WordPress Firewall

$10/month per site

Protect WordPress from XSS, SQL injection, and command injection attacks with ModSecurity's advanced Web Application Firewall (WAF) engine and the OWASP ModSecurity Core Rule Set (CRS).

Get started with free WordPress brute force protection →

Installation and Server Requirements

To use HeatShield, you must first install the HeatShield agent on your server.

The HeatShield agent requires Ubuntu 14.04, 16.04, 18.04, or 20.04.

If you use ServerPilot, the HeatShield agent is already installed on your server.

Instructions for installing the WordPress plugin are available in your HeatShield account.

Optional: Free SSH Brute Force Login Protection

SSH brute force login protection is available as an additional layer of security for your servers.

You do not need to use SSH brute force protection to use the WordPress Firewall.

Advanced security for your WordPress sites