This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Astra Security Suite – Firewall & Malware Scan


Astra Web Security is the go-to security suite for your WordPress website. With Astra, you don’t have to worry about any malware, credit card hack, SQLi, XSS, SEO Spam, comments spam, brute force & 100+ types of threats. This means you can get rid of other security plugins & let Astra take care of it all.

Astra is installed as an extension by following self-served, easy to follow steps (takes less than 5 minutes). It means there is NO need to change DNS settings, unlike other security plugins. We offer Web Application Firewall to protect your website in real-time, on-demand machine learning-powered malware scanner, immediate malware cleanup, community Security & Vulnerability Assessment & Penetration Testing (VAPT) to find all possible flaws & business logic errors.

Through our intuitive dashboard, you can manage all your website & it doesn’t come with a hundred buttons that make you feel like you’re a pilot in a cockpit!

Astra Web Security is a Techstars company & the winner of the French Tech Ticket Program. Awarded as The Most Innovative Security Company at the Global Conference on Cyber Security.

Astra’s vision is to make cyber security a five-minute affair for businesses.

Astra’s promise to a business owner is that their business would be secure without any ifs or buts. If a business is using Astra, they will be secure – no questions asked.


  1. Web Application Firewall (WAF)
  2. Robust community-powered security engine
  3. Installs as an extension in your website (No need to change DNS settings)
  4. Real-time SQLi, XSS, LFI & 100+ threats protection
  5. Malware scanning & removal
  6. Bad bots blocking
  7. Country blocking/whitelisting
  8. IP range blocking/whitelisting
  9. IP profiling & tracking
  10. Malicious file upload prevention
  11. Controlling file upload size
  12. Limiting upload by extension type
  13. Admin login activity logging
  14. Blocking automated vulnerability scanners
  15. Admin brute force protection
  16. Fake search engine bots blocking
  17. File Injection/Webshell protection
  18. Code Injection protection
  19. Directory traversal protection
  20. Automatic blocking of known hackers
  21. Layer 7 DDoS protection
  22. Smart honeypot system to trap hackers
  23. Rate limit web requests
  24. Automatic spam blocking
  25. Content stealing & scraping prevention
  26. Preventing spam comments
  27. Htaccess security
  28. No latency (Our turbo security engine takes less than0.002s to detect threats)

Hack Removal & Malware Scanner

  1. Website Anti-virus & Anti-malware engine
  2. Fixing SEO spam / SEO poisoning (Japanese, Pharma or Gibberish hack), website redirect hack, admin panel hack
  3. Fixing Credit Card or Payment Checkout Page hack
  4. Fixing defaced websites
  5. Backdoor removal
  6. Ever updating rules engine
  7. Powered by community learning
  8. Database security

Blacklist Monitoring

  1. Website Anti-virus & Anti-malware engine
  2. Fixing SEO spam / SEO poisoning (Japanese, Pharma or Gibberish hack), website redirect hack, admin panel hack
  3. Fixing Credit Card or Payment Checkout Page hack
  4. Fixing defaced websites
  5. Backdoor removal
  6. Ever updating rules engine
  7. Powered by community learning
  8. Database security

Intuitive Dashboard & Reporting

  1. Super easy to use dashboard
  2. Threat analytics
  3. Trusting or Blocking IPs / IP ranges
  4. Trusting or Blocking Countries
  5. Hourly admin area login summary
  6. Whitelist or Blacklist GET/POST/URLS
  7. Available in all major languages
  8. Information about threat origin country, browser, device, etc.
  9. One click security for your entire business

Continuous Reports to Keep You Posted (Email & Slack)

  1. Daily email reports giving summary of attacks stopped by Astra
  2. Hourly login summary to track successful & failed login attempts
  3. Slack notifications: set custom rules to notify specific events on slack

Human Support

  1. 24×7 chat & email support
  2. Our real human support, known to go an extra mile to bring a smile
  3. Giving hackers a friendly channel to report any vulnerability in your website
  4. Every vulnerability reported by hackers validated by our security experts and only valid submissions reach you
  5. Under the program policy, hackers cannot make any bugs on your website public

Astra Security Seal

  1. Shows you are a security conscious company
  2. Your customers feel more confident in sharing their personal information
  3. Leads to less shopping cart abandonment
  4. More conversions on the website – study would increase in 9.7% in conversion of one website due to Astra seal!

Product Demo

Astra Security Demo –

Benefits For Customers

More Security Gives More Confidence in your website.

With Astra protecting your website, customers do not have to worry about security of their information. Their data is secure & miles away from hackers. Credit card hacks, loss of person information etc can’t touch your website now

Our Clients

Brands like Hotstar, Oman Airways, FirstPost, Gillette, DollsKill, LIC, African Union, Ford, Oman Airways, Kotak Bank, Tata Power, Xeno & many more trust Astra for their security.

Common WordPress Malware Attacks Prevented by Astra

Astra’s WordPress security suite can help you to fix & prevent the below mentioned attacks.


  • The dashboard gives a bird’s eye view of your website’s security. It shows, the total number of attacks stopped, number of attacks vs the dates, the origin of the attacks, etc. This overview can be customized for the desired time-period.
  • The ‘Threats’ tab shows the details of the stopped threats like attack vector, attack origin, browser used, etc. A user can block/trust an IP/parameter using this section.
  • In the ‘Threats’ section, again, a user can define certain exception rules as specific to the nature of his work. Astra firewall will skip monitoring those requests/parameter.
  • You can whitelist request parameters, allow HTML/JSON code or disable Astra firewall on certain URLs. A successfully added exception will show in the list below
  • The ‘Login Activity’ tab shows the attempted and yet logins to your website. Each entry contains details like country, IP, etc. 6.The ‘Malware Scan’ tab is where a user can run malware scans. The results of which are also shown in this section. Details of malicious files are shown, plus it also enables a user to delete a malicious file from the dashboard itself.
  • The ‘Settings’ tab gives you a number of options to customize your experience even further.
  • Hub’ is where added security solutions for your website render. Like the ‘Health check’ ‘GDPR consent bar’ etc. You can expect to have more utilities here in the future.
  • The malware scan result reveal the security problems in your website. It also lists all the malicious files in the section named ‘Scan Results’.
  • The ‘Security Audit’ tab contains details of vulnerabilities found in the user’s website. It also categorizes the vulnerabilities on the basis of severity.
  • The ‘Security Audit’ tab details about each reported vulnerability on the website.


1.Install Astra Security automatically or by uploading the ZIP file.
2.Go to the installed plugins section and ‘Activate‘ the Astra Security plugin.
3.‘Astra‘ will render in the bottom left corner of your admin panel. Click on ASTRA.
4.If you are already a customer, click on the ‘Connect to Astra’ option. If you are a new customer, follow the steps shown there on the panel.
5. On clicking the ‘Connect to Astra‘ button, you will be taken to the Astra dashboard. Click on ‘Install‘ there and you are done.


Is Astra security plugin free to use?

No, it is a paid plugin. You need to choose a plan as per your website requirement from our pricing page. You can start as low as $24/month & can enjoy rock-solid WordPress security.

How does Astra pricing works?

We define a website as a Fully Qualified Domain Name (FQDN). When using Content Management Systems (CMS), a website is defined as a unique CMS installation. If an FQDN is linked with a sub-directory, it will require its own license.
For more info visit – How does Astra’s pricing work per domain or server

Will you clean my Malware infected website?

Yes, we have highly-skilled professionals who clean your hacked website the same day. We backup your website & use a combination of highly sophisticated automated tools & human intelligence to remediate your website. You are entitled to unlimited cleanups with an active subscription. Click here to get started.

Does your plugin conflict with WordFence/ithemes or any other security plugin?

Astra security plugin is highly tailored for WordPress & don’t conflict with any plugin or feature in your site. In case you face any problem we are just a message away. We are known for our super fast support.

Can I talk directly to the Support team?

Absolutely! Our security analysts are available via chat & email 24×7. All websites protected with Astra get amazing support backed by a highly-skilled engineering team.

Does my website become slow?

No, your website does not become slow. We have engineered Astra to scale with your website without any latency. Our security engine runs on your server & only takes 0.002s to detect threats. No need to change your DNS settings & route your traffic across the world. Astra will never slow down your website or create any downtime whatsoever.
We understand that website downtime can be costly and ensure that your website is back online in no time.

How does the Astra Security Firewall Work?

Astra’s hacker tested firewall protects your website against SQLi, XSS, LFI, RFI, Bad Bots, Spam & 100+ threats in real-time. Apart from OWASP’s top 10 threats found in websites, the firewall is tailored to protect against known CVE’s. Our intelligent firewall detects visitor patterns on your website & automatically blocks hackers with malicious intent. Further, you can use the Astra firewall in monitoring or blocking mode as per your preference.

Is core file changes included in Astra Security malware scanner?

Astra’s malware scanner tracks file changes to your website, plus any change in your website code is logged within the Astra dashboard where you can review them.
Astra’s machine-learning powered on-demand malware scanner is available to you 24×7. In addition to the Automatic daily scans, you can also schedule the scans in Astra malware scanner. Astra malware scanner is available to you whenever and as many times as you like. Please check screenshots & demo for more info.

How will I be alerted about a security problem?

The reporting and alerting in Astra is pretty straight-forward. The threats tab in the Astra dashboard gives you a bird’s eye view of your website’s security. You also get detailed drilled down information about the attacks stopped attacker’s profile, attack origin, most attacked areas of the website. Astra monitors 60+ security engines daily to check if your website has been blacklisted.

Will I get a security report?

Astra sends you daily/ weekly scan reports directly to your email as per your preference.

What blocking features does Astra Security Plugin Include?

With Astra, you get options to block/trust IP, IP ranges blocking/whitelisting, Geolocation blocking/whitelisting, Country blocking/whitelisting, Parameter blocking/whitelisting, etc.

Does Astra have an Agency plan?

Yes, Astra has a fully-fledged Agency plan. You can learn more about it here.

Is Astra compatible with multi-site installations?

Yes, Astra is compatible with multi-site installations. All the websites are easily managed within a single dashboard. Astra also provides a combined overview of all your sites. This eases the management for you.

What are Astra Security’s terms & conditions?

Here are the Terms & Conditions of the Service.

Does Astra Security check general website security?

Yes, Astra checks for cookie security, header security, HTTP security and 140+ other security measures in its ‘Health Check’ feature.

Where can I see customer testimonials of Astra Security?

Trustpilot & Capterra are two platforms where you can see Astra Security’s testimonials.


December 8, 2021
On their site they claim they will resolve a malware issue within 4-6 hours by purchasing this plugin. Two weeks after signing up and paying hundreds of dollars, they have failed to do even a basic scan of the site and are blaming the hosting provider – GoDaddy. The malicious code is still on the website and they have stopped responding to my requests for assistance. Overall 1/5 stars for not only failing to deliver on their promises, but also wasting my time and my client’s time when there is a serious breach that needs to be addressed immediately. Edit: following this review, I submitted one final request for help. Astra’s team responded by blaming GoDaddy again and refunding me. I would hope they remove their 100% success rate claim on their website, since they clearly cannot live up to it. We have engaged Sucuri to resolve the issue, and their system was able to scan the site and immediately detect the problem. Beyond frustrated with the run around and poor service provided by the Astra team.
June 7, 2021
Doesn’t work out of the box and is not clear that it is not a free or even a freemium plugin. Please put this in description. Had to install and then uninstall.
April 5, 2021
Astra Security I using after my site got hacked. Apparently, at that time, I even don’t know about Astra, I had old backups, and somehow I have restored my data. After that, I have purchased Astra Security (recommendation of my friend), and now my site is running without any issue. I liked that they provide these features at this kind of price level, and it is awesome. 1. Login Protection 2. Malware Scan 3. SEO Spam Protection 4. Security Audits 5. Great Support
March 19, 2021
Everything works fine could make more improvements in malware scanning area for chose not scan specific directories, but threat firewall works perfect have 90% decrease in bad request from third countries witch helps a lot
Read all 12 reviews

Contributors & Developers

“Astra Security Suite – Firewall & Malware Scan” is open source software. The following people have contributed to this plugin.



Initial public release of Astra Security Suite – Firewall & Malware Scan.