Secure your SuiteCRM. Protect your CRM against brute force attacks, manually listing allowed IPs (IP Restriction and IP Whitelisting) or automatically adding prohibited IPs. Track users' logins and protect your data.
Protect Your SuiteCRM from Brute-Force Attacks and Unwanted Access
CRM Defender adds an extra security layer to your SuiteCRM instance.
Monitor login attempts, automatically block suspicious IPs, and restrict access only to trusted addresses when needed.
Limited-time offer available until May 31, 2026:
-
SuiteCRM 7 CRM Defender:
$499$459 (Save $40 every year) -
SuiteCRM 8 CRM Defender:
$599$549 (Save $50 every year)
Offer expires May 31, 2026.
Why CRM Defender if SuiteCRM already includes Login Protection?
SuiteCRM 8 includes basic protection against repeated failed login attempts, powered by Symfony. This is a useful first line of defense, but it works mainly at the application login level.
CRM Defender adds a stronger access-control layer around your CRM, helping administrators block suspicious IPs, restrict access to trusted addresses, monitor login activity, and prevent unwanted visitors from reaching the CRM when needed.
| Security Feature | SuiteCRM Default | CRM Defender |
|---|---|---|
| Basic failed-login protection | Yes | Yes |
| Temporary lock after repeated failed attempts | Yes | Yes |
| Monitor successful and failed login attempts inside SuiteCRM | Limited | Yes |
| Automatically block suspicious IP addresses | No | Yes |
| Whitelist trusted IP addresses | No | Yes |
| Allow access only from whitelisted IPs | No | Yes |
| Block access before the visitor reaches SuiteCRM | No | Yes |
| Email notification when an IP is locked out | No | Yes |
| Protection for trusted users against accidental lockout | No | Yes |
In short: SuiteCRM protects the login process. CRM Defender helps protect access to the CRM itself.
What's CRM Defender?
SuiteCRM is a powerful open-source CRM, but every public login page can become a target for brute-force attacks, dictionary attacks, repeated failed login attempts, and unauthorized access attempts.
CRM Defender helps you protect your SuiteCRM instance before a small security issue becomes a serious business problem.
With CRM Defender you can:
- Automatically block IP addresses after repeated failed login attempts
- Monitor successful and failed logins directly inside SuiteCRM
- Receive email notifications when an IP is locked out
- Whitelist trusted IP addresses
- Restrict access so that only whitelisted IPs can reach the CRM
- Protect administrators and users from accidental lockouts
- Improve visibility over suspicious login activity
Version 2.0.0 — New Security Features
CRM Defender 2.0.0 introduces important improvements for both SuiteCRM 7 and SuiteCRM 8 environments:
- IP Whitelisting: block all IP addresses except the ones explicitly added to the whitelist.
- Flexible IP Management: manage whitelisted IPs more easily with ascending and descending sorting.
- PHP Compatibility: compatible with PHP 8.0, 8.1, 8.2 and 8.3.
- WebRTC Removal: removed due to browser deprecation, improving compatibility and stability.
Stop Repeated Failed Login Attempts
CRM Defender creates a protective barrier against brute-force and dictionary attacks.
When repeated failed login attempts are detected, CRM Defender can automatically ban the source IP address. Any further request from that IP is rejected through the .htaccess file and the visitor receives a 403 error.
This helps reduce the risk of unauthorized access and gives administrators better control over suspicious activity.
Access Monitor
CRM Defender includes an Access Monitor where you can review:
- Successful logins
- Failed login attempts
- Locked-out events
- Typed usernames
- User activity patterns
You can use SuiteCRM’s native filtering tools to understand whether a failed login was caused by a simple typo or by a possible attack.
Email Notification System
When an IP address is locked out, CRM Defender can immediately notify your team by email.
You can enable the notification system and choose the recipient email address from the settings panel.
Example notification:
Choose the Protection Level You Need
CRM Defender lets you configure the maximum number of failed login attempts before an IP is locked out.
You can also define trusted IP addresses that should never be blocked.
Two Powerful Access Modes
1. Allow only whitelisted IPs to access the CRM
Use this mode when your SuiteCRM should be accessible only from trusted locations, such as your office, VPN, internal network, or selected remote workers.
2. Allow all IPs, while protecting trusted users from lockout
Use this mode when your CRM must remain publicly accessible, but you want trusted IPs to be protected from accidental lockout.
Try the Live Demo
See CRM Defender in action.
Try logging in with random credentials more than 3 times:
Documentation
Read the full documentation here:
Secure Your SuiteCRM Today
CRM Defender gives SuiteCRM administrators a practical way to monitor access, block suspicious IPs, and reduce login-related security risks.
Special pricing is available until May 31, 2026.
Get CRM Defender Now
