WordPress Plugin · Free
ReportedIP Hive
Real-time WordPress security with 16 detection sensors, a Web Application Firewall, four 2FA methods and an opt-in community threat network. Free and open source forever.
Open IP threat intelligence platform
IP threat intelligence products for WordPress, mail and DNS
One community-powered reputation database, delivered six ways — a WordPress plugin, a REST API, a downloadable blacklist, a live DNS/RBL zone, a DNS checker and a honeypot. Use one or combine them; every product has a free tier and runs on EU infrastructure.
233k+
IP addresses tracked
4.8M+
community reports
30
threat categories
One dataset, many ways to use it
Every product reads from (and feeds) the same reputation engine. They cooperate but never depend on each other — pick the delivery format that fits your stack.
Detect & report. The Hive plugin and honeypot watch real traffic and submit attacker IPs to the network.
Score & store. The reputation engine weights every report by recency, diversity and severity into a single confidence score (0–100 %).
Consume anywhere. Read the data through the API, the blacklist feed or the DNS/RBL zone — in WordPress, your firewall or your mail server.
Six products, one mission
From a turnkey WordPress install to a programmatic API and a mail-server DNSBL.
REST Threat Intelligence · Free tier
Public API
The reputation engine behind everything. Query IPs, submit reports, pull the blacklist and run bulk operations from any language — fail2ban, SIEM, firewalls, hosting panels.
Downloadable Feed · Free
Community Blacklist Feed
Community-driven blacklist, automatically scored from real-time reports. Plain text, JSON and CSV — ready for fail2ban, iptables, nginx or any blocklist consumer.
Live DNSBL Add-on · from PRO
DNS / RBL Zone
Query the community blacklist as a live DNSBL straight from your mail server or firewall. Token-authenticated zone, 127.0.0.x return codes — no imports, always fresh.
DNS Diagnostics · Free
DNS Checker
Domain health diagnostics from 76 resolvers across 6 continents. Validate SPF, DKIM, DMARC and DNSSEC, run DNSBL lookups and track propagation during migrations.
Standalone PHP App · Free
Honeypot Server
A standalone app that pretends to be WordPress, Drupal or Joomla. 36 threat analyzers detect SQLi, XSS, brute force and exploits, then feed clean intel back into the network.
Coming soon
More integrations
Drupal and Joomla adapters plus Cloudflare-edge integrations are on the roadmap. Want to shape priorities or sponsor a CMS adapter?
Which product do I need?
Start from the job you want done.
| Your goal | Use |
|---|---|
| Protect a WordPress site | ReportedIP Hive |
| Block IPs at your mail server (SMTP) | DNS / RBL Zone |
| Reputation checks in fail2ban, SIEM or a firewall | Public API |
| Drop a static blocklist into iptables / nginx | Blacklist Feed |
| Diagnose SPF / DKIM / DMARC / DNS | DNS Checker |
| Generate first-party attacker intelligence | Honeypot Server |
WordPress Plugin · Free
ReportedIP Hive
A turnkey WordPress security plugin. Install it, run the 10-step wizard, and your site blocks brute-force, spam, scanner and injection traffic in minutes — either fully offline (Local Shield) or wired into the community threat network.
- 16 attack sensors: failed logins, password spray, comment spam, XML-RPC, scanner and decoy bait-paths
- Web Application Firewall, verified-bot detection, disposable-email blocking and a comment honeypot — free on every plan
- Four 2FA methods — TOTP, e-mail, SMS and WebAuthn / passkeys
- Local Shield mode runs 100 % offline — no account, zero outbound calls
- Community Network mode adds live reputation lookups and Priority-Sync firewall rules via a free key
- WooCommerce front-end 2FA, multisite, coordinated-attack hardening and a Business audit event trail
Who it's for
Anyone running one or many WordPress sites who wants managed protection without a SaaS lock-in.
Pricing
Free · GPL-2.0+ · paid plans from 14,90 €/mo for managed 2FA relay & higher quotas
REST Threat Intelligence · Free tier
Public API
A clean REST API over the same community reputation database. Check a single IP, report attackers, or pull the whole blacklist — from any stack, in any language.
- 1,000 free checks/day and 50 reports/day on the free tier
- 30 threat categories with decay-weighted confidence scoring
- Bulk check & report plus analytics on Professional and above
- Simple key auth; JSON responses; documented rate limits
- Drop-in for fail2ban actions, SIEM enrichment and custom firewalls
Who it's for
Developers and ops teams integrating reputation checks into existing tooling.
Pricing
Free tier · higher quotas on PRO (25k checks/day) and Business (100k/day)
Downloadable Feed · Free
Community Blacklist Feed
The high-confidence subset of the community dataset, published as a static feed you import on your own schedule. No mapping, no scoring on your side — just a clean list.
- Confidence ≥ 75 % threshold with a 48 h false-positive cool-down
- TXT, JSON and CSV exports, plus 9 thematic sub-lists
- Daily Git mirror with a diff-friendly commit history
- Pull on demand through the API or as a flat file
Who it's for
Admins who prefer importing a list into iptables, nginx, CrowdSec or a WAF.
Pricing
Free to read; access scales with your API plan
Live DNSBL Add-on · from PRO
DNS / RBL Zone
The same blacklist served over DNS as a private RBL zone. Add one string to Postfix, Rspamd or BIND RPZ and reject connecting attackers in real time — the way mail servers expect.
- Private zone string <token>.bl.reportedip.de with 127.0.0.2/3 return codes
- Drop-in for Postfix, Rspamd, BIND RPZ and any RBL-capable software
- Per-category sub-zones (spam, brute-force, malware …)
- 100,000 DNS queries/day per token; resolver caching keeps it fast
- Refreshed from the community blacklist every few minutes
Who it's for
Mail and hosting operators filtering SMTP traffic at the connection layer.
Pricing
7,90 € / month or 79 € / year (incl. VAT) — bookable from the PRO plan
DNS Diagnostics · Free
DNS Checker
A free, no-login tool to debug mail and DNS configuration: global propagation, e-mail authentication records and blocklist status in one place.
- Global propagation check from 76 resolvers worldwide
- SPF / DKIM / DMARC / DNSSEC validation
- DNSBL lookup across 60+ public blocklists
- Migration mode to watch records flip live
Who it's for
Anyone debugging deliverability, a DNS migration or a new mail setup.
Pricing
Free, no account required
Standalone PHP App · Free
Honeypot Server
Run a decoy to generate first-party attacker intelligence. It looks like a vulnerable CMS, scores every request, and batches verified reports to the API.
- Docker Compose ready — PHP 8.2 + SQLite, no external database
- 36 severity-scored threat analyzers
- Mimics WordPress, Drupal and Joomla endpoints
- Reports auto-batched to the ReportedIP API
Who it's for
Operators and researchers who want to contribute (and see) fresh attack data.
Pricing
Free · open source
Plans & pricing
Free local protection forever. Pay only for managed servers, higher quotas and add-ons.
Plans for every site
The Hive plugin is free and open source forever. Paid plans add managed 2FA mail and SMS relay, multi-site management, and higher API quotas.
Free
Local protection, free forever
Free
- Full local Hive plugin — all 16 attack sensors
- Web Application Firewall (engine + OWASP-Top-10 baseline ruleset)
- Verified-bot detection, disposable-email blocking & comment honeypot
- Basic security headers + protection & hardening score
- Block-page reference codes & MainWP integration
- Complete 2FA suite (TOTP, Email, WebAuthn)
- 1,000 API checks / day
- 50 reports / day
- 1 domain
- Community support
Most popular
Professional
Solo developers and small sites
14.90 € / monthincl. 19 % VAT
149.00 € / yearincl. 19 % VAT12.42 € / month, billed yearly
- Everything in Contributor
- 25,000 API checks / day
- 1,000 reports / day
- 500 2FA mails / month included
- 25 2FA SMS / month included
- Up to 3 domains
- Bulk operations & analytics
- Coordinated-attack hardening mode (auto-tighten thresholds during burst attacks)
- Priority Sync: deeper, frequently-updated WAF rulesets (Paranoia Level 2/3) + live bot-IP and disposable-domain feeds
- Advanced security headers (HSTS, Permissions-Policy, Content-Security-Policy, cross-origin isolation)
- WooCommerce Frontend-2FA: themed challenge in your storefront, no wp-login bounce
- Email support, 48 h SLA
Start free trial
14-day money-back guarantee. Cancel anytime.
Business
Agencies, WooCommerce, white-label
39.00 € / monthincl. 19 % VAT
389.00 € / yearincl. 19 % VAT32.42 € / month, billed yearly
- Everything in Professional
- 100,000 API checks / day
- 5,000 reports / day
- 2,500 2FA mails / month included
- 75 2FA SMS / month included
- Up to 15 domains per licence
- Need more capacity? Book 2×–20× Business — the whole plan (API quota, 2FA mail/SMS, domains) multiplies, with an automatic volume discount
- White-label setup wizard, 2FA pages, mail templates
- WooCommerce complete integration (white-label templates, Subscriptions / Memberships audit)
- Audit event trail: append-only user-lifecycle log (logins, password resets, role changes incl. acting user) with CSV/JSON export
- GDPR export tool
- Priority support, 12 h SLA
Start free trial
14-day money-back guarantee. Cancel anytime.
Compare all plans
Includes Contributor and Enterprise tiers plus the full feature comparison table.
Latest from the blog
Release notes, threat-intelligence reports and security news — browse by Releases, Threat Intelligence, Security News or Announcements.
Frequently asked questions
Is ReportedIP free?
Yes. Every product has a free tier: the Hive plugin is free and open source, the API gives 1,000 checks/day for free, the blacklist feed and DNS Checker are free to use. Paid plans and add-ons unlock higher quotas, managed 2FA relay and the DNS/RBL Zone.
Do I need an account?
Not for the Hive plugin in Local Shield mode or for the DNS Checker. The API, the community network and paid add-ons require a free account and an access key.
Which product should I use to protect a WordPress site?
Install ReportedIP Hive. It bundles attack detection, IP blocking and 2FA, and works offline out of the box.
How do I block bad IPs at my mail server?
Use the DNS / RBL Zone add-on. You add one zone string to Postfix, Rspamd or BIND RPZ and connecting attackers are rejected in real time.
What runs self-hosted versus on your servers?
The Hive plugin and the Honeypot Server run on your infrastructure. The API, the blacklist feed, the DNS Checker and the DNS/RBL Zone are hosted by us on EU infrastructure.
Is it GDPR-compliant?
Yes. We minimise data collection (no user agents by default), anonymise older records, and run on EU infrastructure under GDPR. Subprocessors are covered by data-processing agreements.
Is the data open source?
The Hive plugin and Honeypot Server are open source on GitHub, and the community blacklist is published as a daily Git mirror. The reputation engine and API are operated as a managed service.
How is the confidence score calculated?
Each report is weighted by recency, reporter diversity, threat severity and honeypot trust, then decayed over time. An IP is only listed on the public blacklist at a confidence of 75 % or higher.
Get started — free forever
Pick a product, browse the docs, or grab a free API key. No credit card required.
Security focused
GDPR compliant
Made in Germany
Open source where possible