What's going on

What’s going on | Jaime Niñoles | firewall,security,WAF


A very simple firewall for WordPress that allows you to see all real requests to your WordPress and protect you from Internet attacks. It’s a WAF, a Web Application Firewall that is installed in front of WordPress. It’s installed in the server with the plugin, and it checks requests from the web browsers, bots or webcrawlers to your WordPress. It executes the WAF codes before every request to PHP files of WordPress, so it also works before every request to the WordPress cache.


  • Feel free to contribute in GitHub to improve the project.
  • It’s free, completely free.
  • Detection and protection of DoS attacks.
  • Detection and notification of possible DDoS attacks.
  • It can protect you against SQL injection, XSS and Xploit attacks using your own Regexes.
  • Permanent block or bypass of custom IPs, it allows you to configure IPs with your own Regexes too.
  • Log and show Regex errors, for debug and improve your Regexes.
  • Save payloads, all or only when match a regex.
  • Block and allow countries and continents.
  • 404s detections.
  • Show URLs or IPs doing 404s.
  • Show IPs that are doing most of the visits.
  • Show URLs most visited.


  1. Uninstall .user.ini file.
  2. Deactivate the plugin into the Plugins menu in the admin panel of WordPress.
  3. Delete into the Plugins menu.

All the options configured into the plugin are removed when plugin is deleted, not when plugin is deactivated. All the database tables are removed when plugin is deactivated. So if you want to remove the plugin and all data stored, first deactivate the plugin and then remove it from the plugin admin zone into the WordPress backend.


  1. Copy the files in the directory /wp-content/plugins/whats-going-on/ like others plugins.
  2. Activate the plugin in the WordPress backend menu of plugins.
  3. Got to the admin section of What’s going on.
  4. Install in front of every single request to PHP files, by clicking on the button that says ‘Install .user.ini’.
  5. See how it works and play with it configs, fully personalizable of what to allow or not.
  6. Enjoy.. 🙂

Alternative install with SSH:

  1. Goto the plugins directory doing: cd /wp-content/plugins/
  2. Clone the GitHub repository doing: git clone [email protected]:jaimenj/whats-going-on.git

With SSH you can stay up to date using the normal git pull command.

Plugin author

Jaime Niñoles

Plugin official website address

If you encounter problems in using the What’s going on plugin, you can comment below, and I will try my best to help you solve the problem

Leave a Comment

Your email address will not be published.