Solid Security

List of Solid Security Pro Action Hooks

Action hooks trigger custom functions at specific points in Solid Security Pro’s workflows—for example, after a site scan completes or when a user fails a login. Use these actions to integrate external systems, automate responses, or extend behavior without modifying plugin code.

Usage example:

add_action( 'itsec_new_banned_ip', function ( $ip, $context ) {
    // Send to SIEM, Slack, or trigger a firewall rule.
}, 10, 2 );

Action Hooks

it_libraries_loaded

Summary: Action fires in the it libraries workflow (loaded).

Defined in: lib/updater/load.php:45, lib/icon-fonts/load.php:47

Source:
  do_action( 'it_libraries_loaded' );
      
ithemes_updater_register

Summary: Action fires for updater register.

Arguments:
  • $this

Defined in: lib/updater/settings.php:83

Source:
  do_action( 'ithemes_updater_register', $this );
      
ithemes_updater_settings_page_index

Summary: Action fires in the updater settings workflow (page index).

Defined in: lib/updater/admin.php:211

Source:
  do_action( 'ithemes_updater_settings_page_index' );
      
itsec-file-change-end-hash-comparisons

Summary: Action fires in the file change workflow (end hash comparisons).

Defined in: core/modules/file-change/scanner.php:749

Source:
  do_action( 'itsec-file-change-end-hash-comparisons' );
      
itsec-file-change-end-scan

Summary: Action fires in the file change workflow (end scan).

Defined in: core/modules/file-change/lib/chunk-scanner.php:87

Source:
  do_action( 'itsec-file-change-end-scan' );
      
itsec-file-change-start-hash-comparisons

Summary: Action fires in the file change workflow (start hash comparisons).

Defined in: core/modules/file-change/scanner.php:676

Source:
  do_action( 'itsec-file-change-start-hash-comparisons' );
      
itsec-file-change-start-scan

Summary: Action fires in the file change workflow (start scan).

Defined in: core/modules/file-change/lib/chunk-scanner.php:85

Source:
  do_action( 'itsec-file-change-start-scan' );
      
itsec-handle-failed-login

Summary: Action fires in the handle failed workflow (login).

Arguments:
  • $username
  • $details

Defined in: core/lib.php:652

Source:
  do_action( 'itsec-handle-failed-login', $username, $details );
      
itsec-lib-clear-caches

Summary: Action fires in the lib clear workflow (caches).

Defined in: core/lib.php:49

Source:
  do_action( 'itsec-lib-clear-caches' );
      
itsec-logs-page-init

Summary: Action fires in the logs page workflow (init).

Defined in: core/admin-pages/page-logs.php:22

Source:
  do_action( 'itsec-logs-page-init' );
      
itsec-logs-page-register-widget

Summary: Action fires in the logs page workflow (register widget).

Arguments:
  • $this

Defined in: core/admin-pages/sidebar-widget.php:118

Source:
  do_action( 'itsec-logs-page-register-widget', $this );
      
itsec-logs-page-register-widgets

Summary: Action fires in the logs page workflow (register widgets).

Defined in: core/admin-pages/page-logs.php:23

Source:
  do_action( 'itsec-logs-page-register-widgets' );
      
itsec-page-ajax

Summary: Action fires for page ajax.

Defined in: core/admin-pages/init.php:148

Source:
  do_action( 'itsec-page-ajax' );
      
itsec-page-show

Summary: Action fires for page show.

Arguments:
  • $url

Defined in: core/admin-pages/init.php:142

Source:
  do_action( 'itsec-page-show', $url );
      
itsec-register-modules

Summary: Action fires for register modules.

Defined in: core/modules.php:829

Source:
  do_action( 'itsec-register-modules' );
      
itsec-security-check-after-default-checks

Summary: Action fires in the security check workflow (after default checks).

Arguments:
  • self::$feedback
  • self::$available_modules

Defined in: core/modules/security-check/scanner.php:101

Source:
  do_action( 'itsec-security-check-after-default-checks', self::$feedback, self::$available_modules );
      
itsec-security-check-before-default-checks

Summary: Action fires in the security check workflow (before default checks).

Arguments:
  • self::$feedback
  • self::$available_modules

Defined in: core/modules/security-check/scanner.php:49

Source:
  do_action( 'itsec-security-check-before-default-checks', self::$feedback, self::$available_modules );
      
itsec-settings-page-init

Summary: Action fires in the settings page workflow (init).

Defined in: core/admin-pages/page-settings.php:46

Source:
  do_action( 'itsec-settings-page-init' );
      
itsec-settings-page-register-module

Summary: Action fires in the settings page workflow (register module).

Arguments:
  • $this

Defined in: core/deprecated/module-settings.php:172

Source:
  do_action( 'itsec-settings-page-register-module', $this );
      
itsec-settings-page-register-widget

Summary: Action fires in the settings page workflow (register widget).

Arguments:
  • $this

Defined in: core/admin-pages/sidebar-widget.php:117

Source:
  do_action( 'itsec-settings-page-register-widget', $this );
      
itsec-settings-updated

Summary: Action fires for settings updated.

Arguments:
  • $this->get_id()

Defined in: core/lib/settings.php:299

Source:
  do_action( 'itsec-settings-updated', $this->get_id() );
      
itsec-two-factor-successful-authentication

Summary: Action fires in the two factor workflow (successful authentication).

Arguments:
  • $user_id
  • $provider_class
  • $post_data

Defined in: core/modules/two-factor/class-itsec-two-factor-interstitial.php:214

Source:
  do_action( 'itsec-two-factor-successful-authentication', $user_id, $provider_class, $post_data );
      
itsec_after_import

Summary: Fires after an import completes.

Arguments:
  • $data (array)

Defined in: pro/import-export/importer.php:92

Source:
  do_action( 'itsec_after_import', $data );
      
itsec_before_import

Summary: Fires before the import starts.

Arguments:
  • $data (array)

Defined in: pro/import-export/importer.php:58

Source:
  do_action( 'itsec_before_import', $data );
      
itsec_change_admin_user_id

Summary: Fires when the admin user with id of #1 has been changed.

Arguments:
  • $new_user (int) — The new user's ID.
  • $user (WP_User) — The old user object.

Defined in: core/modules/admin-user/active.php:108

Source:
  do_action( 'itsec_change_admin_user_id', $new_user, $user );
      
itsec_create_user_group

Summary: Fires when a user group is created.

Arguments:
  • $user_group (User_Group)
  • $args (array)

Defined in: core/modules/user-groups/Repository/DB_Repository.php:78, core/modules/user-groups/Repository/In_Memory_Repository.php:52

Source:
  do_action( 'itsec_create_user_group', $user_group, $args );
      
itsec_custom_login_slug

Summary: Action fires in the custom login workflow (slug).

Defined in: core/modules/hide-backend/class-itsec-hide-backend.php:130

Source:
  do_action( 'itsec_custom_login_slug' );
      
itsec_dashboard_enqueue_scripts

Summary: Action fires in the dashboard enqueue workflow (scripts).

Defined in: core/admin-pages/page-dashboard.php:93

Source:
  do_action( 'itsec_dashboard_enqueue_scripts' );
      
itsec_debug_module_request_{$module}

Summary: Fires when an ajax request is being made to a module. At some point this will probably be replaced by a more thought-out framework, but this hook will probably power it. The dynamic portion of this hook, {$module}, refers to the module name. For example, 'notification-center'.

Arguments:
  • $data (array)

Defined in: core/admin-pages/page-debug.php:78

Source:
  do_action( "itsec_debug_module_request_{$module}", $_POST['data'] );
      
itsec_debug_page

Summary: Action fires for debug page.

Defined in: core/admin-pages/page-debug.php:210

Source:
  do_action( 'itsec_debug_page' );
      
itsec_debug_page_enqueue

Summary: Action fires in the debug page workflow (enqueue).

Defined in: core/admin-pages/page-debug.php:37

Source:
  do_action( 'itsec_debug_page_enqueue' );
      
itsec_encryption_rotate_user_keys

Summary: Fires when an encryption key is being rotated.

Arguments:
  • $rotator (User_Key_Rotator)
  • $result (Result)

Defined in: core/lib/class-itsec-lib-encryption.php:235

Source:
  do_action( 'itsec_encryption_rotate_user_keys', $rotator, $result );
      
itsec_enqueue_profile

Summary: Fires when scripts are enqueued for the User Profile JS code.

Arguments:
  • $user (WP_User)

Defined in: core/modules/core/class-itsec-core-active.php:319, core/admin-pages/init.php:227

Source:
  do_action( 'itsec_enqueue_profile', wp_get_current_user() );
      
  do_action( 'itsec_enqueue_profile', $user );
      
itsec_failed_recaptcha

Summary: Fires when a user fails the reCAPTCHA test.

Arguments:
  • $error (WP_Error)
  • $args (array)

Defined in: pro/recaptcha/class-itsec-recaptcha.php:483

Source:
  do_action( 'itsec_failed_recaptcha', $error, $args );
      
itsec_fingerprint_created

Summary: Fires when a fingerprint is created.

Arguments:
  • $this (ITSEC_Fingerprint)

Defined in: core/lib/fingerprinting/class-itsec-fingerprint.php:485

Source:
  do_action( 'itsec_fingerprint_created', $this );
      
itsec_fingerprint_{$action}

Summary: Fires when the fingerprint is saved.

Arguments:
  • $this (ITSEC_Fingerprint)
  • $action (string)

Defined in: core/lib/fingerprinting/class-itsec-fingerprint.php:489, core/lib/fingerprinting/class-itsec-fingerprint.php:556

Source:
  do_action( "itsec_fingerprint_{$action}", $this, $action );
      
  do_action_ref_array( "itsec_fingerprint_{$action}", $args );
      
itsec_firewall_deleted_rule

Summary: Fires when a firewall rule is deleted.

Arguments:
  • $rule (Rule)

Defined in: core/modules/firewall/Rules/Repository.php:149

Source:
  do_action( 'itsec_firewall_deleted_rule', $rule );
      
itsec_firewall_saved_rule

Summary: Fires when a firewall rule is saved.

Arguments:
  • $rule (Rule)

Defined in: core/modules/firewall/Rules/Repository.php:118

Source:
  do_action( 'itsec_firewall_saved_rule', $rule );
      
itsec_initialize_login_interstitial_session_from_global_state

Summary: Action fires in the initialize login workflow (interstitial session from global state).

Arguments:
  • $this

Defined in: core/lib/login-interstitial/class-itsec-login-interstitial-session.php:451

Source:
  do_action( 'itsec_initialize_login_interstitial_session_from_global_state', $this );
      
itsec_initialized

Summary: Action fires on initialized.

Defined in: core/core.php:255

Source:
  do_action( 'itsec_initialized' );
      
itsec_install_schema

Summary: Fires when the DB schema is installed or updated.

Arguments:
  • $wp_error (WP_Error)

Defined in: core/lib/schema.php:290

Source:
  do_action( 'itsec_install_schema', $wp_error );
      
itsec_lib_delete_file

Summary: Fires when Solid Security removes a managed file.

Arguments:
  • $file (string)

Defined in: core/lib/class-itsec-lib-file.php:279

Source:
  do_action( 'itsec_lib_delete_file', $file );
      
itsec_lib_write_to_file

Summary: Fires when Solid Security writes to a managed file.

Arguments:
  • $file (string) — The path to the file.
  • $contents (string) — The contents written.

Defined in: core/lib/class-itsec-lib-file.php:223

Source:
  do_action( 'itsec_lib_write_to_file', $file, $contents );
      
itsec_load_file_change_scanner

Summary: Action fires in the load file workflow (change scanner).

Defined in: core/modules/file-change/scanner.php:19

Source:
  do_action( 'itsec_load_file_change_scanner' );
      
itsec_lockout_template_before_actions

Summary: Action fires in the lockout template workflow (before actions).

Arguments:
  • $context

Defined in: core/templates/lockout/lockout.php:30

Source:
  do_action( 'itsec_lockout_template_before_actions', $context );
      
itsec_log_add

Summary: Action fires for log add.

Arguments:
  • $data
  • $id
  • $log_type

Defined in: core/lib/log.php:110

Source:
  do_action( 'itsec_log_add', $data, $id, $log_type );
      
itsec_login_interstitial_async_action_confirmation_before_confirm

Summary: Action fires in the login interstitial workflow (async action confirmation before confirm).

Arguments:
  • $session
  • $action

Defined in: core/lib/class-itsec-lib-login-interstitial.php:837

Source:
  do_action( 'itsec_login_interstitial_async_action_confirmation_before_confirm', $session, $action );
      
itsec_login_interstitial_init

Summary: Fires when the Login Interstitial framework is initialized.

Arguments:
  • $this

Defined in: core/lib/class-itsec-lib-login-interstitial.php:51

Source:
  do_action( 'itsec_login_interstitial_init', $this );
      
itsec_login_interstitial_initialize_same_browser

Summary: Fires when the login interstitial initializes the Same Browser API for async actions.

Arguments:
  • $session (ITSEC_Login_Interstitial_Session)

Defined in: core/lib/class-itsec-lib-login-interstitial.php:239

Source:
  do_action( 'itsec_login_interstitial_initialize_same_browser', $session );
      
itsec_login_interstitial_logged_in

Summary: Fires when a user is re-logged back in after submitting an interstitial.

Arguments:
  • $user (WP_User)

Defined in: core/lib/class-itsec-lib-login-interstitial.php:936

Source:
  do_action( 'itsec_login_interstitial_logged_in', $user );
      
itsec_login_with_fingerprint

Summary: Fires when a user logs in after the fingerprint has been determined.

Arguments:
  • $fingerprint (ITSEC_Fingerprint)
  • $user (WP_User)

Defined in: pro/fingerprinting/class-itsec-fingerprinting.php:179

Source:
  do_action( 'itsec_login_with_fingerprint', $fingerprint, $user );
      
itsec_modules_do_plugin_activation

Summary: Action fires in the modules do workflow (plugin activation).

Defined in: core/modules.php:877

Source:
  do_action( 'itsec_modules_do_plugin_activation' );
      
itsec_modules_do_plugin_deactivation

Summary: Action fires in the modules do workflow (plugin deactivation).

Defined in: core/modules.php:886

Source:
  do_action( 'itsec_modules_do_plugin_deactivation' );
      
itsec_modules_do_plugin_uninstall

Summary: Action fires in the modules do workflow (plugin uninstall).

Defined in: core/modules.php:895

Source:
  do_action( 'itsec_modules_do_plugin_uninstall' );
      
itsec_modules_do_plugin_upgrade

Summary: Action fires in the modules do workflow (plugin upgrade).

Arguments:
  • $old_version
  • $new_version

Defined in: core/modules.php:907

Source:
  do_action( 'itsec_modules_do_plugin_upgrade', $old_version, $new_version );
      
itsec_new_banned_ip

Summary: Fires when a new IP has been banned. This is primarily used by the Ban Users module.

Arguments:
  • $ip (string) — The IP address.
  • $context (LockoutContext|null) — The lockout context that caused the ban.

Defined in: core/lockout.php:1117

Source:
  do_action( 'itsec_new_banned_ip', $ip, $context );
      
itsec_notification_center_continue_upgrade

Summary: Action fires in the notification center workflow (continue upgrade).

Arguments:
  • $this->old_version

Defined in: core/modules/notification-center/setup.php:152

Source:
  do_action( 'itsec_notification_center_continue_upgrade', $this->old_version );
      
itsec_notification_center_notification_disabled

Summary: Action fires in the notification center workflow (notification disabled).

Arguments:
  • $slug

Defined in: core/modules/notification-center/settings.php:64

Source:
  do_action( 'itsec_notification_center_notification_disabled', $slug );
      
itsec_notification_center_notification_enabled

Summary: Action fires in the notification center workflow (notification enabled).

Arguments:
  • $slug

Defined in: core/modules/notification-center/settings.php:61

Source:
  do_action( 'itsec_notification_center_notification_enabled', $slug );
      
itsec_notification_center_{$slug}_notification_disabled

Summary: Action fires in the notification center workflow ({$slug} notification disabled).

Arguments:
  • $slug

Defined in: core/modules/notification-center/settings.php:63

Source:
  do_action( "itsec_notification_center_{$slug}_notification_disabled", $slug );
      
itsec_notification_center_{$slug}_notification_enabled

Summary: Action fires in the notification center workflow ({$slug} notification enabled).

Arguments:
  • $slug

Defined in: core/modules/notification-center/settings.php:60

Source:
  do_action( "itsec_notification_center_{$slug}_notification_enabled", $slug );
      
itsec_password_requirements_change_form

Summary: Action fires in the password requirements workflow (change form).

Arguments:
  • $user

Defined in: core/modules/password-requirements/class-itsec-password-requirements.php:423

Source:
  do_action( 'itsec_password_requirements_change_form', $user );
      
itsec_passwordless_login_enqueue_profile_scripts

Summary: Action fires in the passwordless login workflow (enqueue profile scripts).

Arguments:
  • $user

Defined in: pro/passwordless-login/class-passwordless-login.php:138

Source:
  do_action( 'itsec_passwordless_login_enqueue_profile_scripts', $user );
      
itsec_passwordless_login_initialize_interstitial

Summary: Fires when the Passwordless Login interstitial session is initialized.

Arguments:
  • $session (ITSEC_Login_Interstitial_Session)
  • $args (array)

Defined in: pro/passwordless-login/class-passwordless-login-utilities.php:408

Source:
  do_action( 'itsec_passwordless_login_initialize_interstitial', $session, $args );
      
itsec_prepare_dashboard_response

Summary: Fires when the response for a Security Dashboard is being prepared for the REST API.

Arguments:
  • $response (WP_REST_Response)
  • $item (WP_Post)
  • $request (WP_REST_Request)

Defined in: core/modules/dashboard/rest/class-itsec-rest-dashboard-dashboards-controller.php:309

Source:
  do_action( 'itsec_prepare_dashboard_response', $response, $item, $request );
      
itsec_recaptcha_api_ready

Summary: Fires when the Recaptcha API is ready to be used.

Defined in: pro/recaptcha/API.php:32

Source:
  do_action( 'itsec_recaptcha_api_ready' );
      
itsec_register_highlighted_logs

Summary: Action fires in the register highlighted workflow (logs).

Defined in: core/lib/class-itsec-lib-highlighted-logs.php:169

Source:
  do_action( 'itsec_register_highlighted_logs' );
      
itsec_register_password_requirements

Summary: Fires when password requirements should be registered.

Defined in: core/lib/class-itsec-lib-password-requirements.php:27

Source:
  do_action( 'itsec_register_password_requirements' );
      
itsec_register_tools

Summary: Fires when tools should be registered.

Arguments:
  • $registry (Tools_Registry)

Defined in: core/lib/tools/Tools_Runner.php:35

Source:
  do_action( 'itsec_register_tools', $this->registry );
      
itsec_register_user_group_settings

Summary: Action fires in the register user workflow (group settings).

Arguments:
  • $this->settings_registry

Defined in: core/modules/user-groups/Module/Module.php:79

Source:
  do_action( 'itsec_register_user_group_settings', $this->settings_registry );
      
itsec_requirements_error

Summary: Fires when a requirements error is encountered.

Arguments:
  • $error (WP_Error)

Defined in: core/lib.php:2632

Source:
  do_action( 'itsec_requirements_error', $error );
      
itsec_scheduled_{$job->get_id()}

Summary: Fires when a scheduled job should be executed.

Arguments:
  • $job (ITSEC_Job)

Defined in: core/lib/class-itsec-scheduler.php:388

Source:
  do_action( "itsec_scheduled_{$job->get_id()}", $job );
      
itsec_scheduler_register_events

Summary: Register scheduled events. Events should be registered in response to a user action, for example activating a module or changing a setting. Occasionally, Solid Security will manually ask for all events to be scheduled.

Arguments:
  • $this (ITSEC_Scheduler)

Defined in: core/lib/class-itsec-scheduler.php:224

Source:
  do_action( 'itsec_scheduler_register_events', $this );
      
itsec_security_digest_attach_additional_info

Summary: Fires when additional info should be attached to the Security Digest.

Arguments:
  • $mail (ITSEC_Mail)
  • $data_proxy (ITSEC_Notify_Data_Proxy)
  • $last_sent (int)

Defined in: core/notify.php:181

Source:
  do_action( 'itsec_security_digest_attach_additional_info', $mail, $data_proxy, $last_sent );
      
itsec_security_digest_before

Summary: Fires before the main content of the Security Digest is added.

Arguments:
  • $mail (ITSEC_Mail)
  • $data_proxy (ITSEC_Notify_Data_Proxy)
  • $last_sent (int)

Defined in: core/notify.php:144

Source:
  do_action( 'itsec_security_digest_before', $mail, $data_proxy, $last_sent );
      
itsec_site_scanner_scan_complete

Summary: Fires after a site scan has completed.

Arguments:
  • $scan (Scan)
  • $site_id (int)
  • $cached (bool)

Defined in: core/modules/site-scanner/api.php:87

Source:
  do_action( 'itsec_site_scanner_scan_complete', $scan, $site_id, $cached );
      
itsec_software_vulnerabilities_changed

Summary: Fires when the detected software vulnerabilities have changed.

Arguments:
  • $vulnerabilities (array) — The new vulnerabilities set.
  • $existing (array) — The existing vulnerabilities.

Defined in: core/modules/site-scanner/class-itsec-site-scanner.php:179

Source:
  do_action( 'itsec_software_vulnerabilities_changed', $vulnerabilities, $existing );
      
itsec_two_factor_interstitial_after_auth_page

Summary: Action fires in the two factor workflow (interstitial after auth page).

Arguments:
  • $provider
  • $session
  • $args

Defined in: core/modules/two-factor/class-itsec-two-factor-interstitial.php:71

Source:
  do_action( 'itsec_two_factor_interstitial_after_auth_page', $provider, $session, $args );
      
itsec_two_factor_interstitial_pre_render

Summary: Action fires in the two factor workflow (interstitial pre render).

Arguments:
  • $session
  • $provider

Defined in: core/modules/two-factor/class-itsec-two-factor-interstitial.php:106

Source:
  do_action( 'itsec_two_factor_interstitial_pre_render', $session, $provider );
      
itsec_two_factor_override

Summary: Action fires in the two factor workflow (override).

Arguments:
  • $user
  • compact( 'override_expires' )

Defined in: core/modules/two-factor/sync-verbs/itsec-override-two-factor-user.php:50

Source:
  do_action( 'itsec_two_factor_override', $user, compact( 'override_expires' ) );
      
itsec_update_user_group

Summary: Fires when a user group is updated.

Arguments:
  • $user_group (User_Group)
  • $args (array)

Defined in: core/modules/user-groups/Repository/DB_Repository.php:88, core/modules/user-groups/Repository/In_Memory_Repository.php:61

Source:
  do_action( 'itsec_update_user_group', $user_group, $args );
      
itsec_user_action_{$action}

Summary: Fires when a user action should be processed. The dynamic portion of this hook $action refers to the action slug that should be applied.

Arguments:
  • $user (WP_User)
  • $actioned_by (WP_User)
  • $args (mixed)

Defined in: core/lib/User_Actions_Background_Process.php:58

Source:
  do_action( "itsec_user_action_{$action}", $user, $actioned_by, $args );
      
itsec_validate_password

Summary: Fires when modules should validate a password according to their rules.

Arguments:
  • $error (WP_Error)
  • $user (WP_User|stdClass)
  • $new_password (string)
  • $args (array)

Defined in: core/lib/class-itsec-lib-password-requirements.php:202

Source:
  do_action( 'itsec_validate_password', $error, $user, $new_password, $args );
      
itsec_vulnerability_not_seen

Summary: Fires if a vulnerability was not seen in the latest Site Scan.

Arguments:
  • $vulnerability (Vulnerability)

Defined in: core/modules/site-scanner/class-itsec-site-scanner.php:162, core/modules/site-scanner/class-itsec-site-scanner.php:256, core/modules/site-scanner/class-itsec-site-scanner.php:298, core/modules/site-scanner/class-itsec-site-scanner.php:333, core/modules/site-scanner/class-itsec-site-scanner.php:371

Source:
  do_action( 'itsec_vulnerability_not_seen', $vulnerability );
      
itsec_vulnerability_was_seen

Summary: Fires when a vulnerability has been seen.

Arguments:
  • $model (Vulnerability)
  • $issue (Vulnerability_Issue)

Defined in: core/modules/site-scanner/class-itsec-site-scanner.php:119, core/modules/site-scanner/class-itsec-site-scanner.php:221

Source:
  do_action( 'itsec_vulnerability_was_seen', $model, $issue );
      
  do_action( 'itsec_vulnerability_was_seen', $vulnerability, $vulnerability->as_issue() );
      

Filed under Solid Security
Last updated: September 24, 2025
Was this page helpful?
Thanks for the feedback!