One Security Platform for Every WordPress Site You Manage
WPArmor gives freelancers, agencies, and site owners a reliable way to protect WordPress sites without constant babysitting. The free version covers the essentials, while WPArmor Pro adds centralized management, advanced detection, and reporting tools designed for professional workflows.
Everything is built to save time, reduce risk, and keep your sites secure by default.
Web Application Firewall (WAF)
WPArmor blocks malicious requests before WordPress even loads, stopping common attack techniques such as SQL injection, cross-site scripting, directory traversal, and dangerous file uploads. It also protects high-risk endpoints like XML-RPC and the REST API, reducing attack surface while saving server resources through early blocking.
Smart Rate Limiting
Control how often visitors can interact with your site. WPArmor automatically limits excessive requests, prevents brute-force login attempts, restricts registrations and comments, and detects aggressive traffic patterns. This keeps your site fast and available, even during attacks or traffic spikes.
Bot Detection & Management
WPArmor identifies bots using multiple verification layers. It analyzes user agents, verifies trusted crawlers like Google and Bing, deploys honeypot fields to trap automated submissions, and uses JavaScript checks to filter out non-human traffic. Fake browsers and known malicious bot signatures are blocked automatically.
Login Protection
Protect your WordPress login with progressive lockouts, full attempt logging, and optional security upgrades. Enable email-based two-factor authentication, enforce strong passwords, add CAPTCHA challenges, or hide the default login URL to significantly reduce unauthorized access attempts.
One-Click Email Actions
When WPArmor detects suspicious activity, it sends an alert email with secure action links. From anywhere, you can instantly block a threat, apply stricter rate limits, or whitelist trusted traffic without logging into WordPress. Links are cryptographically signed, expire within 24 hours, and are perfect for quick responses on the go.
IP & Country Management
Manually block or allow IP addresses, apply basic country-based rules, and create temporary blocks that expire automatically. This gives you fine-grained control over who can access your site without constant maintenance.
Security Dashboard
Protect your WordPress login with progressive lockouts, full attempt logging, and optional security upgrades. Enable email-based two-factor authentication, enforce strong passwords, add CAPTCHA challenges, or hide the default login URL to significantly reduce unauthorized access attempts.
WordPress Hardening
Lock down common WordPress weaknesses with a single click. Disable the file editor, hide WordPress version information, prevent author enumeration, and apply security headers to reduce information leakage and exploitation risks.
Threat Intelligence Integrations
Optionally connect WPArmor to trusted external databases like AbuseIPDB, StopForumSpam, Project Honeypot, and GreyNoise. Using your own API keys, WPArmor can enhance detection accuracy with real-world threat data.
WPArmor Pro. Advanced Protection Without Compromise.
WPArmor Pro builds on the free foundation with deeper detection, smarter automation, and tools designed for serious WordPress users. From advanced firewall rules and machine-learning driven bot protection to centralized site management and professional reporting, Pro gives you full control over your security at scale.
Advanced Web Application Firewall
WPArmor Pro extends the firewall with real-time rule updates delivered from WPArmor servers. It supports custom rules via a visual editor, virtual patching for vulnerable plugins, deeper request inspection, and machine-learning enhanced SQL injection detection to stop zero-day attacks before they spread.
Advanced Bot Protection
Detect sophisticated bots using browser fingerprinting, TLS and JA3 analysis, and headless browser detection. WPArmor Pro combines behavioral analysis, JavaScript proof-of-work challenges, and optional CAPTCHA integrations to block automation tools that bypass traditional protections.
Central Management Dashboard (Cloud)
Manage unlimited WordPress sites from a single cloud-based dashboard. View aggregated analytics, sync blocklists automatically, share threat intelligence across sites, push settings in bulk, and give team members role-based access. The dashboard can also be white-labeled for client use.
Advanced Analytics & Reporting
Unlock unlimited log retention and deeper insights into attacks and traffic patterns. WPArmor Pro provides advanced visualizations, heatmaps, automated reports, and branded PDF exports, with real-time alerts delivered via Slack or webhooks.
Malware Scanning & Cleanup
Scan your site on demand or on a schedule for malware, suspicious files, and database infections. WPArmor Pro monitors file integrity, alerts you to unexpected changes, and includes one-click cleanup and post-hack recovery tools to get your site back online fast.
File Integrity Monitoring
Track changes to WordPress core files, themes, and plugins in real time. WPArmor Pro alerts you when files are modified, added, or deleted unexpectedly, helping you detect compromises early and respond before damage spreads.
Developer & Automation Tools
WPArmor Pro includes full REST API access, webhooks for external integrations, complete WP-CLI support, and extensibility through custom hooks and filters. Settings can be imported or exported easily, making it ideal for advanced workflows and CI/CD pipelines.
Machine Learning Threat Detection
Go beyond static rules with adaptive, machine-learning based detection. WPArmor Pro continuously improves its ability to recognize evolving attack patterns, reducing false positives while catching new and unknown threats.