Got a question or need a hand? We're here. We'll walk you through every stage of the project, from kickoff to delivery.

Laravel Defender is a modular, full-featured security package for modern Laravel applications. It lets you monitor, detect, and block suspicious or malicious activity entirely locally, fully configurable and without relying on external services.

Laravel Defender strengthens the security of any Laravel project without compromising privacy or exposing sensitive data, keeping you in full control of your security data.

Key features

  • Honeypot antispam protection: Blocks bots via hidden fields and time-based validation, either automatically on all forms or manually on specific routes.
  • Advanced pattern detection: Analyzes user-agents, known attack routes, generic credentials, and path traversal attempts in real time.
  • Brute force protection: Limits access attempts per IP within a configurable time window.
  • Dynamic IP blocklist: Block or unblock IPs from the command line, with temporary or permanent bans and fast cache-first lookups.
  • Country-based access control: Allow or deny traffic based on IP geolocation, with multiple supported providers.
  • Multi-channel alerts: Notifies every detected threat via log, database, email, Slack, or a custom channel.
  • Automated security audits: Detects unsafe configuration in your application with a single command.
  • Extensible by design: Fires events you can listen to from your own application to react to threats or blocks.

Smart threat detection

The package identifies malicious user-agents (curl, wget, sqlmap), common attack routes (/wp-admin, /xmlrpc.php), generic credentials, path traversal attempts, and fuzzing patterns, combined with IP geolocation for even more precise detection.

Alerts and activity logging

Every suspicious event can be logged to Laravel's log, stored in the database for later review, or sent by email or Slack. From the console you can query, export (CSV/JSON), get statistics, and prune old records with defender:ip-logs, defender:export-logs, defender:stats, and defender:prune-logs.

Extensible and integrated with your stack

Laravel Defender fires events (SuspiciousRequestDetected, IpBlocked) that you can listen to in your own application to add custom logic. If you have Laravel Pulse installed, the package automatically adds a dashboard card showing detected threats and the most active attacking IPs.

Privacy and full control

All processing happens locally: no data ever leaves your server to external services. The code is open source and fully configurable, and you decide what gets logged, where alerts are sent, and how long data is kept.

Compatibility

Compatible with Laravel 11, 12, and 13 (PHP 8.2 or higher), with translations included in Catalan, Spanish, and English.

  • Mit