Visitor Sentinel
Visitor Sentinel is a security and traffic analysis plugin for WordPress. It combines real-time attack detection with an active deception layer, so an attacker is not just noticed — they are lured into giving themselves away.
Detection
- Records site visits (IP, page visited, user-agent, device/browser, account type).
- Analyzes every request in real time using multiple heuristics: unusual request rate, user-agent associated with scanning/attack tools, requests to sensitive resources (wp-config.php, .env, .git, etc.), repeated failed logins, credential-stuffing patterns, XML-RPC abuse, invisible honeypot fields on login/comment forms, submission-timing checks, and scanning of non-existent pages (404).
- Calculates a risk score per IP address and automatically applies a temporary block once the score exceeds the configured threshold — sheer browsing volume alone never triggers a block, only genuine attack/bot/spam signals do.
- If a temporarily blocked IP continues suspicious activity or is blocked repeatedly, it is automatically switched to a permanent block.
Deception layer (honeypots & honeytokens)
- A decoy backup file (honeyfile) at a random, unlinked URL — any access to it is conclusive proof of directory scanning.
- A decoy admin username that was never a real account — any login attempt against it is an instant, certain block.
- A decoy REST endpoint that hands out a fake API key — using that key anywhere is what triggers the block, not merely finding it.
- A hidden spam-trap email address planted only where scrapers read markup — if it ever comes back in a submitted form, that visitor harvested this exact site.
- Every one of these bypasses the normal scoring threshold entirely: interacting with any of them is treated as certain malicious intent, not a „maybe.“
Management & visibility
- Optional email alerts whenever an IP is blocked or escalated, and one-click CSV export of the blocked IPs list.
- A complete control panel: a live dashboard, an auto-refreshing visitor log, a list of blocked IPs with details about the block reason, and options to unblock, extend, or change the block type (temporary/permanent).
- Displays, to logged-in users and optionally guests, a discreet badge showing how many people are on the site right now, updating live in the browser without a page reload.
- Fully responsive admin panel, usable on desktop, tablet, and phone.
All text is translation-ready. The plugin loads no external resources (CDN) and does not enable any third-party tracking. The only optional external call is described in the FAQ below, and it is off by default.
External services
This plugin connects to one third-party service, and only for a single, optional, off-by-default feature:
IP-to-country lookup (ip-api.com) — used only if you explicitly enable „Show country flags next to IPs“ in Settings. When enabled, and only then, each new IP address seen by the plugin is sent to ip-api.com so it can look up which country it belongs to. Nothing else about the visitor (no page content, no personal data, no credentials) is sent. Results are cached locally for 30 days so the same IP is never looked up twice. If you never enable this setting, the plugin makes no external requests at all.
Service provided by ip-api.com: Terms of Service and Privacy Policy.
