Version 7.4.0
Enabled and Protecting
The Titan Web Application Firewall is actively blocking requests matching known attack patterns and protecting your site from attackers.
This allows hackers to plan a massive attack based on the default prefix "wp_"
Enabling "expose_php" PHP Directive exposes to the world that PHP is installed on the server.
Your site is currently free of known vulnerabilities.
Suspicious code pattern found in twentytwenty/functions.php that matches known malware signatures.
A backdoor script was found in wp-content/uploads/2024/suspicious.php that allows remote code execution.
Unknown file detected: wp-content/plugins/unknown-plugin/shell.php
Choose a preset to quickly configure Titan based on your experience level and security needs.
Perfect for beginners who want essential protection without complexity.
Comprehensive security for users comfortable with advanced settings.
Maximum protection with granular control for security professionals.
Your settings are currently configured to the Advanced preset. You can customize individual settings or switch to a different preset.
Enhanced filters active
Enabled with custom rules
Daily automated scans
2FA enabled for all users
Preset Customization
After applying a preset, you can still customize individual settings in their respective sections. Your changes will be preserved until you apply a different preset.
0 spam comments were blocked by Anti-spam plugin so far.
Additional modules to spam protect.
Actively blocking requests matching known attack patterns and protecting your site from attackers.
30% Enable the Titan Firewall.
70% Optimize the Titan Firewall.
How does Titan determine this?Stops Complex Attacks
The plugin loads after WordPress, so some plugins may run vulnerable code before protection activates.
Additional modules to spam protect.
These IPs are ignored when determining the request IP
Additional modules to spam protect.
WordPress IP addresses that are blocked early
Whitelisted IPs must be separated by commas or placed on separate lines. You can specify ranges using the following formats: 127.0.0.1/24, 127.0.0.[1-100], or 127.0.0.1-127.0.1.100. Titan automatically whitelists private networks because these are not routable on the public Internet.
Separate multiple URLs with commas or place them on separate lines. Asterisks are wildcards, but use with care. If you see an attacker repeatedly probing your site for a known vulnerability you can use this to immediately block them. All URLs must start with a "/" without quotes and must be relative, e.g. /badURL/one/, /bannedPage.html, /dont-access/this/URL/, /starts/with/*
Ignored IPs must be separated by commas or placed on separate lines. These addresses will be ignored from any alerts about increased attacks and can be used to ignore things like standalone website security scanners.
| Category | Description | |
|---|---|---|
| rce | Duplicator Installer wp-config.php Overwrite | |
| priv-esc | User Roles Manager Privilege Escalation <= 4.24 | |
| dos | WordPress Core <= 4.5.3 - DoS | |
| privesc | WordPress Core: Arbitrary File Deletion | |
| privesc | WordPress <= 5.0 - PHP Object Injection via Meta Data & Authenticated File Delete |
Additional modules to spam protect.
The URL/parameters in this table will not be tested by the firewall. They are typically added while the firewall is in Learning Mode or by an admin who identifies a particular URL/request as a false positive.
| Enabled | URL | Param | Created | Source | User | IP | |
|---|---|---|---|---|---|---|---|
| No whitelisted URLs yet | |||||||
Additional modules to spam protect.
NOTE: This checkbox enables ALL blocking/throttling functions including IP, country and advanced blocking, and the "Rate Limiting Rules" below.
These URL patterns will be excluded from the throttling rules used to limit crawlers.
Blocking ip
| Block Type | Detail | Rule Added | Reason | Expiration | Block Count | Last Attempt | |
|---|---|---|---|---|---|---|---|
| IP Block | 191.168.200.201 | 22.03.2020 22:42 | Yahoo crawler | Permanent | 0 | Never | |
| IP Block | 192.168.200.145 | 22.03.2020 00:42 | Bad bot | Permanent | 0 | Never |
In this table, you can see the attacks on your site that the Titan firewall repelled.
| IP | Event | ... | Attack Time |
|---|---|---|---|
| No attacks recorded yet | |||
Basic recommended security settings.
Basic recommended security settings.
One IP or IP range (1.2.3.4-5.6.7.8) per line
One Username per line
Basic recommended security settings.
One IP or IP range (1.2.3.4-5.6.7.8) per line
One Username per line
In this table, you can see the attacks on your site that the Titan firewall repelled.
| Date | IP | Tried to log in as | Gateway |
|---|---|---|---|
| No login attempts recorded yet | |||
Download 2FA Auth app to your smartphone to start using tokens
Please, scan the following QR code with your app
Enter the 6-digit token generated by the app and enable TOTP protection
Scan QR code with your app
| Username | Two-Factor Enabled? | Actions |
|---|---|---|
| kush | No |
| Backup Date | Size | Current Storage |
|---|---|---|
| No backups created yet | ||
Get real-time alerts about site availability issues
Your site must work on HTTPS to subscribe to notifications
Monitor URLs and manage them: add, delete
| URL | Frequency | Uptime | Response Time | Next Check | Actions |
|---|---|---|---|---|---|
| No URLs added yet | |||||
Basic recommended security settings.
WordPress itself and many plugins shows their version at the public area of your site. An attacker received this information may be aware of the vulnerabilities found in the version of the WordPress core or plugins.
Track errors to help solve possible issues
Configure advanced plugin options
Configure antivirus scanning options
You can get a weekly digest on threats found
Backup or restore your plugin settings
License is active
To make your site as secure as possible, the Titan Web Application Firewall is designed to run via a PHP setting called
auto_prepend_file, which ensures it runs before any potentially vulnerable code runs. This PHP setting is currently in use, and is including this file:
If you don't recognize this file, please contact us on the WordPress support forums before proceeding.
You can proceed with the installation and we will include this from within our
titan-firewall.php
file which should maintain compatibility with your site, or you can opt to override the existing PHP setting.
NOTE: If you have separate WordPress installations with Titan installed within a subdirectory of this site, it is recommended that you perform the Firewall installation procedure on those sites before this one.
We've preselected your server configuration based on our tests, but if you know your web server's configuration, please select it now. You can also choose "Manual Configuration" for alternate installation details.
Please download a backup of the following files before we make the necessary changes:
Once you have downloaded the files, click Continue to complete the setup.