Been working well for years

I’ve been using it for years and have always found it to be solid and helpful. It’s one of the very first things I install on any WordPress installation I do. I’m using some but not all of the features.

The only thing I’d like to see added is some level of logging/reporting other than the email messages (which I actually just auto-filter into a folder), but I can also see how having the firewall log into the database could allow a “fill the logs” denial of service. Maybe something simple like a per-day numerical count of attacks by type (e.g. “SQL Injections”, “WP Keywords”, etc.). Right now it suffers the problem of many working security solutions – it’s hard to see that it’s doing anything unless you’re looking at the firehose of email notifications.