Download the PHP package ozankurt/laravel-security without Composer

On this page you can find all versions of the php package ozankurt/laravel-security. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of ozankurt/laravel-security

Informations about the package laravel-security

Laravel Shield

Latest Version on Packagist

Comprehensive security suite for Laravel — the Wordfence equivalent.

WAF + scanner + ACL + audit log + live traffic + notifications, all configurable, all auditable, all Laravel-native.

Brand site: laravel-shield.ozankurt.com — docs, pricing, license activation.

Why Laravel Shield

Need What Shield gives you
Block malicious requests 15+ WAF middlewares (XSS, SQLi, LFI, RFI, PHP wrappers, sessions, agents, geo, bots, keyword path filters) + DB-backed rule engine
Manage allow/deny lists Unified ls_acl table — IP / CIDR / ASN / country / regex / hostname, first-match-wins evaluation, Redis-cached
Detect malware Scanner with native engine + ClamAV + composer audit; quarantine + restore; signature feed sync
Audit-log everything HMAC-chained ls_audit_log, file/config/composer drift detection, HasAuditLog trait for model events
See live traffic Sampled ls_live_traffic table with optional real-time broadcasting (Reverb / Pusher / Ably)
Get alerts Mail / Slack / Discord / Telegram / Webhook channels, severity-routed
Stay locked out? Three-layer bypass (env key + config IPs + Artisan recovery commands)
Beyond Wordfence Security headers + CSP nonce, honeypot routes, generalized redaction, suspicious activity scoring, HTTPS enforcement, cookie security audit, trusted-proxy auto-discovery, pre-configured rate limiters

Install

shield:install publishes config + migrations + lang + assets, runs migrations, seeds lookup tables + ~47 built-in WAF rules + ~33 built-in malware signatures, generates LS_AUDIT_HMAC_SECRET + LS_BYPASS_KEY if missing, and optionally whitelists your current IP so you don't lock yourself out.

Then expose the dashboard by allowing the gate it defines:

Visit /shield.

Quickstart middlewares

In your route file or middleware group, attach what you need:

Configuration

After install, see config/shield.php. Every limit, threshold, regex, path, and behaviour is exposed. Highlights:

Documentation

Topic Doc
Installation + configuration docs/installation.md
ACL evaluation + matchers docs/acl.md
Audit log + HMAC chain docs/audit-log.md
Scanner + ClamAV + signatures docs/scanner.md
File-change watcher docs/security-watch.md
Notifications + multi-cadence reports docs/notifications.md
Bypass mechanism docs/bypass.md
Premium tier + license docs/premium.md

Premium tier

Premium features live in the same package, gated by LS_PREMIUM_LICENSE_KEY at runtime. No separate composer repo, no Satis, no auth tokens. Buy at laravel-shield.ozankurt.com, paste the key into .env, premium features activate on next request.

Premium unlocks:

The license check is honest soft-enforcement (see docs/premium.md — the real moat is the API services Ozan hosts, which patching the local check can't unlock).

Companion packages

License

MIT — see LICENSE.md.

All versions of laravel-security with dependencies

PHP Build Version
Package Version
Requires php Version ^8.0
laravel/framework Version ^9.0|^10.0|^11.0|^12.0
guzzlehttp/guzzle Version ^7.4
ozankurt/agent Version ^1.0
ramsey/uuid Version ^4.7
voku/anti-xss Version ~4.1.42
voku/portable-utf8 Version ^6.0.13
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package ozankurt/laravel-security contains the following files

Loading the files please wait ...