WordPress Plugin · Shopify App · API Middleware

Security That Ships
In One Click.

WordPress sites get attacked 2,000+ times per day. Shopify stores lose billions to card testing fraud. APIs get scraped by bots.

ShieldGuard blocks them all. No configuration. No YAML files. No PhD required.

Protect My Site — Free WordPress Plugin Shopify App

85+ tests passing <1ms overhead No credit card MIT licensed

80+

Attack Signatures

126

Automated Tests

98.5%

Bot Detection Rate

<1ms

Latency Overhead

How Protection Works

Three Steps. Zero Configuration.

You focus on building. ShieldGuard handles the attacks.

Install

WordPress: upload a zip. Shopify: one-click app install. API: add middleware. Done.

Detect

Every request scored in real-time. XML-RPC attacks, card testing, bot UAs, SQLi, XSS, SSRF — all caught.

Sleep Easy

Threats blocked automatically. Alerts via email or Slack. Review attack logs anytime. Your site stays safe.

What It Protects

Every Attack Vector, Covered

ShieldGuard blocks the threats that actual attackers use — not marketing bullet points.

XML-RPC Firewall

The #1 WordPress attack vector. ShieldGuard blocks brute force via xmlrpc.php by default. No settings needed.

Brute Force Protection

Rate limits login attempts to 5 per IP. Known attacker IPs blocked at the edge. Credential stuffing? Stopped cold.

Card Testing Detection

Shopify & WooCommerce: detects velocity patterns in checkout. Stops fraudsters burning stolen cards on your store.

Rate Limiting

Token-based, IP-based, or endpoint-based. Protect your API budget from abuse. Per-user, per-endpoint granularity.

Bot Detection

UA analysis, headless browser fingerprinting, mouse/keyboard timing. Separates Googlebot from scrapers. 98.5% accuracy.

Spam Protection

Comment spam, disposable emails, keyword analysis. Keeps your content clean without CAPTCHA hell for real users.

Built for developers, by developers

ShieldGuard is open-source. We built it to protect our own properties — catn.site, jobrdy.online, urentmy.com, and five others. Zero attacks bypassed. Zero false positives. Now we're sharing it with you.

Open Source First

MIT licensed. Inspect every line. Run it yourself. Contribute on GitHub. No black boxes.

No Vendor Lock-In

Self-host or use our cloud. Your attack data stays on your infrastructure. Export anytime.

128 Tests & Counting

TDD-built from day one. Every detection rule has a test. Every test proves a real attack is blocked.

Live Demo — No Signup

See Threats Getting Blocked In Real-Time

Every request scored for fraud risk, injection, and abuse in under 200ms.

shieldguard ~ monitoring traffic Requests: 1,247

Time	Endpoint	Threat	Risk	Action
14:32:01	POST /v1/chat	Clean	12/100	Allowed
14:32:03	POST /wp-admin	Brute force	45/100	Throttled
14:32:07	POST /xmlrpc.php	XML-RPC attack	94/100	BLOCKED

// Every request scored in <200ms · 98.5% detection rate · 0 false positives

Simple Pricing

Start Free. Upgrade When You Need To.

All plans include full protection. Pay for scale, not features.

Monthly Annual Save 20%

Free

No credit card

✓10K requests/mo
✓1 project
✓Basic bot detection
✓5 custom rules
—Community support

Start Free

Starter

$29/mo

Everything in Free +

✓100K requests/mo
✓5 projects
✓Bot + IP blocking
✓15 custom rules
✓Email alerts

Start Starter

POPULAR

Pro

$99/mo

14-day free trial →

✓500K requests/mo
✓Unlimited projects
✓Prompt injection protection
✓Token-based rate limiting
✓Cost spike detection
✓AI scrape protection
✓Slack alerts
✓Priority support

Start Free Trial

Team

$249/mo

Everything in Pro +

✓5M requests/mo
✓Unlimited projects
✓Team collaboration
✓Custom threat models
✓API access
✓Dedicated support

Start Team

Enterprise

Custom

✓Unlimited requests
✓SSO & SAML
✓On-prem deployment
✓Custom AI models
✓SLA & priority support

Contact Sales

All plans include 85+ verified test cases. No hidden fees. No broken promises.

Security That Ships In One Click.