Search Over 30,000 FREE Plugins from the Official WordPress Plugin Directory Repository

Pike Firewall

Pike FIrewall stands for limiting actions to the users that came from anonymous traffic sources, IDS for wordpress and robots verification/monitoring.

Most of the time anonymous traffic sources are used to enumerate vulnerabilities of our online product, to perform attack or to be used as a spam source. This plugin allow us to limit the actions that coud be performed by the users that are coming from this sources using free services. Could be upgraded to premium or could be set up any url to service that will give you response in the described json format. Premium list is updated on real time, free on 2+ hours (during BETA service period is the same as premium) and has its own caching mechanism so isn't affect the speed of the WP instance. In case you need the realtime blocking service and detailed offline database created with data mining on the past service results feel free to contact us at contact [at] hqpeak [d0t] com

With this plugin you can apply following constraints to this type of traffic:

  • Filter human from bots visits displaying captcha to verify
  • Visits (Can acess public content on the site)
  • Comments (Can post comments)
  • Registration (Can register for the site)
  • Subscription (Can subscribe)
  • Administration (Can access administration panel - do not tick this one :) )
  • Request (Can send POST requests)
  • Ban any action on the WP instance based on name/key of the request

Intrusion Detection

We introduce our IDS for wordpress with this release. You can do the following:

  • Block POST requests without set up User Agent or User Agent that is popular development library ( used for crawling websites ) e.g. web crawlers
  • Block POST requests originating from another domain (CSRF)
  • Stop user enumeration
  • Identify proxy traffic via HTTP headers

File integrity check!

Crawlers verification and monitoring

  • make sure ( google, yahoo, bing and yandex ) crawlers are never blocked even if you add some extra ranges for blocking
  • block fake crawlers that pretend to be valid one
  • monitor crawler activity to better understand popular crawlers behaviour and use it to get better SEO results
Author HQPeak
Contributors hqpeak
Tags attack, bing, bots, cloud, crawlers, fake crawlers, firewall, GeoIP, google, hosting, malware, marketing, proxy, ransomware, robots, security, spam, tor, vpn, yahoo, yandex
  1. pike-firewall screenshot 1

    Pike Firewall settings panel at its default state

  2. pike-firewall screenshot 2

    Pike Firewall settings panel at its default state

  3. pike-firewall screenshot 3

    Pike Firewall settings panel at its default state

  4. pike-firewall screenshot 4

    Pike Firewall logs

  5. pike-firewall screenshot 5

    Pike Firewall blocked request

  1. Extract PikeFirewall archive to the /wp-content/plugins/ directory
  2. Activate the plugin through the 'Plugins' menu in WordPress
  3. Access the administration area Dashboard -> Pike Firewall


Bug fix: ip2long passed towards gethostbyaddr


New features and new UI


Bugfix: Fixed data updating


Feature: white list ip addresses Improvement: Prevent inserting not matching ip patterns ( ipv6 in our case )


Fix: doesn't block own ip + tor browser captcha


Fake crawlers monitoring fix and error page improvement. Added index.php files for omitting directory listing.


Added apache access logs analyzer with Export to csv functionality. Added file system changes changes scanner and log functionality.


Facebook crawlers monitoring/whitelist and http clients filtering used by automated scripts


Checkboxes that let you choose which rules to include/use for blocking / monitoring ( Tor, Proxy, Datacenters )


Google, yahoo, bing and yandex crawlers verification, logging their behaviour and blocking fake crawlers pretending to be valid.


Announced Intrusion Detection for WP with its first features Extended user agent blocking list


This is the initial released version.

What if I have problems activating the plugin?

For any problem you face with the plugin activation, please visit support forums or contact us at

Does this plugin work with newest version of WordPress and also with older versions?

Yes, this plugin works really fine with WordPress 3.8.1! It should also work with earlier versions, but the testing was done at the latest stable version and that is 3.8.1, so you always should run the latest WordPress version to escape possible problems.

Do I have to set up the settings every time I activate the plugin?

Yes. Every time the plugin is activated its options are set to default values, so it means you have to set them up again.

How many request parameters can I put in the textarea to limit the user by request?

No limit at all. You can put as many parameters in the textarea as you want. The plugin will recognize any request parameter in the URL and stop the user immediately.

What is allowed to the anonymous users by default?

By default, anonymous users are allowed just to visit the site and read its public content. As you might guess, you can deny this too, so the anonymous user is stopped before reaching your site.

Version 1.4.1

Requires WordPress version: 3.8.1 or higher

Compatible up to: 4.7.2

Last Updated 17 Jan 2017

Date Added: 18 May 2016

Plugin Homepage


5 stars
1 ratings


Not Enough Data

Works: 0
Broken: 0