Protect your WordPress sites with CrowdSec

You can secure your WordPress sites with CrowdSec using our latest application remediation component, available on the WordPress marketplace. This new plugin is compatible with versions 1.0.x and beyond. Given that the vast majority of websites in the world are hosted on WordPress, this plugin improves our defense arsenal in our mission to defend the greatest number.

Step one: Install the CrowdSec Security Engine

This remediation component has been designed to protect WordPress-hosted websites from all kinds of attacks. To be able to use this blocker, the first step is to install the CrowdSec Security Engine.

Then, both installation and configuration of the plugin can be done in a few clicks from the WordPress marketplace.

CrowdSec plugin available on WordPress

Please note that first and foremost CrowdSec must be installed on a server that is accessible via the WordPress site.  Remember: CrowdSec detects, remediation components deter.

Both pieces of software don’t have to be installed on the same server, although that would be easiest. To protect your server in the best possible way, the CrowdSec Security Engine needs to be able to read relevant logs – either via file, syslog or whatever works best in your environment.

Step two: Install WordPress plugin

Installing the CrowdSec WordPress plugin is as easy as installing any other WordPress plugin:

  • Click ‘Plugins’ in the left navigation on your site’s dashboard. 
  • Type ‘CrowdSec’ in the text field to the right. Hit enter. 
  • In the CrowdSec plugin click ‘Install Now’

Once installed click ‘activate’ as illustrated below.

Now configure the plugin by clicking CrowdSec in the left navigation as shown below.

Set LAPI URL to the location of your CrowdSec Security Engine. Is it installed on the same server, fill it out as shown above.

‘Remediation Component API’ is created in cscli. Just follow the instructions. 

For details on how to configure the CrowdSec WordPress remediation component, go to the official documentation or read on. Pay special attention to the option ‘Public website only’. This must be disabled if you wish to protect wp-admin (which you most likely would want to).

The “Flex mode” – a bulwark agains false positives

Thanks to the “Flex mode”, it is impossible to accidentally block access to your site to people who don’t deserve it. This mode makes it possible to never ban an IP but only to offer a Captcha, in the worst-case scenario.

CrowdSec blends into your design

When a user is suspected to be malevolent, CrowdSec will either send them her a Captcha to resolve or simply a page notifying that access is denied. Please note that it is possible to customize all the colors of these pages in a few clicks so that they integrate best with your design. On the other hand, all texts are also fully customizable. This will allow you, for example, to present translated pages in your users’ language.

The right balance between performance and security

By default, the “live mode” is enabled. The first time a stranger connects to your website, this mode means that the IP will be checked directly by the CrowdSec API. The rest of your user’s browsing will be even more transparent thanks to the fully customizable cache system.

But you can also activate the “Stream mode.” This mode allows you to constantly feed the remediation component with the malicious IP list via a background task (CRON), making it even faster when checking the IP of your visitors. Besides, if your site has a lot of unique visitors at the same time, this will not influence the traffic to the API of your CrowdSec instance.

Stream mode activation

If you’ve ever been confronted with high traffic, you are probably familiar with Redis or Memcached technologies. You have the capability to activate these caching technologies in the CrowdSec remediation component settings to guarantee invisible IP control on your site. For further explanation on stream vs live mode, check the official documentation.

CDN-friendly without forgetting other load balancers

If you use a CDN, a reverse proxy, or a load balancer, it is now possible to indicate in the remediation component settings the IP ranges of these devices to check the IP of your users. For other IPs, the remediation component will not trust the X-Forwarded-For header.

Coming up next

Soon, the plugin will have a dashboard allowing you to visualize the activity of your remediation component in live. It will also be possible to connect directly to CrowdSec’s global reputation database, without having to install the Security Engine on your machine if you don’t wish to.

Widely tested, 100% open source

This plugin has been tested on the vast majority of WordPress versions installed in the world (90%+), according to WordPress real-time statistics. It has also been tested on a very wide range of PHP versions (7.2, 7.3, 7.4 and 8), the language in which WordPress is coded.

This plugin is released under MIT license, the most permissive and free license in the world. Its source code is fully available on GitHub. You can discover the entire collection of CrowdSec remediation components at our Hub. Beyond this one, you will find there more freshly released additions.

We would love to hear your feedback about this WordPress plugin. If you are interested in testing the remediation component to protect your sites or would like to get in touch with the team, give us a shout!

You may also like

Introducing the New CrowdSec and BunkerWeb Integration

Introducing the New CrowdSec and BunkerWeb Integration

We are thrilled to welcome BunkerWeb into the CrowdSec Network and together strengthen collaborative open security for both our communities.

Revolutionizing Security Analysis with CrowdSec and Microsoft Copilot for Security

Revolutionizing Security Analysis with CrowdSec and Microsoft Copilot for Security

We are announcing the CrowdSec CTI and Microsoft Copilot for Security integration, which signals a new era of collaborative and intelligent security operations.

Announcing the Release of the CrowdSec Security Engine 1.6

Announcing the Release of the CrowdSec Security Engine 1.6

The Security Engine 1.6 is in general availability and it comes with exciting new features and improvements, including the new AppSec Component.