Pareto Security



Had enough of the security theatre presented by the raft of WordPress security plugins? Time to put a stop to the attacks!

Firstly WordPress and most other CMS\’s are built using PHP. PHP is a very insecure programming language, even worse in the hands of amateurs.

WordPress has been plagued by plugins authored by amateurs that bring with them security vulnerabilities.

Security plugin designers mostly focus on cleaning up attacks rather than stopping them dead in their tracks.

Pareto Security class acts as a Central Security Hub checking all inputs from users, preventing bad requests from executing on your website.

  • Real Attack Prevention that can be achieved via a plugin
  • Automatic Blacklist Management
  • Easy-To-Use
  • No customisation needed
  • Works silently, you only get notified when you really want to be notified
  • Completely Free
  • and much more…


  • Pareto Security Protection identifies and blocks malicious traffic.
  • Pareto Security Protection dynamic IP Blacklist protects your site while reducing load.
  • Protects your site at the entry-point, disabling attack peneration of your WordPress site.
  • Erweitert die eingebaute Sicherheit von WordPress und verteidigt deine Webseite gegen Verwundbarkeit durch schlecht programmierte Plugins.
  • [disabled] Optionally prevent Tor users/bots from interacting with login forms and search functions of your site while still allowing them to view your site.
  • Erlaube optional nur Standard-Webclients und vertrauenswürdigen Crawlern den Zugriff auf deine Website, um andere davon abzuhalten.


  • Monitor blocked attack attempts
  • Optionally receive notifications of REAL attack attempts that Pareto Security has blocked

A Word on Security:

Aufgrund der Natur von Plugins sollte kein Plugin jemals behaupten, eine Web Appicaltion Firewall zu sein.

No security plugin can save your website from really-really badly written site, theme and/or plugin code.

No security plugin can save your site from attacks that result from when administrators do not follow basic security practices.

Keeping any CMS as secure as possible is not easy. The very best thing you can do to prevent attacks is to always keep your website code, themes and plugins up to date, and remove any plugins and themes you are not using.


  • Automatische Einrichtungsschritte
  1. Upload /pareto-security/ to the /wp-content/plugins/ directory
  2. Aktiviere das Plugin über das Plugins-Menü in WordPress


How does Pareto Security protect sites from attackers?

The Pareto Security developers understand how PHP – the coding language in which WordPress is written in, can be exploited. Pareto Security principles of protection stop these attacks at the entry point.

Wie funktioniert Pareto Security Protection?

  • Pareto Security Protection stops you from getting hacked by identifying malicious requests before they can access your website.
  • Unlike other very popular plugins, Pareto Security prevents malicious files from being uploaded into your WordPress site
  • Optionally prevents vulnerability scanners like WPScan from probing your websites defenses.

What checks does the Pareto Security Scanner perform?

  • Scans all input requests (GET, POST, REQUEST, COOKIES, SERVER) for malicious intent. If an input validation application does this well, there is no need to then scan files in your website file repository – They should never be there in the first place!

What security monitoring features does Pareto Security include?

  • A log of real attack attempts that were blocked by Pareto Security
  • An optional log of medium and low risk attack that were prevented from executing on your WordPress site

How will I be alerted if my site has a security problem?

Pareto Security sends attack alerts via email. Once you install Pareto Security you can enabled email notifications. You will never be flooded with notifications as Pareto Security only sends notifications of high risk attacks that have been blocked.

Do I need other security plugins or cloud based firewalls?

Pareto Security provides true entry-point security for your WordPress website. Pareto Security does not prevent or have conflict with other webserver security addons and hardware web application firewalls.

What blocking features does Pareto Security include?

  • Real-time blocking of attackers and repeat attackers.
  • Prevents vulnerability scanners from scanning your wordpress website

How can I contribute to the cause

Donations via:
Go to

Do you have an email contact?

Email me at

Other contacts:


8. November 2022
Раньше работал нормально, внезапно что-то произошло и в админку сайта стало не зайти. Удалил плагин, все починилось.
1. Oktober 2021
Have yet to test it but after reading about it and what others have said I’m pleased 🙂 The author has some good points many do rely on scare tactics … and too much bloat… This plugin has no bloat whatsoever.
1. Oktober 2021
…security to your website. In a simple, but yet effective way. Thanks!
Alle 20 Rezensionen lesen

Mitwirkende & Entwickler

„Pareto Security“ ist Open-Source-Software. Folgende Menschen haben an diesem Plugin mitgewirkt:


„Pareto Security“ wurde in 1 Sprache übersetzt. Danke an die Übersetzerinnen und Übersetzer für ihre Mitwirkung.

Übersetze „Pareto Security“ in deine Sprache.

Interessiert an der Entwicklung?

Durchstöbere den Code, sieh dir das SVN Repository an oder abonniere das Entwicklungsprotokoll per RSS.


= 3.2.9
* Update to filters

= 3.2.8
* Fix unassigned variable error
* Update of quic cloud ip range

= 3.2.7
* Fix for warning message when CRONTAB executed

= 3.2.6
* Fixed bug in Tor Detection
* Fixed bug in lockdown trigger mode

= 3.2.5
* Shifted Arbitrary File Upload prevention for non-logged in users to Hard Ban Mode