Skip to main content
Zero Latency Architecture

Built for Speed & Security

VietShield WAF intercepts requests early in the WordPress loading process, filtering threats before they reach your site's core functions.

User / Attacker Incoming Request
VietShield WAF Engine
Early Interception Layer
Blocked
403 Forbidden
Rate Limited
429 Too Many
Clean
To WordPress
1

Early Interception

Initializes before WordPress plugins to catch threats instantly. Checks IP headers against local threat databases.

2

Static File Bypass

Automatically skips analysis for images, CSS, and JS files to ensure strictly zero latency for static assets.

3

Deep Analysis

Scans GET, POST, and COOKIE data against comprehensive rule sets for SQLi, XSS, RCE, and other attack vectors.

4

Async Logging

Records traffic details and metadata asynchronously to prevent performance bottlenecks during request processing.

Complete Protection Spectrum

Defense-in-depth architecture covering every layer of your WordPress application. From network level to application logic.

Advanced WAF Engine

Core protection engine that blocks malicious requests in real-time with comprehensive rule sets and heuristic analysis.

  • Learning Mode & Protecting Mode
  • Zero-Day Protection

SQL Injection Defense

Blocks UNION SELECT, time-based blind injections, and error-based exploits with advanced pattern recognition.

  • UNION SELECT Protection
  • Time-based Detection

XSS & Script Injection

Prevents Reflected and Stored Cross-Site Scripting attacks. Automatically sanitizes malicious script inputs.

  • Reflected XSS Blocking
  • Stored XSS Prevention

RCE & LFI Defense

Stops remote code execution, shell commands, and local file inclusion attempts before they can execute.

  • Shell Command Blocking
  • Path Traversal Prevention

Bad Bot Detection

Automatically identifies and blocks automated tools like SQLMap, Nikto, Nuclei while whitelisting legitimate crawlers.

  • Googlebot Whitelist
  • Scanner Detection

Threat Intelligence

Syncs with VietShield Network for real-time threat data. 1-day, 7-day, and 30-day threat feeds available.

  • Community Threat Feeds
  • Cloudflare Integration

Advanced Security Features

Comprehensive security tools designed to protect, monitor, and maintain your WordPress site's integrity.

IP Management & Firewall

Manage access control lists and automated blocking rules with precision.

Whitelist Management

Trusted IPs (admins, payment gateways) bypass WAF checks

Blacklist Protection

Permanently block malicious IPs and attack sources

Temporary Blocks

Auto-banned IPs from rate limiting (auto-released)

Geo-Blocking

Block traffic from high-risk countries

Malware & Integrity Scanner

Ensure your site's files haven't been tampered with or infected.

WP Core Scanner

Verifies system files against official WordPress repository

Malware Detection

Scans themes and plugins for backdoors, shells, eval functions

Scheduled Scans

Configure daily/weekly automated security scans

Instant Alerts

Email notifications for detected threats and changes

Login Security

Protect your dashboard from unauthorized access and brute force attacks.

Brute Force Protection

Limits failed login attempts per IP address

Smart Lockout

Temporarily bans IPs after X failed attempts

Honeypot Fields

Invisible fields to trap and identify bots

Author Enumeration

Blocks attempts to discover usernames

Live Traffic Analytics

Monitor who is visiting your site with complete visibility and zero latency.

Real-time Monitoring

Watch requests hitting your site live with detailed metadata

Advanced Filtering

Filter by IP, status code, URL, country, and attack type

One-click Actions

Instantly block or unblock IPs from the traffic log

Export Logs

Export traffic data to CSV/JSON for analysis

Real-time Monitoring

See Every
Request

Gain complete visibility into your site's traffic. Monitor IP addresses, geographic locations, user agents, and attack vectors in real-time.

  • Advanced Filtering (IP, Status, URL)
  • One-click Block / Unblock
  • Export Logs to CSV/JSON
Explore Analytics
Traffic Log
Live
Status Method IP Address Path Action
403 GET 192.168.1.5 /?id=1 UNION SELECT...
200 GET 104.28.x.x /wp-admin/
403 POST 45.33.x.x /contact-form [XSS]
200 GET 66.249.x.x /blog/post-1
200 HEAD 172.67.x.x /

Installation Guide

Get protected in under 2 minutes.

1

Download Plugin

Download vietshield-waf-v1.1.2.zip (v1.1.2) or browse all builds on the Releases page.

2

Upload to WordPress

Go to Dashboard > Plugins > Add New > Upload Plugin. Select `vietshield-waf.zip`.

3

Activate & Setup

Click Install Now then Activate. Follow the Setup Wizard to configure prevention.

4

Fine Tune

Go to VietShield WAF > Settings for advanced configuration and list management.

Frequently Asked Questions

Everything you need to know about VietShield WAF

Is VietShield WAF safe and malware-free?

Absolutely. VietShield is 100% open-source and transparent. You can inspect every line of code on our GitHub Repository to verify it's clean and secure. No hidden code, no backdoors.

Will this slow down my website?

No. VietShield is optimized for zero latency. It uses intelligent bypass for static files (images, CSS, JS) and executes heavy logging tasks asynchronously in the background. Your visitors experience no delay.

I accidentally blocked myself! How do I get back in?

Don't panic. You have two options: 1) Manually remove your IP from the vietshield_ip_lists database table, or 2) Rename the vietshield-waf plugin folder via FTP/File Manager to temporarily disable the firewall.

What's the difference between Learning Mode and Protecting Mode?

Learning Mode logs threats without blocking them - perfect for testing and fine-tuning rules. Protecting Mode actively blocks detected threats. Start with Learning Mode to avoid false positives, then switch to Protecting Mode once configured.

Is VietShield compatible with other security plugins?

Yes, but we recommend using VietShield as your primary WAF. It works alongside backup plugins, but avoid running multiple WAFs simultaneously as they may conflict. VietShield provides comprehensive protection that typically replaces the need for other security plugins.

How does the Threat Intelligence feature work?

VietShield syncs with our community threat network to receive real-time IP blacklists. You can choose 1-day, 7-day, or 30-day feeds. We also auto-whitelist legitimate crawlers like Googlebot and Cloudflare IPs to prevent false positives.

Where can I get support if I need help?

You can get support through our GitHub Issues page or email us at [email protected]. Our community and team are active in helping users configure and optimize their security.