WordPress security · forensic

Your WordPress, guarded like a fortress.

Dunes Security watches, detects and blocks attacks in real time, with professional-grade forensic analysis — without slowing your site down.

14-day guarantee · cancel anytime · updates included

Try it yourself

Attack us. Watch nobody get in.

Launch a real attack against a Dunes Security-protected site and watch it fall in real time, with the forensic readout you’d see in your dashboard.

Pick your attack
Dunes Security · active
0Breaches 0Blocked
// Waiting for your attack… pick one on the left
Dunes Security WAF + RASP + Bot Defense online
12defense engines
< 5 minto install
0speed impact
Live demo

Try it yourself — nothing to install

Open a real Dunes Security demo in one click and explore the full dashboard. Secure, temporary access — no sign-up.

Try the live demo

90% of hacked WordPress sites were "up to date".

Classic security plugins react late and weigh a lot. Dunes Security is built the other way around: deep forensic analysis, on-site defense and zero overhead for your readers.

War room

See every attack, in real time.

The same command center built into the plugin: global attack map, top attackers and 24×7 activity. Without leaving your WordPress.

Global attack map Live
Defense Low Medium High
2.487Blocked today
38Quarantined
Top attackers
185.220.101.44RU342
45.142.212.19CN287
103.74.19.8IN195
191.96.30.7BR142
89.248.165.2NL96
Activity · 24×7

Twelve engines, one mission: keep them out.

Forensic scanner

Entropy, taint analysis, fuzzy hashing and baseline. Catches malware signatures miss.

WAF + query firewall

Blocks SQL injection, XSS and path traversal before they reach the database.

Bot defense

Reverse-DNS verification: Googlebot passes, malicious scanners don't.

Quarantine + auto-clean

Isolates and neutralizes compromised files without breaking your site.

AI + threat intel

AI analysis, CVE/IoC feeds and real-time anomaly detection.

Zero frontend impact

Your site loads exactly as without the plugin. Defense lives where attackers are.

What's new · 2026

Stronger every month.

The latest we have added to Dunes Security to stay ahead of Wordfence, MalCare and SecuPress — without touching your speed.

19,950known vulnerabilities in its database
A–Fsecurity grade with PDF report
1 clickWordPress core repair
New

A–F security grade

A clear 0–100 score with an A–F letter, trend and prioritized recommendations. See at a glance how protected you are.

New

Database of ~20,000 vulnerabilities

Checks your plugins and themes against 19,950 known vulnerabilities (CVE) and warns you before they are exploited.

New

Branded PDF report

Generates a printable report with your grade, findings and recommendations. Perfect for clients and audits.

New

Core integrity + repair

Detects tampered WordPress core files and reinstalls them from the verified original, in one click.

New

Rule firewall (WAF)

Updatable OWASP-style rules that catch SQLi, XSS, RCE and more. Start in audit mode, risk-free.

New

Leaked passwords

Checks if a password appears in breaches (k-anonymity): full privacy, it never leaves your browser.

New in 2026

Nine capabilities nobody else has

Malware doesn’t want your server: it wants your articles and your comments. These capabilities protect exactly that — and none of them exist in Wordfence, Sucuri or MalCare.

Next-gen detection
New

Detonation Room

Deobfuscates malware layer by layer in a simulated sandbox, without running anything. See the payload before it acts.

New

Live X-Ray

A heat-map of your whole site colored by risk, file by file. A red-filled uploads folder is obvious at a glance.

New

Immune System

Decoy honeyfiles, canary tokens and virtual patches. From detecting the attack to immunizing against it.

New

Attack Story

Reconstructs the intrusion as a human timeline by MITRE phases, with a forensic PDF report.

New

Virtual Analyst

An AI security copilot that explains each threat in plain language and prioritizes what to fix first.

Content shield
New

Sealed Content

A cryptographic signature per article. If malware injects spam into the database, the signature breaks: you catch it instantly and restore in one click.

New

Blacklight

A UV view that reveals what Google sees but the reader doesn’t: hidden text, homoglyphs and disguised links (SEO spam / cloaking).

New

Link Shield

Detonates every comment link: unrolls its redirects and neutralizes the dangerous ones with a warning page. The comment lives; the poison doesn’t.

New

Chain of Custody

Who changed each article, when, from which IP and by which route. Catches the stolen editor account injecting at 4 AM.

Interactive demo

See your WordPress the way the antivirus sees it

Hit Scan: each rectangle is a file; size is its weight and color its risk. Hover to see its DNA. (Demo with sample data.)

Healthy Watch Risk Critical
Hit “Scan” to draw the heat-map.

On your real site, the X-Ray scans your actual files inside the Dunes Security dashboard.

Defense intelligence

Under the hood

Real data that protects your site — up to date and on your own server, without sending your traffic to any cloud.

19.950 known vulnerabilities Our own database · plugins & themes · updatable
24 malware signatures Webshells · obfuscated execution
691 bots & scanners Reputation-based detection
30 WAF rules OWASP-style · SQLi · XSS · RCE
12 defense engines Forensic · RASP · Zero-Trust…
All included

Twelve engines. One single license.

Everything your WordPress needs to defend itself, in a single plugin at no extra cost.

Forensic scanner

Entropy, taint, fuzzy & baseline.

WAF + query firewall

Blocks SQLi, XSS & path traversal.

Bot defense

Reverse-DNS verification.

Quarantine + auto-clean

Isolates & neutralizes threats.

Malware DNA

Genomic fingerprint per file.

Threat intel

Live CVE & IoC feeds.

AI threat analyst

AI that investigates each incident.

Runtime RASP

Runtime application protection.

Zero-Trust + 2FA

Always-verified access.

Decoy admin

A trap for login attackers.

Database honeyrows

Trap rows in the database.

Time Travel

Site snapshots & rollback.

War room

Live global attack map.

Compliance reports

Audit-ready (GDPR, etc.).

Malware DNA

Every file has a fingerprint. Dunes Security reads it.

The Genome scanner computes the "DNA" of each file —entropy, hashes and fuzzy similarity— to catch malware that traditional signatures miss.

Entropy sequence low medium high
0x0000file offset0x11C0
Detected familyObfuscated webshell · high entropy
Shannon entropy7.84 / 8.00
VerdictSuspicious · quarantined
Fingerprints md5 a3f9c1b4e7d2… sha256 9b2e7c…d44f1a fuzzy T1A9F2::a3c1…

Everything the competition does, done better — and for less.

Dunes Security takes the defenses of the priciest paid plugins, pushes them much further and packs them all into one — pro-grade protection, without slowing your site down and for less than you pay today.

Included Partial · or separate service Not available
Sentinel Wordfence Sucuri Solid Security MalCare
A–F security grade
Vulnerability scanner · plugins & themes 19,950 cve
WAF with updatable rule feed
Forensic scanner (entropy · taint · fuzzy)
One-click core repair
Quarantine + malware auto-clean
Leaked passwords (Have I Been Pwned)
Bot defense with DNS verification
Threat intel · CVE / IoC feeds
Branded downloadable PDF report
Live war room
Global attack map
AI threat analyst
RASP · runtime protection
Zero-Trust + 2FA + decoy admin
Database honeyrows
Time Travel · snapshots & rollback
Zero frontend impact
Price €89/yr · all included $149/yr + paid cleanup from $199/yr from $99/yr from $99/yr

Comparison based on each product’s public information (June 2026). Third-party features may change; verify them on their official sites. ✓ = included · — = partial or separate service · ✗ = not available.

Head to head

Why Dunes Security over Wordfence?

Wordfence is the well-known standard. But Dunes Security catches what signatures miss, lets you undo an attack and never charges extra to clean up — all on your own server.

89
per year · 1 site · EVERYTHING included (Enterprise) No separate cleanup services
vs
149 $
per year · plus Care $590 / Response $1,250 for cleanup and response Signatures + WAF · cleanup on higher tiers

Forensic detection, not just signatures

Entropy, taint, fuzzy analysis and malware DNA catch new (zero-day) code that Wordfence’s traditional signatures miss.

War Room + AI threat analyst

Live war room, global attack map and an AI analyst that prioritizes incidents and tells you what to do. Wordfence doesn’t have it.

Real defense in depth

Runtime RASP, Zero-Trust, decoy admin, database honeyrows and DB Shield. Wordfence stops at WAF + scanner.

Time Travel: undo an attack in 1 click

Snapshots and rollback after a compromise: if something gets in, you roll back instantly. Wordfence has no rollback.

Zero impact and on your own server

Runs on your server (on-device): we don’t send your traffic to an external cloud. Full privacy and a fast site. Wordfence adds load; Sucuri and MalCare process off-site.

Everything included in one price

Forensics, WAF, RASP, compliance and incident reports, all in. No 590 $ (Care) or 1,250 $ (Response) tiers, no separate cleanup services.

All included

One license. All the protection.

89 €/yr

For less than €8/month, protect your work with the most advanced technology.

  • All 12 defense engines
  • Updates and new signatures included
  • Priority support
  • AI analysis & threat intel
  • No lock-in · cancel anytime
Start now

14-day money-back guarantee. No questions asked.

For companies and large sites

Dunes Security Enterprise

Custom pricing
  • 5th-gen advanced AI protection
  • Tailored customization
  • Exclusive website analysis
  • Priority 24/7 support
  • Dedicated account manager
  • Security audit & custom hardening
  • Priority incident response
  • Multisite license · unlimited sites
  • Compliance reports (GDPR) & forensics
  • Contractual SLA
Talk to sales

14-day money-back guarantee. No questions asked.

Frequently asked questions

Does it slow my site?

Practically no. On public pages Dunes Security loads none of its heavy modules; only a featherweight shield inspects the request in microseconds. Your readers get the same performance.

Does it work with any WordPress?

Yes, with WordPress 6.0+ and PHP 7.4+. It installs like any plugin.

What if I cancel?

You keep the plugin and its protection installed; you only stop receiving updates, new signatures and support.

How long does it take to install?

Under 5 minutes: upload the plugin, activate with your license key and you're protected instantly.

See the full Dunes Security guide & help center →

Live demo

Try it yourself — nothing to install

Open a real Dunes Security demo in one click and explore the full dashboard. Secure, temporary access — no sign-up.

Try the live demo

Ready to stop worrying about security?

Join the sites that already sleep easy with Dunes Security.

Protect my site · 89 €/yr
DunesLabs AssistantI help you choose a plan