WP-Sentinel, is a plugin for the WordPress platform which will increase the security of your blog against attacks
from crackers, lamers, black hats, h4x0rs, etc .
The plugin will be loaded by wordpress before every other installed plugin and will execute some security checks upon incoming http requests and, when one of more
requests turn on the system alarm, they will be blocked, the sentinel then will show a warning message to the user and send a notification email to the blog
administrator with the whole attack details.
Furthermore wp-sentinel will communicate with a centralized server to collect attackers data and build a ip address blacklist.

This plugin is able to block those kind of attacks :

  • Cross Site Scriptings
  • HTML Injections
  • Remote File Inclusions
  • Remote Command Executions
  • Local File Inclusions
  • SQL Injections
  • Integer & string overflows
  • Cross Site Request Forgery
  • Login bruteforcing
  • Flooding
  • … and so on 🙂

WP-Sentinel will NOT check requests from the user logged in as administrator, so if you want to check the installation you have to log out first.


  1. Upload wp-sentinel folder to the /wp-content/plugins/ directory.
  2. Activate the plugin through the ‚Plugins‘ menu in WordPress.
  3. Configure the plugin through the settings panel.


How can i check if the plugin is installed and working properly?

If you are logged in as administrator, perform a logout, go to the index of your blog and open an url such as :


To activate the local file inclusion block for instance.

Some bot is launching an high number of attacks to my blog, will the plugin be flooded with logs?

No, the plugin has an anti-flood mechanism that can be configured through the settings menu.


