Discussion on Project SECURITY – Website Security, Antivirus & Firewall


Antonov_WEB supports this item


This author's response time can be up to 1 business day.

259 comments found.


Question before purchase

1) Does your plugin have the same functions? Than this plugin here. ninjafirewall ?

2) The plugin also protects the domain and subdomain. On the same server In a single installation.

Thank you

Yes, you will receive integration code at the end of the installation process. Use it to connect your website with Project SECURITY.

Detailed instructions: https://codecanyon.net/item/project-security-website-security-antivirus-firewall/15487703/faqs/27370


One last question: Does the plugin protect the entire server? I’m talking about domains and subdomains. On this server I only have a site with = a domain and a subdomains. It is necessary to install the plugin on the main domain it can manage the other subdomains? I would like to protect the entire server

Thank you

Yes, the entire server can be protected. If domains and subdomains use same file storage and databases you will have to install the script only once.

im testing Layer 7 your project is bad fix :) http://prntscr.com/g3pyd1 contact me for more test https://fb.com/SW.THL

Why would the Project SECURITY ban my IP address? It said it was a bad bot, but clearly it’s not. I’ve checked for malware and viruses and I’m all clean.


Send me a screenshot of the Log via the Contact Form and I will help you.

Hello everyone, it would be nice to add the possibility of selecting all ip to erase them all at once because if you want to erase it is one by one and it is very very long if not super product

yes to page ip Bans page

It would already be good thank you for having answered as quickly

Okay, this feature will be added in the next update. :)

ok thank you ;)

do I install in a subdomain or i create a new directory and install it there?

It is recommended to install it in a subfolder on your website, but you can install it where you want.

Detailed instructions: https://codecanyon.net/item/project-security-website-security-antivirus-firewall/15487703/faqs/27370

I keep getting this error feedback despite my entry being correct.

Database connecting error! Please check your connection parameters.

Please what should i do?

Prove me that you have a valid license and I will be able to help you.



Once installed, it will not slow down the site?

Thank you


There is no error handling with cURL connect for proxy and geoip detection services. If anything went wrong e.g. the service is not reachable or timeout, my project ist not protectet and don’t get noticed. This should be implemented.

There are integrated alternative functions in the latest update in case cURL function fails.

And these alternately functions calls can fail too. My point ist to get informed by mail or error log, if something went wrong.

The alternative functions are local and won’t fail. In the next update the Dashboard is improved and you can check API Status on it.

Check the online demo.


First of all I have to say it is a nice system. Not very well coded but it works awesome.

I’ve searched in your code and I figured out that the password hashing method is base64. Thats not a hashing method that is an encryption method. If someone hacks into my database he could easily get my password and hack into the system. I have edited the code so it uses another hashing method for me but someone who doesn’t have the coding skills has an unsecure system There was a comment before about this issue and you said that you use base64 when you want to recover a password. But it is a lot safer when you generate a new password when someone wants to recover their password. When this isn’t fixed I higly recommend poeple to NOT USE this system. For those who want a quick solution to edit this I’ve created a solution. You can find it here. It tells you how to quick switch from base64 to sha265 by edit some lines

There is something else. When you enable all bad bots protection you are unable to get meta data at site info. I’ve solved it by disable Anonymous bod protection but it isn’t a clear solution.

Please fix the issues. It is a very nice system and it works very well but

I remember me. Maybe you should create a documentation about how to upgrade to a newer version without lose of all your settings/logs etc

I add new functions / settings in the most of the updates and clear installation is recommended. You can back up the “logs”, “bans” tables and then re-import them, but all other tables are usually modified with the updates.

Ok thanks

Dear sir i got this error on upload this

The file you uploaded, codecanyon-15487703-project-security-website-security-antivirus-firewall.zip, contains a virus so the upload was canceled:

YARA.r57shell_php_php.UNOFFICIAL FOUND

Maybe you got an older version when the product was selected for “Free file of the month”. Buy a valid license and you will receive support and updates.

please sir i will buy i am sure its good product just make it runable to check in my server please , i got this free i agreed but it should be run , please

I can’t help you if you do not have a valid license.

How can I upload malware-scanner.php?

Encrypt this .php file with online php encoder tool and try to upload it.

where i have to copy this in index.php or where??

include_once “security/project-security.php”;

Hi Antonov_WEB,

We have tested your free offer.It seems very impressive.I think your script only can protect one signal domain in a specific server.? If we want to protect an another websites which is outside the server ,is it possible, to do so by including your code ?

Thank you! Kind Regards,

Yes, this is possible. The article from the FAQ that I sent you describes the procedure.

Project SECURITY should be installed on all servers if they are hosted on different places and if they are using different file storage / database.

Detailed installation instructions: https://codecanyon.net/item/project-security-website-security-antivirus-firewall/15487703/faqs/27370

Sorry to disterb u again ,when hosted on different server , is it required to install the Project SECURITY again and again in deferent servers? does it mean purchasing an another license? what do you mean by ‘Lite Installation Option ’ ? do you have any video explaining the complete operation?

Yes, if they are not using same file storage, database.

In the installation wizard you can choose between two versions: Main & Lite. Lite version is used to be managed by a remote Main version.

1 license per single installation / domain is needed – https://codecanyon.net/licenses/standard


demirbey Purchased

Hi Antonov,

When i able AdBlocker Detection it’s not working. How can i fixed?

If you have enabled lists in your AdBlocker that are blocking AdBlocker Detectors they can brick this function. Disable these lists.

After you enabled this option clear the cache of the whole website and your web browser’s cache, too.


demirbey Purchased

There is not in the list.

Clear the cache and try again.


webtrader Purchased

Hi Antonov If i check the whitelist country option, it doesnt work. I had add Germany on the list, but USA and all other countries can have also access to the website, but all other countries should be blocked. Can you please check it? thank you I have tested it with browsershots.org


Send me temporary FTP & Database details (+ URL for testing) via the Contact Form and I will help you with this issue.

Dear Sir/Madam, I would like to know how can i turn this into a SaaS app if i buy extended license for this?

According to your instructions, It’s told that some source files need to be installed on the end-user server. Are they the source files of the entire script or only some files need to be installed on the end-user side?

But the extended license doesn’t allow to expose the source files of this script to the end user. Can you please suggest some way here?

Thanks, Sai.


To make it SaaS you will have to integrate a 3rd party payment system.

Extended license does not allow unlimited usage. Single license per each installation / domain is needed.

Installation process for the end-server and end-user is the same. All files should be uploaded.


I would like to know if there are any plans to implement features such as hiding administrator dashboard (wp-admin / wp-login.php), changing path of theme / plugin folders, wp-content etc.

In future I can create a WordPress version of the script. I won’t add WordPress functions in the current version because it is in category PHP Scripts (not WordPress Plugins) and will be incorrect.

Understood, thank you for replying incredibly quickly. I would most definitely consider purchasing the WordPress version as soon as you release it.


slejo Purchased

Please explain. In what way you can SQL INJECT with query:


This is GET passed word szukaj=motorówka with polish national letters converted.

your script blocks it inproperly. There is no possibility to SQL inject using this signs. In this case blocking is too sensitive.

Sorry for the inconvenience. This is a false-positive detection that will be fixed in the next update.

Send me temporary FTP details via the Contact Form and I will fix this issue.

bug: on Monitored Websites page whan you monitor a lite install v2.5 you cant scroll in the page


Send me temporary FTP details and I will fix this issue.