Free download on UltraGuard.net  ·  27 Modules  ·  PHP 8.1+

Total WordPress
Security. Zero Compromise.

Enterprise-grade protection in one free plugin — a real WAF, a 10-layer malware scanner, passkey authentication, live traffic monitoring, and compliance reporting.

↓  Download Free Explore Features →
✓ Free core forever ✓ OWASP-aligned WAF ✓ No data sold ✓ GPL v2 ✓ 2-min install
ultraguard.net — Dashboard
Security dashboard overview
WAF Active — 0 threats today
🔬 Last scan: Clean
27
Modules
10
Antivirus Layers
8
WAF Layers
PHP 8
Architecture

Trusted by WordPress developers, agencies & store owners

WooCommerce
Elementor
WPForms
Yoast
Jetpack
GravityForms
The Reality

WordPress sites are attacked every day. Most owners don't know until it's too late.

Automated bots probe every WordPress installation around the clock — testing known vulnerabilities, weak credentials, and unpatched plugins. A compromised site means lost revenue, blacklisted domains, and customers who never return.

Protect My Site — Free
UltraGuard · Live Traffic Monitor ● Live
BLOCKED185.220.101.47SQLi · wp-login
BLOCKED91.108.4.182Brute Force
CLEAN62.21.94.11GET /shop/
BLOCKED194.165.16.8XSS Attempt
RATE45.33.32.156Excessive POST
BLOCKED103.21.58.92Path Traversal
CLEAN72.44.78.13GET /checkout/
Real-time SSE Stream WAF Active
Free Forever · No Credit Card

Everything you need to protect your site,
completely free

Most security plugins lock their best features behind expensive plans. UltraGuard ships its entire core — WAF, malware scanner, login protection — free with no time limit.

Web Application Firewall

8 detection layers — OWASP patterns, geo-blocking, rate limiting, bot detection, auto-ban.

10-Layer Antivirus Scanner

MD5 hashes, PHP heuristics, JS threats, core integrity via api.wordpress.org.

Login Protection

Brute-force lockout, URL obfuscation, IP bans, session management.

WordPress Hardening

One-click: disable XML-RPC, remove version exposure, protect sensitive files.

Live Traffic Monitor

Real-time SSE request feed — threat labels, geo hints, one-click blocking.

Security Headers

CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy.

Audit Log

Full activity trail — logins, failures, settings changes. Exportable.

Auto Updater

Automated core, plugin, theme updates with scheduling and rollback.

.htaccess Manager

Visual editor with template library and safe rollback.

Notifications

Email, webhook, and Slack alerts per event type.

↓  Download Free

Takes under 2 minutes. Onboarding wizard launches automatically.

Server security scanning concept
🔬 10 Detection Layers
10-Layer Antivirus

The most thorough scanner in a free WordPress plugin

Other plugins scan files. UltraGuard goes deeper — ten independent detection layers including WordPress core integrity verification against official WordPress.org checksums, supply-chain dropper detection, and high-entropy string analysis.

  • Web shell and eval+base64 chain detection
  • Crypto miner and checkout skimmer detection
  • Core file integrity via api.wordpress.org
  • Quarantine with one-click remediation
  • Full scan history and exportable results
See All Scanner Capabilities →
Web Application Firewall

An 8-layer firewall that stops attacks before they reach WordPress

Most plugins intercept requests after WordPress loads — too late. UltraGuard's WAF runs at the earliest possible hook, blocking threats at the door across 8 detection layers.

IP Whitelist / Blacklist + CIDR
Sliding-Window Rate Limiting
Geo-Blocking by Country
Bot & Bad User-Agent Detection
Proxy / VPN / Datacenter Detection
OWASP Attack Pattern Matching
Auto-Ban on Attack Threshold
Reputation Feed Integration
Network firewall and security protection
🛡️ 0 Threats Passed
UltraGuard Pro

Advanced protection for sites that can't afford downtime

Unlock vulnerability scanning with virtual patching, database security, passkey auth, WooCommerce protection, and compliance reporting. Pro is $149 per year for one site, and Agency is $399 per year for up to 20 sites.

Pro

Passkey & 2FA Auth

WebAuthn passkeys and TOTP two-factor with per-role enforcement.

Pro

Vulnerability Scanner

CVE detection + Virtual WAF Patching against unpatched exploits.

Pro

Database Scanner

Scan every DB table for injections, spam, and backdoors.

Pro

File Integrity Monitor

Instant alerts when any tracked file changes.

Pro

IP Threat Intelligence

Cloud-synced hostile IP feeds integrated with your WAF.

Pro

WooCommerce Security

Checkout rules, JS skimmer detection, WooCommerce-aware logging.

Pro

Blacklist Monitor

Continuous domain and IP blacklist monitoring.

Pro

Uptime & SSL Monitor

Availability and certificate health with expiry alerts.

Pro

Compliance Reports

GDPR, PCI-DSS, ISO 27001, SOC 2 evidence reports.

Pro

REST API Security

Route-level access controls, API keys, rate limiting.

View Pro Plans & Pricing Start Free
From the Community

Trusted by developers, agencies, and store owners

★★★★★

"The WAF alone replaced two paid plugins. The real-time traffic monitor is something I've never seen in a free plugin."

MT
Marcus T.
WordPress Developer — 40+ client sites
★★★★★

"We needed PCI-DSS compliance reports for an audit. UltraGuard Pro generated exactly what our auditors needed in minutes."

SK
Sarah K.
E-commerce Store Owner — WooCommerce
★★★★★

"Deployed across 15 agency sites in an afternoon. The onboarding wizard is clear and the dashboard gives real confidence."

DR
David R.
Agency Director — 15 managed sites
Installation

Protected in under two minutes

01

Download the ZIP

Open the UltraGuard download page, grab the latest plugin ZIP, then upload it from Plugins → Add New → Upload Plugin.

02

Run the Wizard

The onboarding wizard launches automatically — select modules, apply settings, and seed baseline scan data.

03

Site Protected

WAF is live. Scans running. Login protection active. Monitor everything from the UltraGuard dashboard.

↓  Go to Download Page
Start Today — Free

Your WordPress site is being probed right now.
Don't find out the hard way.

Download UltraGuard from our site in under two minutes. No account. No credit card. No trial period.

↓  Go to Download Page View Pro Plans
✓ Free core forever ✓ No data sold ✓ Open source ✓ 27 security modules