Title: CrowdSec Author: CrowdSec - lightweight and collaborative security engine Published: janvier 14, 2021 Last modified: janvier 9, 2026 --- Search plugins ![](https://ps.w.org/crowdsec/assets/banner-772x250.png?rev=2458086) ![](https://ps.w.org/crowdsec/assets/icon-256x256.png?rev=2456257) # CrowdSec By [CrowdSec – lightweight and collaborative security engine](https://profiles.wordpress.org/crowdsec/) [Download](https://downloads.wordpress.org/plugin/crowdsec.2.13.1.zip) * [Details](https://tah.wordpress.org/plugins/crowdsec/#description) * [Reviews](https://tah.wordpress.org/plugins/crowdsec/#reviews) * [Installation](https://tah.wordpress.org/plugins/crowdsec/#installation) * [Development](https://tah.wordpress.org/plugins/crowdsec/#developers) [Support](https://wordpress.org/support/plugin/crowdsec/) ## Description The CrowdSec plugin proactively blocks requests coming from known attackers. It does so by either directly using CrowdSec Blocklists Integration or by connecting to your CrowdSec Security Engine. #### Key Features: * **Instant CrowdSec Blocklist**: Quickly block known WordPress attackers in a few clicks. * **Detect and block** admin bruteforce attempts and scans of your WordPress Site. * Remediation metrics: Enabling you to see the efficiency of the protection. * (Console Users) Plug any of your existing Blocklist Integrations. * (CrowdSec Security Engine Users) Apply decisions and subscribed blocklist of your security engine within WordPress. You can: 1. Block aggressive IPs 2. Display a captcha for less aggressive IPs ## Screenshots * [[ * The general configuration page * [[ * Customize the wall pages – Adapt the « captcha wall » page text content with your own * [[ * Customize the wall pages – Adapt the « ban wall » page text content with your own * [[ * Customize the wall pages – Adapt the pages with your colors. You can also add custom CSS rules. * [[ * Advanced settings – Select live or stream mode. Select a cache engine (Classical file system, Redis or Memcached). Adjust the cache durations. * [[ * Advanced settings – Set the CDN or Reverse Proxies to trust and configure Geolocation feature. * [[ * The standard Captcha page * [[ * The standard Ban page * [[ * Captcha wall page customization (text and colors) * [[ * Ban wall page customization (text and colors) * [[ * The remediation metrics table ## Installation Check [Full Documentation](https://doc.crowdsec.net/u/bouncers/wordpress) for more details Multiple ways you can use the plugin – [Instant WordPress Blocklist](https://doc.crowdsec.net/u/bouncers/wordpress/#instant-wordpress-blocklist)– easiest – [Blocklist as a Service Integration](https://doc.crowdsec.net/u/bouncers/wordpress/#blocklist-as-a-service-integration)– your blocklist catalog – [Connect it to your CrowdSec Security Engine](https://doc.crowdsec.net/u/bouncers/wordpress/#crowdsec-wordpress-bouncer-plugin---user-guide)– advanced & most complete ## FAQ ### Do I need to install CrowdSec Security Engine? * Not necessarily, you can connect it directly to a CrowdSec Blocklist Integration endpoint - Via [Instant WordPress Blocklist](https://doc.crowdsec.net/u/bouncers/wordpress/#instant-wordpress-blocklist) - Or [Blocklist as a Service Integration](https://doc.crowdsec.net/u/bouncers/wordpress/#blocklist-as-a-service-integration) * You can of course [connect it to a security engine](https://doc.crowdsec.net/u/bouncers/wordpress/#crowdsec-wordpress-bouncer-plugin---user-guide) if you have one ## Reviews ![](https://secure.gravatar.com/avatar/dd8cef4c70bb3a14f5922eb54c92a8166947a303f44eb4a89a954cee4defad6f? s=60&d=retro&r=g) ### 󠀁[Great plugin](https://wordpress.org/support/topic/great-plugin-39546/)󠁿 [tinaponting](https://profiles.wordpress.org/ponting/) septembre 27, 2024 Protects my blog very well from all these nast bots:) ![](https://secure.gravatar.com/avatar/f388e4051c3559106726d93ab32b4139030ec27d99fc25525275cf34d5e8ead7? s=60&d=retro&r=g) ### 󠀁[Excellent Support](https://wordpress.org/support/topic/excellent-support-1908/)󠁿 [xivos01](https://profiles.wordpress.org/xivos01/) février 15, 2023 Crowdsec is pretty amazing, easy to set up even if you’re not a security expert, and the documentation is straightforward. The plugin is very well supported, and they don’t just blame plugin conflicts, but actually try to understand the problem and help. I would love to see support for multisite, in the form of having network- wide options instead of having to configure the plugin individually per site. ![](https://secure.gravatar.com/avatar/b0708a38c59408d4d04734eb7be2a550bd338bcbb974cdef7c44e18841765670? s=60&d=retro&r=g) ### 󠀁[CrowdSec Plugin Crashes WordPress 6.01 Website](https://wordpress.org/support/topic/crowdsec-plugin-crashes-wordpress-6-01-website/)󠁿 [datapioneer2](https://profiles.wordpress.org/datapioneer2/) juillet 16, 2022 1 reply My WordPress server & installation (including PHP version) met or exceeded all requirements. I was running WordPress 6.01 which apparently hasn’t been tested. After downloading and activating the plugin, my site experienced a « Critical Error 503 » error and I was unable to access the Admin Dashboard. I was able to overcome this restriction after 2 hours and 15 minutes and deactivating and deleting the CrowdSec plugin allowed me to regain control of my Admin Dashboard and the website was back online. ![](https://secure.gravatar.com/avatar/ba076990f154bf6400f22904f714197ede8c9110cb079159b76af47489b920ad? s=60&d=retro&r=g) ### 󠀁[Génial](https://wordpress.org/support/topic/genial-455/)󠁿 [azimut2000](https://profiles.wordpress.org/azimut2000/) février 4, 2021 Dans l’attente de nouvelles versions… ![](https://secure.gravatar.com/avatar/072d4f75a1e67974984952de750f4bc98e0bd62b35296fbc009f6e49c6929a54? s=60&d=retro&r=g) ### 󠀁[A must have 🙂](https://wordpress.org/support/topic/a-must-have-422/)󠁿 [CrowdSec – lightweight and collaborative security engine](https://profiles.wordpress.org/crowdsec/) janvier 14, 2021 This plugin helps to keep a site well protected. Don’t hesitate to get it. [ Read all 5 reviews ](https://wordpress.org/support/plugin/crowdsec/reviews/) ## Contributors & Developers “CrowdSec” is open source software. The following people have contributed to this plugin. Contributors * [ CrowdSec – lightweight and collaborative security engine ](https://profiles.wordpress.org/crowdsec/) “CrowdSec” has been translated into 1 locale. Thank you to [the translators](https://translate.wordpress.org/projects/wp-plugins/crowdsec/contributors) for their contributions. [Translate “CrowdSec” into your language.](https://translate.wordpress.org/projects/wp-plugins/crowdsec) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/crowdsec/), check out the [SVN repository](https://plugins.svn.wordpress.org/crowdsec/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/crowdsec/) by [RSS](https://plugins.trac.wordpress.org/log/crowdsec/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 2.13 (2025-12-12) * Allow sending remediation metrics even with a Blocklist as a Service (BLaaS) LAPI #### 2.12 (2025-12-05) * Remove Blocklist as a Service (BLaaS) subscription button #### 2.11 (2025-06-02) * Add Blocklist as a Service (BLaaS) subscription button #### 2.10 (2025-05-09) * Add Usage Metrics table in UI * Handle BLaaS LAPI specific behavior #### 2.9 (2025-02-21) * Add usage metrics support #### 2.8 (2024-12-13) * Disable « Public Website only » setting by default #### 2.7 (2024-12-12) * Add AppSec component support #### 2.6 (2024-03-14) * Move logs and cache folders to `wp-content/uploads/crowdsec` folder * Add a `Enable auto_prepend_file mode` setting. #### 2.5 (2023-06-01) * Add WordPress multisite compatibility #### 2.4 (2023-04-28) * Use absolute path for TLS files * Use absolute path for geolocation files * Add an action after plugin upgrade to recreate standalone settings file #### 2.3 (2023-04-06) * Add access restriction for some folders #### 2.2 (2023-03-30) * Do not use cache tags * Do not rotate log files #### 2.1 (2023-03-23) * Add custom User-Agent debug setting #### 2.0 (2023-02-09) * All source code has been refactored using new CrowdSec PHP librairies #### 1.11 (2022-12-22) * Add LAPI request timeout setting #### 1.10 (2022-12-01) * Modify ban and captcha walls templating for W3C validity #### 1.9 (2022-09-15) * Add TLS authentication option #### 1.8 (2022-08-04) * Add `use_curl` configuration: should be used if `allow_url_fopen` is disabled and `curl` is available * Add `disable_prod_log` configuration * Change log path to `wp-content/plugins/crowdsec/logs` * By default, the `bouncing_level` setting is now `bouncing_disabled` (instead of `normal_bouncing`) #### 1.7 (2022-07-20) * Add geolocation feature #### 1.6 (2022-06-30) * Add « Test bouncing » action in settings view #### 1.5 (2022-06-09) * Use cache instead of session to store some values #### 1.4 (2022-04-07) * Do not bounce PHP CLI #### 1.3 (2022-02-03) * Use static settings only in standalone mode #### 1.2 (2021-12-09) * Fix issue that cause warning message error on front in standalone mode * Fix behavior : bounce should not be done twice in standalone mode * Remove useless configuration to enable standalone mode #### 1.1 (2021-12-02) * Use `0.14.0` version of crowdsec php lib * Handle typo fixing for retro compatibility (`flex_boucing`=>`flex_bouncing` and` normal_boucing`=>`normal_bouncing`) * Split of debug in 2 configurations : debug and display_errors #### 1.0 (2021-06-24) * Add Standalone mode: an option allowing the PHP engine to no longer have to load the WordPress core during the bouncing stage. To be able to apply this mode, the webmaster has to set the auto_prepend_file PHP flag to the script we provide. * Add debug mode: user can enable the debug mode directly from the CrowdSec advanced settings panel. A more verbose log will be written when this flag is enabled. * Add WordPress 5.7 support * Add PHP 8.0 support [Read the full Changelog](https://github.com/crowdsecurity/cs-wordpress-bouncer/blob/main/CHANGELOG.md) ## Meta * Version **2.13.1** * Last updated **3 mois ago** * Active installations **2 000+** * WordPress version ** 4.9 or higher ** * Tested up to **6.9.4** * PHP version ** 7.2 or higher ** * Languages * [English (US)](https://wordpress.org/plugins/crowdsec/) and [Spanish (Mexico)](https://es-mx.wordpress.org/plugins/crowdsec/). * [Translate into your language](https://translate.wordpress.org/projects/wp-plugins/crowdsec) * Tags * [captcha](https://tah.wordpress.org/plugins/tags/captcha/)[ip blocker](https://tah.wordpress.org/plugins/tags/ip-blocker/) [security](https://tah.wordpress.org/plugins/tags/security/) * [Advanced View](https://tah.wordpress.org/plugins/crowdsec/advanced/) ## Ratings 5 out of 5 stars. * [ 5 5-star reviews ](https://wordpress.org/support/plugin/crowdsec/reviews/?filter=5) * [ 0 4-star reviews ](https://wordpress.org/support/plugin/crowdsec/reviews/?filter=4) * [ 0 3-star reviews ](https://wordpress.org/support/plugin/crowdsec/reviews/?filter=3) * [ 0 2-star reviews ](https://wordpress.org/support/plugin/crowdsec/reviews/?filter=2) * [ 0 1-star reviews ](https://wordpress.org/support/plugin/crowdsec/reviews/?filter=1) [Add my review](https://wordpress.org/support/plugin/crowdsec/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/crowdsec/reviews/) ## Contributors * [ CrowdSec – lightweight and collaborative security engine ](https://profiles.wordpress.org/crowdsec/) ## Support Issues resolved in last two months: 0 out of 1 [View support forum](https://wordpress.org/support/plugin/crowdsec/) ## Donate Would you like to support the advancement of this plugin? [ Donate to this plugin ](https://crowdsec.net/)