SISTEM KEAMANAN DETEKSI SERANGAN REAL-TIME DAN OTOMATISASI PEMBLOKIRAN PADA WORDPRESS

WordPress is the most widely used Content Management System (CMS) in the world, but it is also a primary target of cyberattacks such as brute-force login attempts, SQL Injection, and unauthorized access to administration pages. This research aims to analyze and develop a security plugin called WP Realtime Monitor, which is capable of detecting attacks in real time, sending notifications to administrators via Telegram, and automatically blocking the attacker’s IP address. The research methodology includes security requirement analysis, plugin architecture design using WordPress hooks, implementation using PHP and Telegram API integration, as well as testing against several simulated attack scenarios. The results show that the plugin successfully detects repeated failed login attempts, access to wp-login.php, and simple SQL Injection attacks. In addition, the system can send notifications to Telegram in less than one second and automatically block IP addresses that repeatedly launch attacks. Performance analysis indicates that the plugin is lightweight, does not add significant load to the WordPress server, and provides practical security improvements. Therefore, the development of WP Realtime Monitor is proven to be effective as an alternative solution for WordPress website security.