Frequently asked questions

UltraGuard is an all-in-one WordPress security plugin covering firewall, malware scanning, login protection, 2FA, live traffic monitoring, security headers, audit logging, and more — all in a single plugin available free from UltraGuard.net.

No. The free version includes 14 full security modules including the complete WAF, 10-layer antivirus scanner, login protection, live traffic monitor, and security headers. No credit card required.

Download the ZIP from the UltraGuard download page, then go to Plugins → Add New → Upload Plugin in your WordPress admin. Activate it, and the onboarding wizard will guide you through setup in a few minutes.

UltraGuard requires WordPress 5.6+ and PHP 8.1+. It works on any host that meets these requirements and supports the json, curl, and openssl PHP extensions.

Yes. The complete 8-layer Web Application Firewall — including OWASP attack pattern matching, geo-blocking, rate limiting, and bot detection — is fully included in the free version.

No. The firewall runs at the earliest possible WordPress hook. The dashboard uses Server-Sent Events instead of polling. A granular DB query cache prevents redundant reads. The overhead on most hosts is not measurable.

Ten independent layers: MD5 hash matching against known signatures, PHP heuristics (web shells, eval+base64), obfuscation detection, polymorphic patterns, supply-chain droppers, JS threats (crypto miners, skimmers), HTML injection, WordPress core integrity via api.wordpress.org, high-entropy string analysis, and vulnerability detection.

Generally no — running two WAF-level plugins simultaneously can cause conflicting firewall rules and unexpected blocks. UltraGuard is designed as a full-stack solution so additional security plugins are not needed.

Pro unlocks: passkey & TOTP 2FA, vulnerability scanner with virtual WAF patching, database scanner, file integrity monitoring, IP threat intelligence feeds, WooCommerce security mode, blacklist monitoring, uptime & SSL monitoring, compliance reports (GDPR/PCI-DSS/ISO 27001/SOC 2), and REST API/XML-RPC controls.

When the vulnerability scanner detects an unpatched CVE in a plugin or theme, Virtual WAF Patching automatically deploys a targeted firewall rule that blocks exploitation of that specific vulnerability — even before you update the affected software.

Yes. WooCommerce Security Mode adds checkout-specific firewall rules, real-time JavaScript skimmer detection to protect payment fields, secure store headers, and WooCommerce-aware event logging.

Yes. UltraGuard Pro generates downloadable security evidence reports from your actual scan and event data. Suitable for GDPR, PCI-DSS, ISO 27001, and SOC 2 audit requirements.

Navigate to UltraGuard → License & Upgrade Center in your WordPress admin and enter your license key and email. The plugin validates the key with the UltraGuard server and unlocks Pro modules immediately.

Single-site and agency licenses are available. UltraGuard Pro is $149 per year for one site, and Agency is $399 per year for up to 20 sites.

Please review the refund policy page for full terms. We aim to handle refund requests fairly and promptly.

PHP 8.1 or higher. UltraGuard is actively tested on PHP 8.1, 8.2, and 8.3. It uses typed properties, named arguments, match expressions, and other modern PHP features.

Yes. Full native WordPress Multisite/Network support is included in the free tier. Network activation is supported.

All scan results, quarantine records, and malware signatures are stored in your own WordPress database. No file content is transmitted externally unless you explicitly opt in to cloud-assisted features.

UltraGuard optionally communicates with ultraguard.net to synchronise threat intelligence feeds and validate Pro licenses. This can be reviewed in Server Intelligence module settings. No personally identifiable data is transmitted without explicit configuration.