monitor the use of XML-RPC on your site with learning mode.Control browser features that could allow third parties to misuse data collected by microphone, camera, GEO Location etc, when enabled for your website.Copy setup keyCopyright warning!Could not automatically add TXT record. Please proceed manually, following the steps below.Could not copy code execution test file.Could not copy text: Could not create test folder and file.Could not find code execution test file.Could not reach challenge directory over %s.Could not rename folder!Could not retrieve server listCould not test certificateCould not verify TXT record for domain %sCould not verify alias domain.CountCountryCrawlers might scan your site looking for possible exploits. One way to detect this is the fact that they trigger more 404 (not found) errors than legitimate visitors would. Below you can set the threshold and lockout duration for 404 blocking.Creating account...CriticalCritical (default)Cross Origin Embedder PolicyCross Origin Opener PolicyCross Origin Resource PolicyCustom login URLCustomize login attempts, intervals, and temporary lockouts according to your preferences to regulate the level of security on your website during authentication. No additional settings requiredDNS records were not verified yet. Please complete the previous step.DNS token not retrieved.DNS verificationDashboardDateDate AddedDeactivate SSL on the site.Deactivate Two-Factor Authentication.Deactivate all recommended features.Deactivate essential security headers.Deactivate limit login attempts.Deactivate password security features.Deactivate the firewall.Deactivate the license.Deactivate vulnerability scanning.Debug.logDebugging with Really Simple SecurityDelete all data on plugin deletionDeletedDepending on your hosting provider, %1$smanual installation%2$s may be required.DescriptionDestination folder already existsDetailsDetected status of your setup.DeviceDevice NameDevicesDirect Admin URLDirectAdmin hostDirectAdmin passwordDirectAdmin recognised. Possibly the certificate can be installed automatically.DirectAdmin usernameDirectiveDirectoriesDisableDisable "anyone can register"Disable HTTP methodsDisable OCSP staplingDisable XML-RPCDisable application passwordsDisable directory browsingDisable the built-in file editorsDisable user enumerationDisabledDiscover:DismissDismiss all notificationsDo you want to store these credentials for renewal purposes?DomainDon't ask againDon't show againDon't use Two-Factor AuthenticationDownloadDownload Backup CodesDue to a change in challenge type, the order had to be reset. Please start at the previous step.During the grace period users can configure their secure authentication method. When the grace period ends, users for which secure authentication is enforced won’t be able to log in unless secure authentication is correctly configured. The grace period is also applied to new users.E-mail loginEasily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate generation.Elevate your security with our Premium Support! Our expert team ensures simple, hassle-free assistance whenever you need it.EmailEmail addressEmail address not validEmail address successfully verified.Email authentication is not active for this userEmail could not be sent.Email could not be sent. No message or subject set.Email log in will send an authentication code to the user’s email address. This is considered less secure than other 2FA methods.Email not verified yet. Verify your email address to get the most out of Really Simple Security.Email notification errorEmail notifications are only sent for important updates, security notices or when certain features are enabled.Email sent!Email sent! Please check your mailEmail validationEmail validation completedEmail verification errorEnableEnable .htaccess only if you know how to regain access in case of issues.Enable 301 .htaccess redirectEnable 301 redirectEnable Custom login URLEnable Email Authentication for:Enable FirewallEnable Limit Login AttemptsEnable Limit Login Attempts to protect the login form against brute-force attacks.Enable Permissions PolicyEnable TOTP Authentication for:Enable Two-Factor AuthenticationEnable a .htaccess redirect or PHP redirect in the settings to create a 301 redirect.Enable compromised password checkEnable open source blocklist API etc.Enable the Vulnerability scan to detect possible vulnerabilities.Enable vulnerability scanningEnabledEnabling auto renew...Enforce frequent password changeEnforce secure authentication for:Enforce secure password policies for your users by requiring strong passwords, and expiring passwords after a period of your choosing.Enforce strong passwordsEnter a custom login URL. This allows you to log in via this custom URL instead of /wp-admin or /wp-login.phpError code %sError enabling auto renew for Let's EncryptError occurredError occurred when retrieving the webpage.Errors were reported during installation.Essential Security HeadersEssential WordPress hardeningEssential securityEssential security headers installedEventEvent LogEvent LogsEvery three hoursExample: If you want to change your login page from /wp-admin/ to /control/ answer: controlExperience all powerful features of Really Simple Security Pro using this %slimited time discount%s: %sFailed retrieving access tokenFailed retrieving account.Failed to activate pluginFailed to create a login nonce.Failed to gather package informationFailed to install pluginFailed to reach %s. The site does not appear to be accessible over HTTPS (Error: %s). Check debug logs for details.Failed to reach %s. The site does not appear to be accessible over HTTPS. Please ensure your server is configured for SSL.Failed to sendFeatureFeedback in plugin overviewFile missing. Please retry the previous steps.File permissions checkFiles not created yet...Filter by user role (default: all).FirewallFirewall ProtectionFirewall RulesFlag to add a permanent block.Flag to remove a permanent block.For more information, please read this %sarticle%sForbidden.Force confirm emailFrom now on, the debug.log won’t be publicly accessible whenever wp-debugging is enabled. The debug log will be stored in a randomly named folder in /wp-content/. This prevents possible leakage of sensitive debugging information.GDPR/CCPA Privacy SuiteGeneralGeneral SettingsGenerating SSL certificate...GenerationGet Login Protection with %sReally Simple SSL Pro%sGet Login Protection with Really Simple Security ProGet more information from the Really Simple Security dashboard on %sGet notified of important changes, updates and settings. Recommended when using security features.Get two-factor authentication with Really Simple Security ProGo to activationGo to installationHSTS forces browsers always to load a website via HTTPS. It prevents unnecessary redirects and prevents manipulation of data originating from communication with your website.HTTP Strict Transport SecurityHardeningHardening features limit the possibility of potential weaknesses and vulnerabilities which can be misused.Heavyweight security features, in a lightweight performant plugin from Really Simple Plugins. Get started with the features below and get the latest and greatest updates for peace of mind!Hello %1$s, an unusually high number of failed login attempts have been detected on your account at %2$s. These attempts successfully entered your password, and were only blocked because they failed to enter your second authentication factor. Despite not being able to access your account, this behaviour indicates that the attackers have compromised your password. The most common reasons for this are that your password was easy to guess, or was reused on another site which has been compromised. To protect your account, your password has been reset, and you will need to create a new one. For advice on setting a strong password, please read %3$s To pick a new password, please visit %4$s This is an automated notification. If you would like to speak to a site administrator, please contact them directly.Hello, this is a notice from your website to inform you that an unusually high number of failed login attempts have been detected on the %1$s account (ID %2$d). Those attempts successfully entered the user's password, and were only blocked because they entered invalid second authentication factors. To protect their account, the password has automatically been reset, and they have been notified that they will need to create a new one. If you do not wish to receive these notifications, you can disable them with the `two_factor_notify_admin_user_password_reset` filter. See %3$s for more information. Thank youHere you can add IP addresses that should never be blocked by the firewall. We will automatically add the IP address of the administrator that enabled the firewall.Here you can configure vulnerability detection, notifications and measures. To learn more about the features displayed, please use the instructions linked in the top-right corner.Here you can see which users have configured Two-Factor Authentication. The reset button will trigger the 2FA onboarding for the selected user(s) again and allow the configured grace period.Here you control the users that are automatically, and temporarily blocked. You can also add or remove users manually. We recommend blocking ‘admin’ as username as a start.HiHi %s %sHi, Really Simple Security has kept your site secure for a month now, awesome! If you have a moment, please consider leaving a review on WordPress.org to spread the word. We greatly appreciate it! If you have any questions or feedback, leave us a %1$smessage%2$s.Hi, Really Simple Security has kept your site secure for some time now, awesome! If you have a moment, please consider leaving a review on WordPress.org to spread the word. We greatly appreciate it! If you have any questions or feedback, leave us a %1$smessage%2$s.Hide the remember me checkboxHide your WordPress versionHighHigh-riskHigh-risk (default)HostingHosting providerI agree to the Terms & Conditions from Let's Encrypt.I have read and understood the risks to intervene with these measures.IP AddressIP AddressesIP Addresses can be allowed, blocked or will show up when your settings add them to a temporary blocklist. If you want to add your IP to the allowlist, please read the article provided at the right-hand side for instructions.IP BlocklistIP address overviewIf the number of failed login attempts is exceeded within this timeframe, the IP address and user will be blocked.If the username 'admin' currently exists, you can rename it here. Please note that you can no longer use this username, and should use the new username or an email addressIf there's a vulnerability, you will also get feedback on the themes and plugin overview.If this is not the case, don't add this alias to your certificate.If this option is set to true, the mixed content fixer will fire on the init hook instead of the template_redirect hook. Only use this option when you experience problems with the mixed content fixer.If you are the owner of this account, please check your email for instructions on regaining access.If you entered your DNS records before, they need to be changed.If your hosting provider auto-renews your certificate, no action is required. Alternatively, you have the option to generate an SSL certificate with Really Simple Security.If your site is only intended for users to login from specific geographical regions, you can entirely prevent logins from certain continents or countries.Implement Two-Factor Authentication or Passkey login.Import and insert fileImportant security noticeImprove security - UpgradeImprove security by requiring strong passwords and forced periodic password changesImprove the default WordPress password strength check. You can also enforce frequent password changes for user roles.Include aliasInclude preloadInclude subdomainsInstallInstall %sManually%s.Install Authentication app:Install SSL certificateInstallationInstallation failed.Installation finishedInstalledInstallingInstalling SSL certificate using PLESK API...Installing SSL certificate...Installing plugin...Instantly configure these essential features.InstructionsIntervalInvalid authentication request.Invalid licence.Invalid login details.Invalid nonce.Invalid providerInvalid user.Invalid verification code.It is not possible to install Let's Encrypt on a localhost environment.It is not possible to install Let's Encrypt on a subfolder configuration.It is not possible to install Let's Encrypt on a subsite. Please go to the main site of your website.It seems that no valid license key is activated for this domain. Activate your license key using the `%s` command, or purchase a valid license key via https://really-simple-ssl.com/proKey copiedLast UsedLax - 10 errors in 2 secondsLearn moreLearn more about our features!Leave a reviewLet's EncryptLet's Encrypt.Letʼs Encrypt is a free, automated and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).Leveraging your SSL certificate with HSTS is a staple for every website. Force your website over SSL, mitigating risks of malicious counterfeit websites in your name.Licence invalidLicence validLimit AttemptsLimit Login AttemptsLimit Login Attempts ProtectionLimit Login Attempts protects your site from login attempts by unauthorised users. When you enable Limit Login Attempts, all login attempts are logged and repeated attempts to login with invalid credentials will be blocked automatically.Limit Password Reset AttemptsLimit logged in session durationLimit to a single blog_id (multisite).LocationLocked-outLockout durationLog InLogin AuthenticationLogin ProtectionLogin attemptsLogin credentials incorrectLogin credentials incorrect. Please check your log-in credentials for cPanel.Login protectionLogin statusLogsLowLow-riskLow-risk Low-risk (default)Maintain peace of mind with our simple, but effective automated measures when vulnerabilities are discovered. When needed Really Simple Security will force update or quarantine vulnerable components, on your terms!Many vulnerabilities are exploited by injecting a user with administrator capabilities outside of the native WordPress creation process. Under advanced hardening you can prevent this from happening.Maybe laterMeasuresMediumMedium-riskMethodMissing licence.Mixed Content FixerMixed Content ScanMixed contentMixed content fixerMixed content fixer - back endMixed content fixer - init hookMixed content fixer not enabled. Enable the option to fix mixed content on your site.Mixed content in %sMixed content in CSS/JS file from another domainMixed content in PHP file in %sMixed content in post: %sMixed content in the postmeta tableMixed content scanMore infoMultiple %s vulnerabilities have been found.Name of the option to update.No 301 redirect is set. Enable the WordPress 301 redirect in the settings to get a 301 permanent redirect.No 301 redirect to SSL enabled.No SSL certificate has been detected.No SSL detectedNo SSL detected. Use the retry button to check again.No recommended redirect rules detected.No redirectNo subdomain setup detected.No valid list of domains.Nonce validation failedNoneNormal - 10 errors in 5 secondsNot all essential security headers are installedNot recognised server.Not sure if you're using XML-RPC, or want to restrict unauthorised use of XML-RPC? With learning mode you can see exactly which sources use XML-RPC, and you can revoke where necessary.NoteNotification by %sNotification by Really Simple SecurityNotificationsNotifications by emailOCSP not supported, the certificate will be generated without OCSP.OCSP stapling is configured as enabled by default. You can disable this option if this is not supported by your hosting provider.OffOn Apache you can use a .htaccess redirect, which is usually faster, but may cause issues on some configurations. Read the instructions in the sidebar first.Once every 5 minutesOnce every dayOnce every monthOnce every weekOne click SSL optimisationOne day (for testing only)One of the most powerful features, and therefore the most complex are the Cross-Origin headers that can isolate your website so any data leaks are minimised.One yearOnline Booking SystemOnly enable this if you experience mixed content in the admin environment of your WordPress website.OpenOptional note for the block.Order ID mismatch, regenerate order.Order successfully created.Order successfully retrieved.Output format: table|json|csv (default: table).Package information retrievedPasskeyPasskeysPasskeys are a very secure and convenient way to log in. It allows the user to authenticate using their device, browser or password manager.PasswordPassword ResetPassword SecurityPassword securityPasswordsPerformant FirewallPermanentPermanent blockPermission denied.Permissions PolicyPlease %sconsider upgrading to Pro%s to enjoy all simple and performant security features.Please activate it manually on your hosting dashboard.Please activate it on your dashboard %smanually%sPlease add the following lines to your .htaccess, or set it to writable:Please adjust the CAA records via your DNS provider to allow Let’s Encrypt SSL certificatesPlease change your email address %shere%s and try again.Please check if the advanced-headers.php file is included in the wp-config.php, and exists in the wp-content folder.Please check if the non www version of your site also points to this website.Please check if the www version of your site also points to this website.Please check your inbox and click the confirm button to confirm that your site is correctly configured to send emails. Didn't receive the e-mail? %1$s, or try to: %2$s %3$s %4$sPlease complete %smanually%sPlease complete manually in your hosting dashboard.Please complete the following step(s) first: %sPlease configure your %sCaptcha settings%s before enabling this settingPlease create a folder 'rsssl' in the uploads directory, with 644 permissions.Please double check your DNS txt record.Please loginPlease make sure to configure a method, access to your account will be denied if no method is configured today.Please make sure to configure a method, access to your account will be denied if no method is configured within the next %s days.Please refresh the SSL status if a certificate has been installed recently.Please set the wp-config.php to writable until the rule has been written.Please set the wp-content folder to writable:Please start at the previous step.Please take appropriate action.Please verify your emailPlease wait %s before trying again, as this is the expiration of the DNS record currently.Plesk admin URLPlesk hostPlesk passwordPlesk recognised. Possibly the certificate can be installed automatically.Plesk usernamePlesk username and passwordPlugin activatedPlugin installedPowered by WordPressPre-flight checks passed.Preferred MethodPremium SupportPrevent account theft by offering more secure authentication methods. You can configure which methods are available per user role, or even enforce usage of secure authentication. Secure authentication can be either Two-Factor Authentication or Passkey login.Prevent clickjacking and other malicious attacks by restricting sources that are permitted to embed content from your website.Prevent code execution in the public 'Uploads' folderPrevent login feedbackPrevent session hijackingPrevent usage of passwords that have been included in a databreach. This securely verifies part of the hashed password via the Have I Been Pwned API.Preview users in scope for 2FA reminders (dry-run).Protect your login form with Limit Login AttemptsProtect your login form with Limit Login Attempts.Protect your site against brute force login attacks by limiting the number of login attempts. Enabling this feature will temporary lock-out a username and the IP address that tries to login, after the set number of false logins.Protect your site with a performant Firewall.Protect your user logins with Two-Factor Authentication (at least for Administrator accounts)Protect your website against brute-force attacks with a captcha. Choose between Google reCAPTCHA or hCaptcha.Protecting your website visitors from malicious attacks and data breaches should be your #1 priority, start with the essentials with Really Simple SecurityEmailRe-checkReached %s, but received an error response code: %d. HTTPS is not properly configured.Read about our journey towards Really Simple SecurityRead moreRead more about security concerns with debug display enabledReally Simple Plugins is also the author of the below privacy-focused plugins including consent management and legal documents!Really Simple SSL is now %1$sReally Simple Security!%2$sReally Simple SecurityReally Simple Security - Notification TestReally Simple Security - Verify your email addressReally Simple Security allows you to limit the default logged in session duration. By default, WordPress will keep users logged in for 48 hours, or even 14 days when clicking the ‘remember me’ checkbox. An attacker could possibly steal the logged in cookie and gain access to a user’s account. Limiting the logged in duration to 8 hours will greatly reduce the risk of session hijacking.Really Simple Security and Really Simple Security add-ons do not process any personal identifiable information, so the GDPR does not apply to these plugins or usage of these plugins on your website. You can find our privacy policy here.Really Simple Security can trigger a Captcha to limit access to your site or the login form.Really Simple Security collects information about plugins, themes, and core vulnerabilities from our database powered by WPVulnerability. Anonymised data about these vulnerable components will be sent to Really Simple Security for statistical analysis to improve open-source contributions. For more information, please read our privacy statement.Really Simple Security dashboardReally Simple Security detected a vulnerability in this themeReally Simple Security detected an SSL certificate, but has not been configured to enforce SSL.Really Simple Security has received no response from the webpage.Really Simple Security is installed, but no valid SSL certificate is detected.Really Simple Security will scan for insecure file and folder permissions on a weekly basis. You will receive an email report and Dashboard notice if insecure permissions are found.Really Simple Security will send email notifications and security warnings from your server. We will send a test email to confirm that email is correctly configured on your site. Look for the confirmation button in the email.Receive a code by emailRecommended by Really Simple PluginsRecommended security headers enabled.Recovery Mode — %sRedirect methodRedirectionRedirects your site to https with a SEO friendly 301 redirect if it is requested over http.RegionsRegisteredRemember MeRemoveRemove IP block.Remove a blocked IP from the limit login attempts table.Remove a blocked username from the limit login attempts table.Remove a trusted IP from the firewall.Remove a trusted IP from the limit login attempts table.Remove a trusted username from the limit login attempts table.Remove from public location with Really Simple SecurityRemove the lock file for safe mode.Rename admin user enabled: Please choose a new username of at least 3 characters, which is not in use yet.Rename and randomise your database prefixRenew certificateRenew installationResend CodeResend emailResend verification emailReset rsssl_two_fa_reminder_sent meta before sending.Reset rsssl_two_fa_reminder_sent meta for a clean run.Reset the 2FA status and methods for a user.Restrict access from specific countries or continents. You can also allow only specific countries.Restrict access to your site based on user location. By default, all regions are allowed. You can also block entire continents.Restrict creation of administrator rolesRetrieving Cloudways server data...Retrieving DNS verification token...Retrieving package information...RetryRiskRulesSSL Status TestSSL activation in progressSSL certificate should be generated and installed.SSL certificate will expire on %s.SSL is enabled networkwide.SSL is enabled on your site.SSL is not enabled on your networkSSL is not enabled yet.SSL is not enabled.SSL is not yet enabled on this site.SSL is now activated. Follow the three steps in this article to check if your website is secure.SSL successfully installed on %sSave and continueScan resultsSearching for link to SSL installation page on your server...Secure your site with a FirewallSecure your site with the performant Firewall.SecuritySecurity HeadersSecurity Headers TestSecurity configuration completed!Security configuration not completed yet. You still have %s task open.You still have %s tasks open.Security through obscurity. Your site is no longer using the default wp_ prefix for database tables. The process has been designed to only complete and replace the tables after all wp_ tables are successfully renamed. In the unlikely event that this does lead to database issues on your site, please navigate to our troubleshooting article.See which recommended security headers are not present on your website.Selected providerSelf (Default)SendSend 2FA reminders for the current selection.Send an email code during login. You can force user roles to use two-factor authentication, or leave the choose with your users, if so desired.Sending...Serve encrypted and authenticated responsesSet permissions to 644 to enable SSL generation.Set your wp-config.php to writable and reload this page.SettingsSettings update: .htaccess redirectSettings update: Database prefix changedSettings update: Debug.log file relocatedSettings update: Username 'admin' renamedShow blocked IP's.Site-wide, admin notificationSkipSkip (%1$d %2$s remaining)Skip (Only today remaining)Sorry, you are not allowed to access user data without authentication.Sorry, you are not allowed to access users without authentication.SourceStart login protection by adding an additional layer during authentication. This will leave authentication less dependent on just a single password. Want to force strong passwords? Check out Password Security.StatusStop editing the .htaccess fileStore for renewal purposes. If not stored, renewal may need to be done manually.Strict - 10 errors in 10 secondsStrong Password policySubmitSuccessfully added TXT record.Successfully generated certificate.Successfully installed Let's EncryptSuccessfully installed SSLSuccessfully retrieved accountSuccessfully retrieved server ID and app IDSuccessfully verified DNS recordsSuccessfully verified alias domain.SupportSystem statusTOTP means authentication using apps like Google Authenticator.TOTP requires users to authenticate using a third-party app such as Google Authenticator.TemporaryTemporary blockTerms and conditionsTerms & Conditions are accepted.Terms and ConditionsTest not found.Test notification email errorTest notificationsTest notifications can be used to test email delivery and shows how vulnerabilities will be reported on your WordPress installation.Thank you for being a long-time user! As a token of our gratitude, we want to offer you %s6 months Really Simple Security Pro, 100%% Free!%sThe 'force-deactivate.php' file has to be renamed to .txt. Otherwise your SSL can be deactivated by anyone on the internet.The .htaccess redirect has been enabled on your site. If the server configuration is non-standard, this might cause issues. Please check if all pages on your site are functioning properly.The .htaccess redirect rules selected by this plugin failed in the test. Set manually or dismiss to leave on PHP redirect.The 301 .htaccess redirect is the fastest and most reliable redirect option.The 301 redirect with .htaccess to HTTPS is now enabled.The DISALLOW_FILE_EDIT constant is defined and set to false. You can remove it from your wp-config.php.The DNS response for %s was %s, while it should be %s.The EssentialsThe Event Log shows all relevant events related to limit login attempts. You can filter the log using the dropdown on the top-right to only show warnings.The Event Log shows all relevant events related to the Firewall and IP lockouts. You can filter the log using the dropdown on the top-right to only show warnings.The Firewall can also block traffic from malicious or resource-consuming bots that might crawl your website. A list of well-known bad User-Agents is automatically included. You can manually add or delete user-agents if so desired.The Firewall, LLA and 2FA are currently inactive, as you have activated Safe Mode with the rsssl-safe-mode.lock file. Remove the file from your /wp-content folder after you have finished debugging.The Hosting Panel software was not recognised. Depending on your hosting provider, the generated certificate may need to be installed manually.The IP address will see a locked out screen for the selected duration.The IP to block.The IP to unblock.The PHP function cURL has successfully been detected.The PHP function cURL is not available on your server, which is required. Please contact your hosting provider.The SSL certificate has been renewed, and requires manual %sinstallation%s in your hosting dashboard.The Terms & Conditions were not accepted. Please accept in the general settings.The Two-Factor Authentication setup for TOTP failed. Please try again.The Two-Factor Authentication setup for email failed. Please try again.The URL you use to access your DirectAdmin dashboard. Ends on :2222.The URL you use to access your Plesk dashboard. Ends on :8443.The URL you use to access your cPanel dashboard. Ends on :2083.The authentication code is not valid.The automatic installation of your certificate has failed. Please check your credentials, and retry the %sinstallation%s.The certificate generation was rate limited for five minutes because the authorisation failed.The certificate installation was rate limited. Please try again later.The certs directory is not created yet.The certs directory was successfully created.The challenge directory is not created yet.The challenge directory was successfully created.The code to block code execution in the uploads folder cannot be added automatically on NGINX. Add the following code to your nginx.conf file:The content security policy has many options, so we always recommend starting in ‘learning mode’ to see what files and scripts are loaded.The email address was not set. Please set the email addressThe essential security headers are detected on your site.The extensive mixed content scan will list all issues and provide a fix, or instructions to fix manually.The following directories do not have the necessary writing permissions.The following information is attached when you send this form: licence key, scan results, your domain, .htaccess file, debug log and a list of active plugins.The key directory is not created yet.The key directory was successfully created.The key is not valid.The license key to activate.The lightweight Firewall can be used to lockout malicious traffic from your site. You can configure generic rules below, or block specific IP addresses by adding them to the Blocklist.The mixed content fixer could not be detected due to a cURL error: %s. cURL errors are often caused by an outdated version of PHP or cURL and don't affect the front-end of your site. Contact your hosting provider for a fix.The mixed content fixer is active, but was not detected on the frontpage.The non-www version of your site does not point to this website. This is recommended, as it will allow you to add it to the certificate as well.The onboarding wizard will help to configure essential security features in 1 minute! Select your hosting provider to start.The order is invalid, possibly due to too many failed authorisation attempts. Please start at the previous step.The preferred method is not set.The required directories have the necessary writing permissions.The selected provider is not valid.The settings below determine how strict your site will be protected. You can leave these settings on their default values, unless you experience issues.The site's security policy requires you to configure Two-Factor Authentication to protect against account theft. %1$s and configure Two-Factor authentication %2$swithin three days%3$s. If you haven't performed the configuration by then, %4$syou will be unable to login%5$s.The system is not ready for the DNS verification yet. Please run the wizard again.The system is not ready for the installation yet. Please run the wizard again.The used domain for your email address is not allowed.The user ID is not valid.The user ID to reset 2FA for.The user and IP address will be temporarily unable to login for the specified duration. You can block IP addresses indefinitely via the IP addresses block.The user object is not valid.The user will be blocked after entering too many incorrect logins on the password reset page.The username to block.The username to unblock.The value, WP_DEBUG_DISPLAY, has either been enabled by WP_DEBUG or added to your configuration file. This will display errors on the front end of your site.The value, WP_DEBUG_LOG, has been added to this website’s configuration file. This means any errors on the site will be written to a file which is potentially available to all users.The wp-config.php file is not writable, and needs to be edited. Please set this file to writable.The www version of your site does not point to this website. This is recommended, as it will allow you to add it to the certificate as well.There are existing keys, the order had to be cleared first.There have been too many failed two-factor authentication attempts, which often indicates that the password has been compromised. The password has been reset in order to protect the account.These notifications are set to the minimum risk level that triggers a notification. For example, the default site-wide notification triggers on high-risk and critical vulnerabilities.These security headers are the fundamental security measures to protect your website visitors while visiting your website.These user roles will be enforced to either configure Two-factor Authentication or Passkey log in. We recommend to enforce at least administrators.They might be misused if you don’t actively tell the browser to disable these features.This adds extra requirements for strong passwords for new users and updated passwords.This appears to be an invalid licence key for this plugin.This command is related to functionality available in Really Simple Security Pro, please consider upgrading to unlock all powerful security features. Read more: https://really-simple-ssl.com/proThis email address is used to create a Let's Encrypt account. This is also where you will receive renewal notifications.This email is confirmation that any security notices are likely to reach your inbox.This email is part of the Really Simple Security Notification SystemThis email was sent toThis feature allows you to block visitors from your website based on countryThis feature depends on multiple standard background processes. If a process fails or is unavailable on your system, detection might not work. We run frequent tests for this purpose. We will notify you accordingly if there are any issues.This feature is disabled because you have not verified that e-mail is correctly configured on your site.This is a multisite configuration with subdomains. You should generate a wildcard certificate on the root domain.This is a security feature implemented by web browsers to control how web pages from different origins can interact with each other.This is a vulnerability alert from Really Simple Security for %s. This is the vulnerability overview. Here you will find current known vulnerabilities on your system. You can find more information and helpful, actionable insights for every vulnerability under details.This leads to issues when activating SSL networkwide since subdomains will be forced over SSL as well while they don't have a valid certificate.This list shows all individually blocked IP addresses. On top the top-right you can filter between permanent blocks and temporary blocks. By default, blocks are only temporary, as attackers and bots will frequently alter between IP addresses. However, you can manually configure permanent blocks.This option is handled by the Content Security Policy/frame-ancestors setting.This setting will block attempts to assign administrator roles outside the native user creation process by WordPress. This might include other plugins that create, edit or assign roles to users. If you need to create an administrator in a third-party plugin, temporarily disable this setting while you make the changes.This site requires you to secure your account with a second authentication method.This will include both the www. and non-www. version of your domain.This will limit or fully disable HTTP requests that are not needed, but could be used with malicious intent.This will permanently change your database prefixes and you can NOT rollback this feature. Please make sure you have a back-up.This will send emails about vulnerabilities directly from your server. Make sure you can receive emails by the testing a preview below. If this feature is disabled, please enable notifications under general settings.ThresholdTime leftTo ensure all traffic passes through SSL, please enable a 301 redirect.To safely enable SSL on your server configuration, you should add the following line of code to your wp-config.php.To use certain features in Really Simple Security we need to confirm emails are delivered without issues.Token not generated. Please complete the previous step.Token not received yet.Token successfully retrieved. Click the refresh button if it's not visible yet.Too many attempts. Please try again later.Too many invalid verification codes, you can try again in %s. This limit protects your account against automated attacks.Traverse all subsites in the network.Trigger Captcha on lockoutTrigger captcha on failed login attemptTrustedTrusted IP addressesTrying to create directory in root of website.Two years (required for preload)Two-Factor AuthenticationTwo-Factor Authentication SetupTwo-Factor Authentication adds an extra layer of security to your account. You can enable it here.Two-Factor Authentication cannot be disabled for this account.Two-Factor Authentication for TOTP failed. No Authentication code provided, please try again.Two-Factor Authentication is mandatory for your account, so you need to make a selection.Two-Factor Authentication must be completed before it can be changed.Two-Factor Authentication must be completed before it can be disabled.Two-Factor Authentication settings have been reset.Two-Factor Authentication setup is required for this account.TypeUnable to connect to cPanelUnable to send test notification at this time.Unauthorised administratorsUnknown plugin encountered.Unset X-Powered-By headerUpdate Really Simple SSL Pro: the plugin needs to be updated to the latest version to be compatible.Update a Really Simple Security option. Usage: wp rsssl update_option --name=option_name --value=option_value. Use 0 and 1 for booleans.Update the advanced-headers.php with the latest rules.UpgradeUploads folder not writable.Usage of the title attribute on the login logo is not recommended for accessibility reasons. Use the link text instead.Use your authenticator app like Google Authenticator to scan the QR code below, then paste the provided Authentication code. %sUserUser not logged in.User roles for password changeUser-AgentUser-AgentsUsernameUsername 'admin' has been changed to %sUsername or Email AddressUsersUsers trying to enter via /wp-admin or /wp-login.php will be redirected to this URL.Validating licence...Value to set for the option.Verification Code:Verification code re-sentVerification code sent.Verification email sentVerify emailVerify your emailVerify your email address to get the most out of Really Simple Security.ViewView DashboardView settings pageVisit DashboardVisit the plugins overview or %srenew your licence%s.VulnerabilitiesVulnerabilities OverviewVulnerability Alert: %sVulnerability MeasuresVulnerability scanVulnerability scanning is enabled.WarningWarning: There has been %1$s failed login attempt on your account without providing a valid two-factor token. The last failed login occurred %2$s ago. If this wasn't you, you should reset your password.Warning: %1$s failed login attempts have been detected on your account without providing a valid two-factor token. The last failed login occurred %2$s ago. If this wasn't you, you should reset your password.WarningsWe detected suspected bots triggering large numbers of 404 errors on your site.We have detected administrator roles where the login and display names are the same.We have detected the %s plugin on your website.We have not detected any known hosting limitations.We have tried to make our Wizard as simple and fast as possible. Although these questions are all necessary, if there’s any way you think we can improve the plugin, please let us %sknow%s!We recommend to enable Two-Factor Authentication at least for administrators.We think you will like thisWelcome to Really Simple SecurityWhy Premium Support?Why did I receive this email?Widget areaWidget with mixed contentWordPress 301 redirect enabled. We recommend to enable a 301 .htaccess redirect.XML-RPCXML-RPC is a mechanism originally implemented into WordPress to publish content without the need to actually login to the backend. It is also used to login to WordPress from devices other than desktop, or the regular wp-admin interface.XML-RPC with Learning ModeYes (don't set header)You already have a valid SSL certificate.You already have free SSL on your hosting environment.You are receiving this email because you have an account registered at %s.You are using the Really Simple Security Shell Exec add on, but your current version needs to be updated.You can add any non-existing username to this table, to instantly block IP addresses that try common usernames like "admin".You can choose to automate the most common actions for a vulnerability. Each action is set to a minimum risk level, similar to the notifications. Please read the instructions to learn more about the process.You can easily block countries, or entire continents. You can act on the event log below and see which countries are suspicious, or exclude all countries but your own.You can find your Plesk username and password in %sYou can find your api key %shere%s (make sure you're logged in with your main account).You can follow these %sinstructions%s.You can indefinitely block known abusive IP addresses, to completely prevent them from trying to login.You can prevent IP addresses from being temporarily blocked by adding them to this list. This can be convenient if you share an IP address with other site users. Usernames that trigger false logins will still be blocked.You can prevent usernames from being temporarily blocked by adding them to this list. The IP address that triggers false logins will still be blocked.You can protect your account with a second authentication layer. Please choose one of the following methods, or click %s if you don't want to use Two-Factor Authentication.You have %s critical vulnerabilityYou have %s critical vulnerabilitiesYou have %s critical vulnerabilityYou have %s critical-risk vulnerabilitiesYou have %s high-risk vulnerabilityYou have %s high-risk vulnerabilitiesYou have %s low-risk vulnerabilityYou have %s low-risk vulnerabilitiesYou have %s medium-risk vulnerabilityYou have %s medium-risk vulnerabilitiesYou have %s open hardening feature.You have %s open hardening features.You have changed your login URLYou have enabled a feature on %s. We think it's important to let you know a little bit more about this feature so you can use it without worries.You have set a 301 redirect to SSL. This is important for SEO purposesYou may need to login in again, have your credentials prepared.You run a Multisite installation with subdomains, but your site doesn't have a wildcard certificate.You run a multisite installation with subfolders, which prevents this plugin from fixing your missing server variable in the wp-config.php.You should have the www domain pointed to the same website as the non-www domain.You're using a feature where email is an essential part of the functionality. Please validate that you can send emails on your server.Your 2FA grace period expired. Please contact your site administrator to regain access and to configure 2FA.Your Key and Certificate directories are not properly protected.Your SSL certificate will expire soon.Your Two-Factor Authentication configuration is corrupted. Please contact your site administrator to regain access.Your certificate is valid until: %sYour certificate will be renewed and installed automatically.Your certificate will expire on %s.Your certificate will expire on %s. You can renew it %shere%s.Your domain meets the requirements for Let's Encrypt.Your hosting environment does not allow automatic SSL installation.Your licence is not active for this URL.Your licence key expired on %s.Your licence key has been disabled.Your licence key has reached its activation limit.Your login URL has changed to {login_url} to prevent common bot attacks on standard login URLs. Learn more about this feature, common questions and measures to prevent any issues.Your login confirmation code for %sYour password was compromised and has been resetYour password was reset because of too many failed Two Factor attempts. You will need to create a new password to regain access. Please check your email for more information.Your server provides shell functionality, which offers additional methods to install SSL. If installing SSL using the default methods is not possible, you can install the shell add-on.Your site is protected by Limit Login Attempts.Your site is protected by Two-Factor Authentication (2FA).Your site is protected by a firewall.Your site is set to display errors on your websiteYour site is set to log errors to a potentially public fileYour site uses Divi. This can require some additional steps before getting the secure lock.Your site uses Elementor. This can require some additional steps before getting the secure lock.Your website does not send all essential security headers.Your website's IP address is blocked. Please add your domain's IP address to the security policy in cPanelYour wp-config.php has to be edited, but is not writable.attemptsdaydayseg. %sforbidden - number in author name not allowed = %shCaptchahCaptcha secret keyhCaptcha site keyhttps://really-simple-ssl.comhttps://really-simple-ssl.com/about-ushttps://wordpress.org/no responsenot setreCaptcha secret keyreCaptcha site keyreCaptcha v2recommended← Go to %s