Ensuring you never feel alone, we are here to provide prompt and efficient solutions to any challenges that may arise.

Contact us

Laravel Defender

Laravel Defender is a comprehensive, modular security package designed for modern Laravel applications. It allows you to monitor, detect, and block suspicious or malicious activities in a completely local, configurable manner without relying on external services.

Laravel Defender strengthens the security of any Laravel project without compromising privacy or exposing sensitive data, maintaining full control over your security data.

Key Features

  • Honeypot anti-spam protection: Blocks bots using hidden fields and time-based validation.
  • Suspicious activity logging: Real-time alert system with multiple channels.
  • Advanced pattern detection: Analyzes user-agents, routes, IPs, countries, and behaviors.
  • Brute force protection: Limits access attempts per IP and time intervals.
  • Security auditing: Automatically identifies unsafe configurations.
  • IP geolocation: Country-based access control with multiple providers.
  • Customizable middleware: Adapt to each project with flexible rules.

Intelligent Risk Pattern Detection

Defender analyzes request behavior and detects common patterns of automated or manual attacks:

  • Malicious user-agents: curl, wget, sqlmap, nmap, acunetix, and other automated scanners.
  • Known attack routes: /wp-admin, /xmlrpc.php, /phpmyadmin, /.env.
  • Generic credentials: admin, root, test, administrator, and other common usernames.
  • Geolocation: Block or allow access based on IP country of origin.
  • Brute force: Too many requests from the same IP within configurable time intervals.
  • Path traversal and fuzzing: Patterns like ../, etc/passwd, SQL injections.

Multi-Channel Alert System

When suspicious activity is detected, Laravel Defender sends alerts through various configurable channels:

  • Laravel Log: Native integration with the logging system.
  • Database: Local storage for querying and exporting via Artisan.
  • Email: Immediate notifications to configured addresses.
  • Slack: Direct alerts to your channel via webhook.
  • Custom Webhook: Integration with external systems or custom APIs.

Integrated Artisan Commands

Manage security directly from the console with powerful and flexible commands:

php artisan defender:audit          # Complete security audit
php artisan defender:ip-logs         # View suspicious IP logs
php artisan defender:stats           # Activity statistics
php artisan defender:export-logs     # Export logs in CSV or JSON
php artisan defender:prune-logs      # Automatically clean old logs

Advanced Security Auditing

The integrated audit reviews critical configurations of your Laravel project:

  • File exposure: Detects publicly accessible .env files.
  • Debug mode: Verifies that APP_DEBUG is disabled in production.
  • CORS configuration: Identifies overly permissive policies.
  • Cookie security: Validates secure session configurations.
  • Application keys: Checks that APP_KEY is secure.

Privacy and Total Control

Defender is designed with privacy as a priority:

  • 100% local: No data leaves your server.
  • No web interfaces: Only console and log access.
  • Configurable: You decide what to monitor and how.
  • Open source: Full transparency and contributions welcome.

Laravel Defender is the definitive security solution for Laravel applications: robust, private, configurable, and actively maintained by the community.

  • Mit

Have an idea or want to collaborate?

We love connecting with like-minded individuals and sharing knowledge. If you want to join us, propose a collaboration, or simply share your thoughts, reach out to us!

Connect with the Lab