14 free modules. 13 Pro modules. One plugin. No juggling five different tools to cover your entire security stack.
Download UltraGuard from our site and get a real WAF, a 10-layer malware scanner, login protection, and live monitoring — free, with no time limit.
8-layer WAF: IP/CIDR controls, sliding-window rate limiting, geo-blocking, bot detection, OWASP pattern matching (SQLi, XSS, RFI, RCE, LFI and more), auto-ban, and reputation feed integration.
MD5 hash matching, PHP heuristics, obfuscation detection, polymorphic patterns, supply-chain droppers, JS threats, HTML injection, WordPress core integrity, high-entropy strings, vulnerability detection.
Brute-force lockout with configurable thresholds, temporary and permanent IP bans, session management, real-time lockout notifications, and login URL obfuscation.
One-click hardening: disable XML-RPC, remove version exposure, protect sensitive files. No manual file editing required.
Real-time request feed via Server-Sent Events. Threat classification, geo hints, user-agent details, and one-click block action with no polling overhead.
Full suite: CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy with live preview.
Full activity trail — logins, failed attempts, settings changes, plugin events. Searchable, filterable, and exportable.
Automated WordPress core, plugin, and theme updates with configurable scheduling, per-item exclude lists, and rollback hooks.
Visual editor with a template library for Apache security rules. Safe preview and rollback without leaving wp-admin.
Email, webhook, and Slack alerts. Configure delivery independently per event type.
WordPress core integrity verified against official api.wordpress.org checksums. Supply-chain dropper detection. High-entropy string analysis for encoded payloads. This is the deepest on-server scan available as a free WordPress plugin.
Upgrade for vulnerability scanning with virtual patching, database security, passkey auth, WooCommerce protection, and compliance reporting.
WebAuthn passkeys and TOTP two-factor. Per-role enforcement, grace periods, backup codes, self-enrollment.
CVE detection via WPScan & Patchstack with Virtual WAF Patching — block unpatched exploits instantly.
Scan every DB table for SEO spam, pharma hacks, eval injections, hidden iframes, and backdoors.
Instant alerts when any tracked file is created, modified, or deleted.
Cloud-synced hostile IP feeds integrated with your WAF in real time.
Checkout rules, JS skimmer detection, WooCommerce-aware event logging.
Continuous domain and IP monitoring against major blacklist providers.
Site availability, response time, and SSL certificate health with expiry alerts.
Downloadable evidence for GDPR, PCI-DSS, ISO 27001, and SOC 2 audits.
Route-level access controls, API key enforcement, per-endpoint rate limiting.
Full namespace separation — zero procedural globals.
Every module receives the container via constructor — safe to extend.
Real-time data delivery without polling overhead.
Granular key-based invalidation prevents redundant reads.
Full network activation in the free tier.
Dozens of action/filter hooks including ultraguard_pro_init.
Start with 14 free protection modules from the UltraGuard download page. No account required.