English Türkçe Deutsch Français Español Български

How it Works Features Pricing About Us Changelog Status

English Türkçe Deutsch Français Español Български

Active Visitor Security Gateway

Visitor intelligence and threat prevention

Collect visitor signals, evaluate rules in real time, and enforce decisions automatically. Block bots, throttle scrapers, and challenge suspicious traffic before it reaches your application.

Start Free Trial How it Works →

7-day trial with full access. No credit card required.

HTML Integration Copy snippet

Interactive Traffic Simulator

Watch live traffic filter dynamically based on your active policies

Total Scanned

Allowed

Blocked

Shield Policies (Toggle Rules)

VPN & Proxy Shield

Challenge Suspicious Bots

Block Russian IP Ranges

Integrates in minutes

Install paths for every stack

Use the official WordPress plugin for no-code setup, or install the TypeScript SDK for React, Vue, Next.js and custom JavaScript apps.

WordPress npm React Vue Next.js

No code

WordPress plugin

Install the plugin, paste your public site key, choose script delivery mode, and optionally enable WooCommerce purchase events.

1.Install VisitorFilters
2.Paste site key
3.Save configuration

SDK

npm package

Ship visitor intelligence inside modern frontend apps with typed helpers and framework integrations.

npm install @visitorfilters/tracker bash

Core JS React Vue Next.js

How it works

Three stages from request to decision. All automated, all in real time.

Collect

A lightweight script collects visitor signals — IP, user agent, behavior patterns, device fingerprint — and sends them to your VisitorFilters endpoint via signed payloads.

Evaluate

The rule engine checks each request against your policies: IP reputation, ASN lists, rate limits, geo-restrictions, and anomaly detection thresholds. Decisions are made in milliseconds.

Enforce

Based on the verdict: allow, block, challenge, throttle, or redirect. Legitimate visitors pass unnoticed. Threats are stopped before they touch your infrastructure.

Built for security teams

Everything you need to monitor, detect, and respond to malicious traffic.

Rule Engine

Multi-condition rules with AND/OR logic. Target by IP, ASN, country, user agent, path, rate, or risk score.

Anomaly Detection

Automatic detection of traffic spikes, rate anomalies, and behavioral deviations with configurable thresholds.

Honeytokens

Deploy invisible traps. When a bot scans hidden endpoints, it triggers immediate alerts and automatic enforcement.

Real-Time Dashboard

Live session monitoring, traffic analytics, geographic visualization, and device breakdowns — updated via WebSocket.

REST API & Webhooks

Full API with scoped keys for programmatic rule management. Outbound webhooks with HMAC signing and retry logic.

Scheduled Reports

Automated PDF reports delivered daily, weekly, or monthly. Threat summaries, blocked traffic analysis, and trend data.

Flexible plans for every scale

Start protecting your websites with our Free tier, or upgrade to Pro or Business to unlock advanced capabilities like Proxy/VPN Shield, Anomaly Detection, custom CAPTCHA/JS challenge screens, and REST API access.

Free

Get Started Free

1 site
10,000 events/month
7-day data retention
Real-time dashboard
Anomaly detection Analyzes traffic patterns in real-time to automatically identify and flag suspicious behavior spikes and scraping attempts.
Honeytokens Deploys invisible trap URLs on your site. When automated scanners or bots request them, they are instantly identified and blocked.
Heatmaps Visualizes user click concentrations across desktop, tablet, and mobile devices to understand user interaction and optimize layouts.
REST API & Webhooks

Starter

Get Started

2 sites
50,000 events/month
30-day data retention
Real-time dashboard
Anomaly detection Analyzes traffic patterns in real-time to automatically identify and flag suspicious behavior spikes and scraping attempts.
Honeytokens Deploys invisible trap URLs on your site. When automated scanners or bots request them, they are instantly identified and blocked.
Heatmaps Visualizes user click concentrations across desktop, tablet, and mobile devices to understand user interaction and optimize layouts.
REST API & Webhooks

Recommended

Pro

Start Trial

5 sites
200,000 events/month
90-day data retention
Real-time dashboard
Anomaly detection Analyzes traffic patterns in real-time to automatically identify and flag suspicious behavior spikes and scraping attempts.
Honeytokens Deploys invisible trap URLs on your site. When automated scanners or bots request them, they are instantly identified and blocked.
Heatmaps Visualizes user click concentrations across desktop, tablet, and mobile devices to understand user interaction and optimize layouts.
REST API & Webhooks

Business

Get Started

15 sites
750,000 events/month
180-day data retention
Real-time dashboard
Anomaly detection Analyzes traffic patterns in real-time to automatically identify and flag suspicious behavior spikes and scraping attempts.
Honeytokens Deploys invisible trap URLs on your site. When automated scanners or bots request them, they are instantly identified and blocked.
Heatmaps Visualizes user click concentrations across desktop, tablet, and mobile devices to understand user interaction and optimize layouts.
REST API & Webhooks

View Detailed Plan Comparison

10M+

Events processed daily

195

Countries supported

<5ms

Rule evaluation latency

99.9%

Uptime SLA

Developer-first API

Manage rules, query analytics, and receive webhook events programmatically. Full REST API with scoped API keys, JSON responses, and HMAC-signed webhooks.

RESTful JSON API with versioning
Scoped API keys per site or tenant
Outbound webhooks with retry logic
HMAC-SHA256 webhook signatures

View API Reference

API Request

POST /v1/rules

# Block an IP address via API
curl -X POST \
  "https://visitorfilters.com/api/v1/rules" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"type":"ip_block","ip":"1.2.3.4"}'

// Block an IP address via API
$response = Http::withToken('YOUR_API_KEY')
  ->post('https://visitorfilters.com/api/v1/rules', [
    'type' => 'ip_block',
    'ip' => '1.2.3.4',
  ]);

// Block an IP address via API
const res = await fetch('https://visitorfilters.com/api/v1/rules', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer YOUR_API_KEY`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ type: 'ip_block', ip: '1.2.3.4' })
});

# Block an IP address via API
import requests

response = requests.post(
  "https://visitorfilters.com/api/v1/rules",
  headers={
    "Authorization": "Bearer YOUR_API_KEY",
    "Content-Type": "application/json"
  },
  json={
    "type": "ip_block",
    "ip": "1.2.3.4"
  }
)

// Block an IP address via API
package main

import (
  "bytes"
  "net/http"
)

func main() {
  payload := []byte(`{"type":"ip_block","ip":"1.2.3.4"}`)
  req, _ := http.NewRequest("POST", "https://visitorfilters.com/api/v1/rules", bytes.NewBuffer(payload))
  req.Header.Set("Authorization", "Bearer YOUR_API_KEY")
  req.Header.Set("Content-Type", "application/json")

  client := &http.Client{}
  client.Do(req)
}

See it in action

Watch how VisitorFilters evaluates a real visitor request in real time — from signal collection to enforcement decision.

VisitorFilters — Rule Engine

Trusted by security teams

From indie developers to enterprise engineering teams.

"We blocked a massive scraping campaign within 30 minutes of deployment. Our server CPU load dropped from 94% to 4%, saving us over $450/mo in AWS bandwidth bills."

Marcus K.

CTO, SaaS Startup

"The VPN Shield and Anomaly Detection stopped automated checkout bots on Black Friday. We saved our inventory for real customers without any false-positives."

Amara R.

Lead Engineer, E-commerce

"We replaced our legacy WAF with VisitorFilters. The Edge engine intercepts bot attacks in less than 2ms and feeds blocklists straight into our routing tier."

James L.

Security Engineer, FinTech

Frequently asked questions

Add a single script tag to your website's head section with your unique site key. The collector is under 5 KB, loads asynchronously, and has zero impact on your page performance.

No. The collector script loads asynchronously and deferred — it never blocks page rendering. Typical latency overhead is under 1ms per request.

Blocked visitors receive a configurable response: a 403 page, a redirect, or a challenge page. You can customize the message and appearance to match your brand.

Yes. Add your IP or CIDR range to the whitelist under Rules → Whitelist. Whitelisted IPs bypass all rules and are never blocked, even by geo-block rules.

Yes, visitor event data is stored on VisitorFilters infrastructure for analytics purposes, within the retention period of your plan (7–365 days). You can export or delete visitor data at any time from Dashboard → Privacy.

Yes. Each plan allows multiple sites. The Free plan includes 1 site, Pro includes 5, Business includes 20, and Enterprise is unlimited. Each site has independent rules and analytics.

In Monitor mode, rules are evaluated and logged but no enforcement actions are taken — ideal for testing. In Protect mode, rules actively block, challenge, or redirect visitors.

Yes. You can cancel at any time from Dashboard → Billing. Your plan remains active until the end of the current billing period. No cancellation fees.

Start protecting your sites today

Deploy in under 5 minutes. One script tag, full visibility.

Start Free Trial

No credit card required.