Local Shield or Community Network: Two Ways to Run Hive
WordPress threat intelligence only helps if it reaches you before the password is checked. ReportedIP Hive runs in two modes: Local Shield, which is fully offline, and Community Network, where every protected site becomes a sensor for every other.
This guide explains the difference, what crosses the wire in Community mode, and why neither choice holds any protection hostage.
What is ReportedIP Hive?
ReportedIP Hive is a complete WordPress security plugin — 12 attack sensors, four 2FA methods and progressive blocking — that can run with or without the community network. The plugin is free and GPL-2.0 either way. The full ReportedIP Hive feature set sits on the product hub.
Local Shield: fully offline
In Local Shield mode every sensor decision is made locally and no outbound HTTP request is ever sent. The reputation-check and 2FA-mail-relay endpoints are never touched. You get all 12 sensors, the full 2FA suite, progressive blocking and the dashboard with nothing leaving your server — no account, no API key, nothing to opt into.
Community Network: one site’s attacker is everyone’s
Switch on Community Network (with a free API key from reportedip.de) and Local Shield gains two things: pre-auth IP-reputation lookups against reportedip.de/wp-json/reportedip/v2/check, and anonymised threat reports queued to /report. When one site is attacked and reports the IP, every other site can refuse the same attacker before verifying a password. Lookups are cached — 24 hours for safe IPs, 2 hours for known-bad ones — so the API footprint stays small.
Reports are batched: a 15-minute cron sends them in groups of 20, with a 5-minute transient lock against concurrent runs. The hourly API budget is split into three independent buckets — reputation lookups, report submissions and quota sync — so a reputation-check storm can never freeze the report queue.
What actually crosses the wire
Only the IP and the attack category. No usernames, no comment content, no full user-agents — user-agents are truncated to 50 characters even in local logs. Community sharing is strictly opt-in, and if the API is unreachable, nothing breaks: local blocking and the cached reputation keep working, and queued reports retry up to 3 times before surfacing in the API Queue tab.
How to choose a mode
The wizard’s Connect step (and the Settings page) show side-by-side comparison cards. Pick Local Shield for an air-gapped or strictly offline posture; pick Community Network to benefit from — and contribute to — shared reputation. You can switch at any time without losing local data.
Related guides
- The 12 sensors that generate the reports
- Hardening Mode uses the community reputation threshold
- Multisite: one block applied network-wide
The WordPress plugin documentation covers mode configuration. Browse the full ReportedIP Hive plugin guides, or inspect the API client on GitHub.