We built the intelligence layer — so we know how AI agents behave on the web better than anyone. That's why we can stop them when they shouldn't be there.
91.8%
increase in bad bot traffic 2025
61.2%
of websites unprotected
90K
attacks/min on WordPress
<15ms
p99 API response time
Install the WordPress plugin in 5 minutes or call the scoring API directly. No DNS changes. No CDN migration.
DruxShield isn't a WAF or a CDN bolt-on. It's an intelligence platform — built from the model layer up.
Ambiguous requests are evaluated across multiple AI models simultaneously. No single model decides — a weighted consensus does, with full reasoning surfaced to you.
Every blocked request shows you exactly why it was flagged. Not just a score — a plain-English breakdown of every signal that contributed to the decision.
Cloudflare sees IP packets. DruxShield sees a user adding 47 credit cards to the same guest checkout. Install the plugin in 5 minutes — no DNS changes required.
AI crawlers, carding bots, credential stuffers, headless browsers, DDoS probes, content scrapers and more — each classified separately with tailored responses.
IP reputation cached at the edge. Your pages don't slow down. The scoring engine runs in parallel and never blocks your critical render path.
Carding attacks, credential stuffing, and cart abuse — all detected at the checkout and login layer where Cloudflare can't reach and Wordfence doesn't look.
No enterprise sales calls. No $10K/month minimums. No rule-based-only detection.
No sales calls. No 6-month contracts. Cancel anytime.
For personal sites and testing
For growing businesses
For agencies and ecommerce
Need 25+ domains or white-label? Contact us for Enterprise pricing →
Every DruxShield-protected site contributes to a shared intelligence network. These numbers update continuously.
1.2M+
Attacks blocked
and counting
637K
Intelligence signals shared
privacy-preserving aggregates
51
Good bots in registry
verified, always up to date
9
Bot types classified
from carding to AI crawlers
“We didn't even know we were being attacked. DruxShield showed us exactly what was happening — and why each request was blocked.”
WooCommerce fashion retailer
Chargebacks dropped 91% in 30 days
“We added it as a $49/month line item in our maintenance packages. It pays for itself 4× over — and clients love the report.”
WordPress agency, 34 client sites
Now in 28 of 34 client contracts
“The reasoning output sold us. It didn't just say 'bot' — it told us exactly why: residential proxy, TLS mismatch, zero session entropy.”
B2B SaaS platform, $180K MRR
Credential stuffing down 97%
Everything you need to know before you start.
Yes. The WordPress plugin intercepts requests at the application layer — no DNS changes, no CDN migration, no infrastructure changes. For non-WordPress stacks, you call the scoring API from your existing middleware.
No. The plugin adds under 5ms overhead per page load. IP scores are cached for 1 hour, so repeat visitors are scored in under 1ms. The scoring API runs async and never blocks your critical render path.
Default thresholds are conservative: score ≥70 to block, 40–70 to challenge. For ambiguous requests, DruxShield issues a JS challenge rather than a hard block. False positive rate target is <0.1%. You can tune thresholds per domain.
Yes. The good bot registry lists 50+ verified bots with per-domain allow/block toggles. Googlebot and major search crawlers are allowlisted by default. GPTBot, ClaudeBot, CCBot and other AI training crawlers are classified separately so you can control them independently.
Wordfence is rule-based and has no AI reasoning. Cloudflare's bot management is locked behind $200/mo+ tiers and can't see inside your WooCommerce sessions. DruxShield works at the application layer, uses multi-model consensus, and explains every block decision in plain English.
Fail open. If the scoring API is unreachable, requests are allowed through — we never block legitimate traffic due to our own downtime. The WordPress plugin has a 5-second timeout and falls back to allow on error.
Free forever. WordPress plugin installs in 5 minutes. No credit card required.
Get started free