602TechSec Active

602TechSec WordPress Plugin Documentation

Complete integration guide for WordPress

# 602TechSec Security - WordPress Plugin

Protect your WordPress site with real-time API verification from 602TechSec. Block malicious traffic, prevent attacks, and manage your security rules directly from WordPress.

## Features

- ? **Real-Time Protection**: Every request verified against your custom security rules
- ??? **Smart Blocking**: Multiple block modes (redirect, 403, or log-only)
- ?? **Activity Logging**: Track all security events in detailed logs
- ?? **Self-Service Management**: Embedded widget to manage API settings
- ?? **Flexible Rules**: Whitelist admins, logged-in users, or specific request types
- ?? **High Performance**: Optimized API calls with minimal overhead
- ?? **Statistics Dashboard**: View blocked threats and security metrics

## Requirements

- WordPress 5.0 or higher
- PHP 7.2 or higher
- 602TechSec API account ([Get one here](https://sec.602.tech/))

## Installation

### Method 1: Manual Installation

1. Download the plugin ZIP file
2. Go to WordPress Admin ? Plugins ? Add New
3. Click "Upload Plugin" and select the ZIP file
4. Click "Install Now" and then "Activate"

### Method 2: FTP Installation

1. Extract the ZIP file
2. Upload the `602techsec-security` folder to `/wp-content/plugins/`
3. Activate the plugin through the WordPress Admin ? Plugins menu

## Quick Start

### 1. Get Your API Key

1. Visit [602TechSec Admin Panel](https://sec.602.tech/admin)
2. Log in or create an account
3. Navigate to API Keys section
4. Create a new API key for your WordPress site
5. Copy the API key

### 2. Configure the Plugin

1. Go to WordPress Admin ? 602TechSec ? Settings
2. Paste your API key in the "API Key" field
3. Click "Test Connection" to verify
4. Enable "Enable Protection" toggle
5. Configure your preferences:
   - **Block Mode**: Choose how to handle blocked requests
   - **Whitelist Rules**: Decide which users to always allow
   - **Request Checking**: Select which request types to verify
   - **Activity Logging**: Enable logging for audit trail
6. Click "Save Settings"

### 3. Configure Security Rules

1. Go to [602TechSec Admin Panel](https://sec.602.tech/admin)
2. Configure your security rules:
   - Whitelist trusted domains
   - Blacklist malicious hosts
   - Block specific IP addresses
   - Set up rate limiting
3. **OR** use the built-in widget:
   - Go to WordPress Admin ? 602TechSec ? Manage API Settings
   - Use the embedded interface to manage rules

### 4. Monitor Activity

- View logs: WordPress Admin ? 602TechSec ? Activity Log
- See blocked threats, allowed requests, and statistics
- Export logs to CSV for analysis

## Configuration Options

### Block Modes

**Redirect to Safe Page** (Recommended)
- Silently redirects blocked users to your homepage or custom URL
- Best user experience for false positives

**Show 403 Forbidden Page**
- Displays a branded "Access Denied" page
- Clear indication of security block
- Customizable via theme template (`602techsec-blocked.php`)

**Log Only**
- Records security events without blocking
- Good for testing before full deployment
- Analyze patterns before enforcing rules

### Whitelist Rules

**Whitelist Administrators**
- Never block logged-in admins
- Recommended: ON (prevents lockouts)

**Whitelist Logged-In Users**
- Never block any authenticated user
- Use if you trust all registered users

### Request Checking

**Check Login Page**
- Verify requests to `wp-login.php`
- Protects against brute force attacks
- Recommended: ON

**Check Admin Area**
- Verify requests to `/wp-admin/`
- Use carefully if whitelisting admins is disabled
- Recommended: OFF (if whitelisting admins)

**Check REST API**
- Verify REST API requests
- Protects API endpoints
- Recommended: ON

**Check Comments**
- Verify comment submissions
- Prevents spam and malicious comments
- Recommended: ON

## Usage Examples

### Custom 403 Template

Create `602techsec-blocked.php` in your theme directory:

```php
<?php
/**
 * Custom 602TechSec Blocked Page
 */
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Access Denied</title>
    <?php wp_head(); ?>
</head>
<body>
    <div class="blocked-page">
        <h1>Access Denied</h1>
        <p>Your request has been blocked by our security system.</p>
        <p><a href="<?php echo home_url(); ?>">Return to Homepage</a></p>
    </div>
    <?php wp_footer(); ?>
</body>
</html>
```

### Filter Block Decision

```php
// Allow custom logic before blocking
add_filter('techsec602_should_block', function($should_block, $reason) {
    // Don't block specific IP
    if (TechSec602_Client::get_client_ip() === '203.0.113.10') {
        return false;
    }
    
    return $should_block;
}, 10, 2);
```

### Custom Redirect URL

```php
// Customize redirect URL based on reason
add_filter('techsec602_redirect_url', function($url) {
    return home_url('/blocked-notice');
});
```

### Hook into Block Events

```php
// Log to external service when request is blocked
add_action('techsec602_before_block', function($reason) {
    error_log('602TechSec blocked request: ' . $reason);
    
    // Send to external monitoring service
    // wp_remote_post('https://your-monitoring.com/api/log', [...]);
});
```

## API Settings Widget

The plugin includes an embedded 602TechSec widget for self-service API management:

**Access**: WordPress Admin ? 602TechSec ? Manage API Settings

**Features**:
- Manage whitelist/blacklist rules
- Add/remove blocked IPs
- Configure rate limiting
- View current settings
- Changes take effect immediately

**Auto-Authentication**:
- Widget uses your WordPress API key automatically
- No need to re-enter credentials
- Secure and seamless experience

## Activity Logs

**Location**: WordPress Admin ? 602TechSec ? Activity Log

**Information Tracked**:
- Timestamp of request
- IP address
- URL requested
- Status (allowed/blocked/error)
- Block reason (if blocked)
- Processing time

**Features**:
- View recent 100 requests
- Filter by status
- See top blocked IPs
- Export to CSV
- Auto-cleanup after X days (configurable)

## Performance

- Average processing time: **5-15ms** per request
- Fail-open design: If API is unreachable, requests are allowed (no downtime)
- Minimal database overhead
- Optimized API calls
- No impact on user experience for allowed requests

## Security Considerations

### API Key Protection
- API key stored in WordPress database (wp_options)
- Not exposed in frontend code
- Only accessible to admin users

### Fail-Open Design
- If 602TechSec API is unreachable, requests are allowed
- Prevents site downtime due to API issues
- Errors are logged for monitoring

### Admin Lockout Prevention
- "Whitelist Administrators" enabled by default
- Prevents accidental lockouts
- Can be disabled if needed

## Troubleshooting

### Connection Test Fails

**Check**:
1. API key is correct
2. Site can reach `https://sec.602.tech`
3. No firewall blocking outbound connections
4. PHP curl extension is enabled

### Getting Blocked Accidentally

**Solutions**:
1. Enable "Whitelist Administrators"
2. Check your security rules at [sec.602.tech](https://sec.602.tech/admin)
3. Add your IP to whitelist
4. Switch to "Log Only" mode temporarily

### Logs Not Appearing

**Check**:
1. "Enable Logging" is turned ON
2. Database table exists (deactivate/reactivate plugin)
3. Check PHP error logs

### Widget Not Loading

**Check**:
1. API key is configured
2. Browser can reach `https://sec.602.tech`
3. No browser console errors
4. Ad blockers not interfering

## Frequently Asked Questions

**Q: Does this slow down my site?**
A: No. API calls add only 5-15ms per request and run asynchronously. The fail-open design ensures your site always loads.

**Q: What happens if 602TechSec API is down?**
A: The plugin fails open - all requests are allowed. Your site continues working normally.

**Q: Can I test before going live?**
A: Yes! Use "Log Only" mode to see what would be blocked without actually blocking requests.

**Q: Will this block legitimate users?**
A: Only if configured to do so. Use whitelisting rules carefully and monitor activity logs.

**Q: How do I add my own IP to whitelist?**
A: Go to 602TechSec ? Manage API Settings ? Add your IP to whitelist

**Q: Can I customize the blocked page?**
A: Yes! Create `602techsec-blocked.php` in your theme directory.

## Support

- **Documentation**: [https://sec.602.tech/](https://sec.602.tech/)
- **Admin Panel**: [https://sec.602.tech/admin](https://sec.602.tech/admin)
- **Plugin Settings**: WordPress Admin ? 602TechSec

## Changelog

### 1.0.0 (2024)
- Initial release
- Real-time request verification
- Activity logging
- Statistics dashboard
- Embedded widget for API management
- Multiple block modes
- Flexible whitelisting rules
- Export logs to CSV

## License

GPL v2 or later - [https://www.gnu.org/licenses/gpl-2.0.html](https://www.gnu.org/licenses/gpl-2.0.html)

## Credits

Developed by 602TechSec - [https://sec.602.tech/](https://sec.602.tech/)
Quick Actions
Download Plugin Back to Libraries API Documentation
Installation
  1. Download the plugin ZIP
  2. Go to WordPress Admin > Plugins > Add New
  3. Click "Upload Plugin"
  4. Select the ZIP file
  5. Click "Install Now" then "Activate"
  6. Configure with your API key
Features
  • Real-time protection
  • Activity logging
  • Statistics dashboard
  • Embedded widget
  • Multiple block modes
  • Flexible whitelisting

© 2026 - 602TechSec Security Platform | Request ID: 8DE64EA5EBEE7B5 | Processed: 2026-02-05 19:11:30 UTC

Secured by 602TechSec | API Docs