Lean Security
for WordPress

Nope. We obsess over WordPress performance. ArmorPro adds roughly 15ms to page load time and runs just 2 database queries. It's built to be lightweight from the ground up—the way WordPress security plugins should be.

Yes! ArmorPro plays nicely with WP Rocket, W3 Total Cache, LiteSpeed Cache, and pretty much every WordPress caching solution out there. We've tested extensively to make sure there are no conflicts.

ArmorPro includes an 8G Firewall with 138 rules across 6 categories and per-rule management, brute force protection with IP logging, security headers management (including HSTS, CSP, and Permissions-Policy), REST API protection, activity logs, two-factor authentication (TOTP), passkey authentication (WebAuthn/FIDO2), country blocking, custom login URL, email notifications, auto-blacklisting of repeat offenders, and CSV export. All features are included in every tier.

ArmorPro uses a full 8G Firewall with 138 individual rules across 6 categories: bad HTTP methods (TRACE, DELETE, CONNECT), SQL injection and malicious query strings, dangerous request URIs (shell files, config access, exploit paths), known malicious user agents (scanners, scrapers, attack tools), spam referrers, and malicious cookie values. Each rule can be individually enabled or disabled through the Rule Management panel. It also blocks XML-RPC requests and enforces REST API authentication.

ArmorPro's Rule Management panel lets you enable or disable any of the 138 individual firewall rules. Filter rules by category (methods, query strings, URIs, user agents, referrers, cookies), search by rule ID or description, and toggle the "disabled only" filter to quickly find rules you've turned off. Each rule has a human-readable description so you know exactly what it blocks. This is useful for resolving false positives without disabling an entire rule category.

ArmorPro includes TOTP-based two-factor authentication for WordPress that works with any authenticator app (Google Authenticator, 1Password, Authy, etc.). Each WordPress user sets up 2FA from their profile with a QR code scan. Backup codes are provided for account recovery. Admins can require 2FA for specific WordPress user roles.

Passkeys are a modern, passwordless authentication method using the WebAuthn/FIDO2 standard. Instead of typing a password, users authenticate with Face ID, Touch ID, Windows Hello, or a hardware security key. Passkeys are phishing-resistant since they're bound to the specific website and can't be reused elsewhere. Each user can register multiple passkeys (up to 10) from their profile page.

A license gives you access to updates and support for the number of WordPress sites included in your tier. Personal covers 1 site, Business covers up to 3 sites, and Agency covers unlimited sites. All tiers include the exact same features.

Yep! Business covers up to 3 WordPress sites, and Agency covers unlimited sites. Personal is for a single site. If you need to add more sites later, you can upgrade your tier at any time.

Annual subscriptions let us invest consistently in development, security updates, and support. You get a better, more actively maintained product, and we can keep prices accessible starting at just $29/year. It also means you are never stuck paying for a product that stops getting updates.

To continue receiving updates and support, your license needs to be renewed yearly. For your convenience, all purchases auto-renew. You can cancel anytime from your account—no hoops, no hassle.

Your plugin continues to work, but you will no longer receive updates or support. You can renew anytime to restore access. Your settings and data are never lost.

Yes. You can upgrade your license tier at any time from within your account. The cost difference is automatically prorated so you only pay the difference for the remaining time on your subscription.

The bundle includes all three SRWorks plugins: ArmorPro, CitedPro, and BoostPro. You save over 20% compared to buying them individually. Available in Personal ($69/yr), Business ($139/yr), and Agency ($299/yr) tiers.

We use Polar as our merchant of record, powered by Stripe for secure payment processing. You can pay with all major credit cards (Visa, Mastercard, American Express, Discover) or PayPal. All transactions are encrypted and PCI compliant.

Polar automatically handles all tax compliance as our merchant of record. They calculate and collect the appropriate sales tax, VAT, or GST based on your location. The tax amount (if any) will be shown at checkout before you complete your purchase.

Absolutely. You're fully protected by our 30-day money-back guarantee. If you're not happy, we'll refund your purchase—no questions asked. See our refund policy for full details.

Yes! Earn 20% commission for the first 12 months of any referred subscription and 10% on every renewal after that. It's free to join with no approval wait times. Visit our affiliates page to learn more and sign up.