Ensuring you never feel alone, we are here to provide prompt and efficient solutions to any challenges that may arise.

Contact us

Laravel Defender

Laravel Defender is a modular security package designed for modern Laravel applications. It allows you to monitor, detect, and block suspicious or malicious activity locally, with full control and no external dependencies.

Laravel Defender strengthens Laravel applications without compromising privacy or exposing sensitive data.

Main features

  • Honeypot-based spam protection for forms.
  • Suspicious request logging and real-time alert system.
  • Advanced risk detection (user-agents, routes, IPs, country restrictions, etc.).
  • Security audit to detect insecure configurations.
  • Customizable rules and middleware for full flexibility.

Advanced risk detection

Defender analyzes request behavior and identifies patterns typical of automated or manual attacks:

  • Suspicious user-agents (e.g. curl, sqlmap, automated scanners).
  • Access to common attack routes like /wp-admin or /xmlrpc.php.
  • Login attempts using generic usernames (admin, root, etc.).
  • Requests from blocked or non-allowed countries (via IP geolocation).
  • Brute-force attempts: too many requests from the same IP in a short period.
  • Path traversal or fuzzing patterns: ../ sequences, or known tools like sqlmap.

Flexible alert system

When suspicious activity is detected, Laravel Defender can send alerts through multiple channels:

  • Laravel log.
  • Database (for reviewing/exporting via Artisan).
  • Email (to configured recipients).
  • Slack (via webhook).
  • Generic webhooks (for custom integrations).

Database-stored logs can be reviewed from the console using built-in Artisan commands.

Defender does not expose any web interface: all data is stored locally and accessed securely from the console.

Security audit

The package includes a command to review typical misconfigurations in Laravel projects:

php artisan defender:audit

It helps you identify:

  • Publicly accessible .env file.
  • APP_DEBUG enabled in production.
  • Overly permissive CORS settings.
  • Session cookies lacking proper security flags.

Laravel Defender is 100% open source, easy to integrate, and actively maintained. Feedback and contributions are always welcome.

  • Mit

Have an idea or want to collaborate?

We love connecting with like-minded individuals and sharing knowledge. If you want to join us, propose a collaboration, or simply share your thoughts, reach out to us!

Connect with the Lab