Initial release of SRWorks ArmorPro Lite. Free WordPress security with firewall, brute force protection, bot detection, and more.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3475861,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3475861,"resolution":"256x256","location":"assets","locale":""},"icon.svg":{"filename":"icon.svg","revision":3475861,"resolution":false,"location":"assets","locale":false}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3475861,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3475861,"resolution":"772x250","location":"assets","locale":""},"banner.svg":{"filename":"banner.svg","revision":3475861,"resolution":false,"location":"assets","locale":false}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Security Dashboard with real-time stats, protection status overview, and blocks over time chart","2":"Brute Force Protection with login activity log, status badges, and lockout settings","3":"Firewall with 600+ built-in patterns, pattern manager with per-pattern toggle and hit counts","4":"Access Control with IP whitelist","5":"Settings page with security headers and basic configuration","6":"Tools and Diagnostics with system health checks and database repair"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[2439,1174,2846,15756,600],"plugin_category":[54],"plugin_contributors":[257201],"plugin_business_model":[],"class_list":["post-278927","plugin","type-plugin","status-publish","hentry","plugin_tags-brute-force","plugin_tags-firewall","plugin_tags-headers","plugin_tags-login-protection","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-srworks","plugin_committers-srworks"],"banners":{"banner":"https:\/\/ps.w.org\/srworks-armorlite\/assets\/banner-772x250.png?rev=3475861","banner_2x":"https:\/\/ps.w.org\/srworks-armorlite\/assets\/banner-1544x500.png?rev=3475861","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":"https:\/\/ps.w.org\/srworks-armorlite\/assets\/icon.svg?rev=3475861","icon":"https:\/\/ps.w.org\/srworks-armorlite\/assets\/icon.svg?rev=3475861","icon_2x":false,"generated":false},"screenshots":[],"raw_content":"\n
ArmorLite<\/strong> is a free, lightweight WordPress security plugin built for performance. Firewall with 600+ built-in patterns, brute force protection, bot detection, security headers, and login monitoring. No bloat, no unnecessary database queries, no external API calls during normal operation.<\/p>\n\n Need more protection? ArmorPro<\/a> adds:<\/p>\n\n Learn more about ArmorPro<\/a><\/p>\n\n This plugin connects to external third-party services in the following situations:<\/p>\n\n This plugin can optionally share anonymous usage data to help improve ArmorLite. This is disabled by default and requires explicit opt-in from the Settings page.<\/p>\n\n No personal data is collected or stored by this service.<\/p>\n\n ArmorLite stores the following data locally in your WordPress database:<\/p>\n\n This data is stored to help you monitor and protect your website. You can clear all logs at any time from the Tools tab. When the plugin is uninstalled, all data is automatically deleted.<\/p>\n\n No visitor data is sent to external services during normal operation. Anonymous usage data sharing is optional and disabled by default.<\/p>\n\n Need help with ArmorLite? Have a feature request or found a bug?<\/p>\n\n Visit our support page: https:\/\/srworks.co\/contact<\/p>\n\n Firewall patterns inspired by the work of Jeff Starr at Perishable Press (https:\/\/perishablepress.com). Used under GPLv2.<\/p>\n\n Charts powered by Chart.js (https:\/\/www.chartjs.org), MIT License.<\/p>\n\n Tooltips powered by Tippy.js (https:\/\/atomiks.github.io\/tippyjs), MIT License.<\/p>\n\n\n That's it! Your site is now protected.<\/p>\n\n\n Yes! ArmorLite works on any web server including Apache, NGINX, LiteSpeed, and others. The firewall uses pure PHP and requires no server configuration.<\/p><\/dd>\n No. ArmorLite is designed for performance. The firewall uses fast string matching (stripos) to scan requests early in the WordPress load process. Blocked requests are stopped before WordPress fully loads, actually reducing server load from attacks.<\/p><\/dd>\n ArmorLite monitors login attempts and tracks failed logins by IP address using session-based tracking. After a configurable number of failures (2, 3, 5, or 10 attempts), the IP is temporarily locked out for a configurable duration (5 minutes to 2 hours).<\/p><\/dd>\n Bot protection adds invisible honeypot fields, timestamp validation, and JavaScript token verification to login, registration, and password reset forms. Automated bots that submit forms without rendering JavaScript or that submit too quickly are blocked before they can attempt brute force attacks.<\/p><\/dd>\n Yes, but there may be overlapping features. We recommend testing thoroughly. ArmorLite is designed to be lightweight and focused, so it generally pairs well with other plugins without conflicts.<\/p><\/dd>\n Go to ArmorLite > Access Control and add your IP to the whitelist. Whitelisted IPs bypass all security checks including brute force lockouts and firewall blocking.<\/p><\/dd>\n ArmorLite includes all the essential security features for free: firewall, brute force protection, bot detection, basic security headers, IP whitelist, and login monitoring. ArmorPro adds advanced features like the WAF engine, two-factor authentication, passkey login, custom login URL, country blocking, IP blacklist, advanced security headers, email notifications, and extended log retention. Compare features<\/a><\/p><\/dd>\n ArmorLite stores security logs locally in your WordPress database (IP addresses, timestamps, usernames from login attempts). No visitor data is sent to external services. Anonymous usage data sharing is optional and disabled by default.<\/p><\/dd>\n Blocked visitors see a professional \"Access Blocked\" page with a 403 status code. The page is clean and branded, informing them to contact the site administrator if they believe it's an error.<\/p><\/dd>\n Yes. ArmorLite works with all major caching plugins including WP Rocket, W3 Total Cache, LiteSpeed Cache, and WP Super Cache. The firewall runs before caching layers and includes proper cache-control headers.<\/p><\/dd>\n\n<\/dl>\n\n\nFree Features<\/h4>\n\n
\n
Upgrade to ArmorPro<\/h4>\n\n
\n
External Services<\/h3>\n\n
Anonymous Usage Data (Optional)<\/h4>\n\n
\n
Privacy Policy<\/h3>\n\n
\n
Support<\/h3>\n\n
Credits<\/h3>\n\n
\n
\n
Does ArmorLite work with NGINX?<\/h3><\/dt>\n
Will this security plugin slow down my website?<\/h3><\/dt>\n
How does the brute force protection work?<\/h3><\/dt>\n
What does the bot protection do?<\/h3><\/dt>\n
Can I use this with other security plugins?<\/h3><\/dt>\n
How do I whitelist my IP address?<\/h3><\/dt>\n
What is the difference between ArmorLite and ArmorPro?<\/h3><\/dt>\n
What data does ArmorLite collect?<\/h3><\/dt>\n
What happens when an IP is blocked?<\/h3><\/dt>\n
Is ArmorLite compatible with caching plugins?<\/h3><\/dt>\n
1.0.0<\/h4>\n\n
\n