Welcome to Thryven Server Shield. This plugin provides enterprise-level, operating system security directly from your WordPress dashboard by integrating deeply with your Linux server environment.
Traditional WordPress security plugins operate inside PHP. This means that when an attack happens, WordPress must first load, execute PHP code, and consume server resources before it can respond. This adds unnecessary CPU and memory usage during malicious traffic spikes.
Thryven Server Shield works differently by operating at the system level. Security rules are applied directly through the Linux firewall and web server layer, allowing malicious traffic to be blocked before it reaches WordPress. This improves performance under attack and reduces server load.
In addition, the plugin automates the installation and configuration of advanced security components that would normally require manual server administration.
To use Thryven Server Shield, your server must meet the following requirements.
The plugin is designed for Linux-based servers, including Ubuntu, Debian, CentOS, AlmaLinux, Rocky Linux, and RedHat. Shared hosting environments without root or sudo access are not supported.
Supported web servers include Nginx, Apache2, and HTTPD.
Root or sudo access is required because the plugin installs and configures system-level security services.
For WordPress, version 5.0 or higher is required. Supported PHP versions range from 7.4 to 8.3.
Each security component in Thryven Server Shield is installed and managed separately. This modular design ensures stability, compatibility, and full control over your server configuration.
The dashboard is the central control panel of the plugin. It provides an overview of all installed security components and their current status on your server.
From this screen, you can verify which engines are active and monitor whether your system is fully protected.
ClamAV provides server-level antivirus protection by scanning files for malware, trojans, and malicious scripts.
To install and activate:
Open the ClamAV module from the dashboard.
Enter your server’s sudo or root credentials.
Click Install Engine and wait for the installation to complete.
Choose your preferred scan schedule and enable WordPress protection.
Once enabled, the system automatically scans the WordPress uploads directory and quarantines suspicious files before they can be executed.
ModSecurity is a web application firewall that filters incoming traffic at the web server level to block common attacks such as SQL injection and cross-site scripting.
To install and activate:
Open the ModSecurity module from the dashboard.
Enter your server’s sudo or root credentials.
Click Install Engine to install and configure ModSecurity on your web server.
Enable WordPress protection to deploy the OWASP Core Rule Set with safe exclusions for WordPress functionality.
Once active, traffic is inspected before reaching WordPress, reducing exposure to malicious requests.
Fail2Ban protects your server from repeated login attempts and automated brute-force attacks by monitoring log files and blocking suspicious IP addresses at the firewall level.
To install and activate:
Open the Fail2Ban module from the dashboard.
Enter your server’s sudo or root credentials.
Click Install Engine to install the service.
Enable WordPress protection to activate a dedicated rule set for wp-login.php.
If repeated failed login attempts are detected, the offending IP address is automatically blocked at the system level.
This module ensures your security components remain up to date and provides visibility into blocked threats.
To activate:
Enter your server’s sudo or root credentials.
Click Enable Auto-Updater.
This creates a scheduled background process that updates virus definitions and firewall rules automatically.
When enabled, the system also logs blocked activity, allowing you to view security events and attack patterns directly from the dashboard.