Got a question or need a hand? We're here. We'll walk you through every stage of the project, from kickoff to delivery.
Laravel Defender is a modular, full-featured security package for modern Laravel applications. It lets you monitor, detect, and block suspicious or malicious activity entirely locally, fully configurable and without relying on external services.
Laravel Defender strengthens the security of any Laravel project without compromising privacy or exposing sensitive data, keeping you in full control of your security data.
The package identifies malicious user-agents (curl, wget, sqlmap), common attack routes (/wp-admin,
/xmlrpc.php), generic credentials, path traversal attempts, and fuzzing patterns, combined with IP
geolocation for even more precise detection.
Every suspicious event can be logged to Laravel's log, stored in the database for later review, or sent by
email or Slack. From the console you can query, export (CSV/JSON), get statistics, and prune old records with
defender:ip-logs, defender:export-logs, defender:stats, and
defender:prune-logs.
Laravel Defender fires events (SuspiciousRequestDetected, IpBlocked) that you can
listen to in your own application to add custom logic. If you have Laravel Pulse installed,
the package automatically adds a dashboard card showing detected threats and the most active attacking IPs.
All processing happens locally: no data ever leaves your server to external services. The code is open source and fully configurable, and you decide what gets logged, where alerts are sent, and how long data is kept.
Compatible with Laravel 11, 12, and 13 (PHP 8.2 or higher), with translations included in Catalan, Spanish, and English.