360ยฐ Security for Your WordPress Site
The only WordPress security plugin with a 17-signal WAF, 5-layer malware scanner, live threat intelligence, and device session control โ all in one dashboard.
360 WP Armor โ Dashboard
Security Score
95/100
Grade A โ Protected
Threats Blocked
1,247
Last 7 days
PROTECTION MODULES
Smart WAF
โ Active
Malware Scanner
โ Active
Login Protection
โ Active
Device Limit
โ Active
๐ด LIVE โ 0 threats detectedโ All cle
Features
Everything your site needs to stay secure
One plugin replaces five. Built specifically for WordPress, tested on thousands of real-world attack patterns.
Smart WAF
17-signal context-aware firewall. Scores every request and blocks attacks before they reach WordPress. Admins are never accidentally locked out.
5-Layer Scanner
PHP signatures, YARA rules, core integrity, .htaccess audit, and database scan. Runs asynchronously โ no timeouts on large sites.
Live Threat Intelligence
Real-time hash lookups against MalwareBazaar (abuse.ch) and IP reputation checks via AbuseIPDB. Blocks known malware instantly.
Login Brute-Force Shield
Auto-locks IPs after N failed attempts. Configurable threshold and duration. Full attempt log with IP, username, and user agent.
Two-Factor Auth (2FA)
RFC 6238 TOTP compatible with Google Authenticator, Authy, and 1Password. Backup codes included. Enforced for admin accounts.
Device Session Control
Limit users to N concurrent devices. Oldest device is signed out when limit exceeded. Admin Device Manager shows all active sessions.
Country Blocking
Block or whitelist entire countries using GeoIP. One-click mode: allow-list only, or block-list specific countries. Admin always exempt.
Bot Protection
40+ bad bot signatures. Rate limiting per IP. Blocks vulnerability scanners, credential stuffers, and spam bots before they load WordPress.
Uptime Monitoring
15-minute checks with response time tracking. Email alerts on downtime and restoration. 48-hour response time chart in the dashboard.
Audit Log
25+ event types: logins, plugin installs, user changes, settings updates, file uploads. Timestamped with IP and user. Export to CSV.
Vulnerability Scanner
Checks every installed plugin and theme against WordPress.org CVE data. Flags outdated core, exposed debug.log, and config issues.
Auto-Repair Engine
One-click repair for malware issues: delete, restore from WordPress.org, quarantine to /wparm-quarantine/. Fix-all for batch repair.
Comparison
How we stack up against Wordfence
We built the features you actually need, and made them free where competitors charge.
| Feature | 360 WP Armor | Wordfence |
|---|---|---|
| Smart WAF | โ Free | โ Free |
| Malware scanner | โ Free | โ Free |
| Core file integrity | โ Free | โ Free |
| Country blocking | โ Free | โ Premium |
| 2FA enforcement | โ Pro | โ Free |
| Live threat intelligence | โ Pro | โ Premium |
| Device session limits | โ Unique | โ Not available |
| Uptime monitoring | โ Pro | โ Not available |
| Audit log | โ Pro | โ Premium |
| Brute-force protection | โ Free | โ Free |
| Bot protection | โ Pro | โ Free |
| Auto-repair engine | โ Pro | โ Free |
| WooCommerce license system | โ Built-in | โ Not available |
| Self-hosted updates | โ Built-in | โ WordPress.org only |
Pricing
Simple, transparent pricing
One site, unlimited scans, unlimited blocked threats. No per-feature fees.
30-day money-back guarantee ยท No credit card required for Free
FAQ
Common questions
Does 360 WP Armor slow down my site?
No. The WAF runs on init with priority 1 and exits within microseconds if the request is clean. Malware scans run via AJAX in the background, never blocking page loads.
Can the WAF accidentally block me out?
No. 360 WP Armor detects admin sessions and creates a trusted context that bypasses the WAF entirely. You can never be blocked from your own site.
What is device session limiting?
You can set a maximum number of concurrent logged-in devices per user. When a new device logs in and the limit is reached, the oldest device is automatically signed out. Great for membership sites.
Does it work with Elementor and WooCommerce?
Yes. The plugin is built and tested with both. The WAF includes specific bypass rules for Elementor editor requests and WooCommerce checkout flows.
Do I need to configure anything after install?
No. Sane defaults are set on install. The WAF and malware scanner work immediately. You can optionally configure email alerts, schedule, and Pro features.
What happens when my license expires?
Free features continue working. Pro features (2FA, device limits, uptime monitoring, audit log) are deactivated until the license is renewed. Your data is never deleted.
Is my data sent to external servers?
Only if you enable optional integrations: AbuseIPDB (IP reputation), MalwareBazaar (file hash lookup), and WordPress.org (core checksums). All are opt-out. We never sell or share your data.