WebShield Open-Core

Runtime Firewall for PHP

Perfect for WordPress, Laravel & custom PHP apps.

Download from Codecanyon (coming soon)

Key Features

Pattern-based detection

  • SQL injection patterns
  • XSS (Cross-Site Scripting)
  • Scanner paths (/wp-admin, /phpmyadmin, etc.)
  • Brute-force heuristics

4 Defense Modes

  • observe – Log only, never block
  • protect – Block high/critical threats
  • deceive – Serve honeypots
  • aggressive – Delays + faster blocking

Honeypot System

  • Fake login pages
  • Fake db/admin endpoints
  • Watermarks per installation
  • Configurable fake responses

Integrations

  • WordPress plugin
  • Laravel middleware
  • Symfony subscriber
  • Generic bootstrap

Logging

  • JSON lines format
  • Forensic-friendly
  • Ready for dashboards / SIEM
  • Configurable log levels
  • Request IDs for tracking
  • Honeypot IDs for attribution

Detection Capabilities

  • SQL injection (comprehensive patterns)
  • XSS attacks (script tags, event handlers)
  • Scanner paths (WordPress, phpMyAdmin, etc.)
  • Brute-force detection (per IP tracking)

Installation

# Install via Composer composer require php-next/webshield-open # Bootstrap in your app require 'vendor/autoload.php'; use PhpNext\WebShieldOpen\WebShield\WebShieldFactory; $shield = WebShieldFactory::fromDefaults(); $response = $shield->handle($_SERVER, $_GET, $_POST, getallheaders()); if ($response !== null) { http_response_code($response['status']); foreach ($response['headers'] as $k => $v) { header("$k: $v"); } echo $response['body']; exit; }

What you get

  • Full PHP source code (MIT license)
  • Pattern ruleset with room to extend
  • WordPress plugin with admin UI
  • Laravel middleware + ServiceProvider
  • Symfony event subscriber
  • Demo site for testing
  • Unit tests included
  • Ready-to-ship Codecanyon zip (build script included)
  • Lifetime updates for v1.x