PHProtect blocks SQL injection, XSS, scrapers, and brute-force attacks before they reach your code — and streams every block to a live dashboard you actually want to watch.
Parameterized-query bypass attempts, UNION probes, blind timing
Injected <script>, event-handler and javascript: payloads
HTTrack, wget, Scrapy, headless clients cloning your site
Per-IP request ceilings that throttle hammering clients
Login lockouts after repeated failed attempts
../ climbs, /etc/passwd reads, php:// wrapper abuse
Sign up and add your domain. We hand you a unique site key and secret.
Upload one PHP file and add a single line — or one .htaccess directive for the whole site.
Blocked attacks stream to your dashboard live, with IPs, payloads, and severity.
Prefer per-page? Add require '/path/phprotect-agent.php'; to the top of your files. The agent fails open — if PHProtect is ever unreachable, your site keeps serving.
Every public site gets scanned within hours of going live. Put a watchtower up before the next sweep.
Start protecting — free