Forensic scanner
Entropy, taint analysis, fuzzy hashing and baseline. Catches malware signatures miss.

WordPress security · forensic
Dunes Security watches, detects and blocks attacks in real time, with professional-grade forensic analysis — without slowing your site down.
14-day guarantee · cancel anytime · updates included
Launch a real attack against a Dunes Security-protected site and watch it fall in real time, with the forensic readout you’d see in your dashboard.
Open a real Dunes Security demo in one click and explore the full dashboard. Secure, temporary access — no sign-up.
Try the live demoClassic security plugins react late and weigh a lot. Dunes Security is built the other way around: deep forensic analysis, on-site defense and zero overhead for your readers.
The same command center built into the plugin: global attack map, top attackers and 24×7 activity. Without leaving your WordPress.
Entropy, taint analysis, fuzzy hashing and baseline. Catches malware signatures miss.
Blocks SQL injection, XSS and path traversal before they reach the database.
Reverse-DNS verification: Googlebot passes, malicious scanners don't.
Isolates and neutralizes compromised files without breaking your site.
AI analysis, CVE/IoC feeds and real-time anomaly detection.
Your site loads exactly as without the plugin. Defense lives where attackers are.
The latest we have added to Dunes Security to stay ahead of Wordfence, MalCare and SecuPress — without touching your speed.
A clear 0–100 score with an A–F letter, trend and prioritized recommendations. See at a glance how protected you are.
Checks your plugins and themes against 19,950 known vulnerabilities (CVE) and warns you before they are exploited.
Generates a printable report with your grade, findings and recommendations. Perfect for clients and audits.
Detects tampered WordPress core files and reinstalls them from the verified original, in one click.
Updatable OWASP-style rules that catch SQLi, XSS, RCE and more. Start in audit mode, risk-free.
Checks if a password appears in breaches (k-anonymity): full privacy, it never leaves your browser.
Malware doesn’t want your server: it wants your articles and your comments. These capabilities protect exactly that — and none of them exist in Wordfence, Sucuri or MalCare.
Deobfuscates malware layer by layer in a simulated sandbox, without running anything. See the payload before it acts.
A heat-map of your whole site colored by risk, file by file. A red-filled uploads folder is obvious at a glance.
Decoy honeyfiles, canary tokens and virtual patches. From detecting the attack to immunizing against it.
Reconstructs the intrusion as a human timeline by MITRE phases, with a forensic PDF report.
An AI security copilot that explains each threat in plain language and prioritizes what to fix first.
A cryptographic signature per article. If malware injects spam into the database, the signature breaks: you catch it instantly and restore in one click.
A UV view that reveals what Google sees but the reader doesn’t: hidden text, homoglyphs and disguised links (SEO spam / cloaking).
Detonates every comment link: unrolls its redirects and neutralizes the dangerous ones with a warning page. The comment lives; the poison doesn’t.
Who changed each article, when, from which IP and by which route. Catches the stolen editor account injecting at 4 AM.
Hit Scan: each rectangle is a file; size is its weight and color its risk. Hover to see its DNA. (Demo with sample data.)
On your real site, the X-Ray scans your actual files inside the Dunes Security dashboard.
Real data that protects your site — up to date and on your own server, without sending your traffic to any cloud.
Everything your WordPress needs to defend itself, in a single plugin at no extra cost.
Entropy, taint, fuzzy & baseline.
Blocks SQLi, XSS & path traversal.
Reverse-DNS verification.
Isolates & neutralizes threats.
Genomic fingerprint per file.
Live CVE & IoC feeds.
AI that investigates each incident.
Runtime application protection.
Always-verified access.
A trap for login attackers.
Trap rows in the database.
Site snapshots & rollback.
Live global attack map.
Audit-ready (GDPR, etc.).
The Genome scanner computes the "DNA" of each file —entropy, hashes and fuzzy similarity— to catch malware that traditional signatures miss.
md5 a3f9c1b4e7d2…
sha256 9b2e7c…d44f1a
fuzzy T1A9F2::a3c1…
Dunes Security takes the defenses of the priciest paid plugins, pushes them much further and packs them all into one — pro-grade protection, without slowing your site down and for less than you pay today.
| Sentinel | Wordfence | Sucuri | Solid Security | MalCare | |
|---|---|---|---|---|---|
| A–F security grade | |||||
| Vulnerability scanner · plugins & themes | 19,950 cve | ||||
| WAF with updatable rule feed | |||||
| Forensic scanner (entropy · taint · fuzzy) | |||||
| One-click core repair | |||||
| Quarantine + malware auto-clean | |||||
| Leaked passwords (Have I Been Pwned) | |||||
| Bot defense with DNS verification | |||||
| Threat intel · CVE / IoC feeds | |||||
| Branded downloadable PDF report | |||||
| Live war room | |||||
| Global attack map | |||||
| AI threat analyst | |||||
| RASP · runtime protection | |||||
| Zero-Trust + 2FA + decoy admin | |||||
| Database honeyrows | |||||
| Time Travel · snapshots & rollback | |||||
| Zero frontend impact | |||||
| Price | €89/yr · all included | $149/yr + paid cleanup | from $199/yr | from $99/yr | from $99/yr |
Comparison based on each product’s public information (June 2026). Third-party features may change; verify them on their official sites. ✓ = included · — = partial or separate service · ✗ = not available.
Wordfence is the well-known standard. But Dunes Security catches what signatures miss, lets you undo an attack and never charges extra to clean up — all on your own server.
Entropy, taint, fuzzy analysis and malware DNA catch new (zero-day) code that Wordfence’s traditional signatures miss.
Live war room, global attack map and an AI analyst that prioritizes incidents and tells you what to do. Wordfence doesn’t have it.
Runtime RASP, Zero-Trust, decoy admin, database honeyrows and DB Shield. Wordfence stops at WAF + scanner.
Snapshots and rollback after a compromise: if something gets in, you roll back instantly. Wordfence has no rollback.
Runs on your server (on-device): we don’t send your traffic to an external cloud. Full privacy and a fast site. Wordfence adds load; Sucuri and MalCare process off-site.
Forensics, WAF, RASP, compliance and incident reports, all in. No 590 $ (Care) or 1,250 $ (Response) tiers, no separate cleanup services.
For less than €8/month, protect your work with the most advanced technology.
14-day money-back guarantee. No questions asked.
14-day money-back guarantee. No questions asked.
Practically no. On public pages Dunes Security loads none of its heavy modules; only a featherweight shield inspects the request in microseconds. Your readers get the same performance.
Yes, with WordPress 6.0+ and PHP 7.4+. It installs like any plugin.
You keep the plugin and its protection installed; you only stop receiving updates, new signatures and support.
Under 5 minutes: upload the plugin, activate with your license key and you're protected instantly.
Open a real Dunes Security demo in one click and explore the full dashboard. Secure, temporary access — no sign-up.
Try the live demoJoin the sites that already sleep easy with Dunes Security.
Protect my site · 89 €/yr