One platform, priced by sites. Every module included. Docs All systems operational
Build it freeNo card · no time limit Start free
Native module · Security

Website security, built in. Not bolted on.

SGEN ships a web application firewall, SSL, a CDN, and platform security patching on every plan through the Foundation Pack, including the $0 Sandbox, then adds a native IP blacklist that gates every public request by source IP. Add a single IP, a CIDR range like 45.79.0.0/16, or an IPv4 wildcard like 192.168.*.*, give each rule a reason and an author, and a built-in Test-IP tool tells you whether any address would be blocked before a visitor ever hits it.

SGEN hardens the platform itself, so the firewall, patching, and IP blacklist run in your dashboard with nothing to install, license, or keep patched.

The native security controls

Firewall, patching, and IP blocking, with nothing to install.

SGEN ships a WAF and security patching on every plan, including the $0 Sandbox, through the Foundation Pack, so a site is firewalled and on patched infrastructure before you have paid anything. The deeper controls run in the platform itself, configured from the same dashboard as the rest of your stack.

Foundation Pack WAF

A web application firewall, SSL, CDN, and security patching on every plan, free, even on the $0 Sandbox. The protection that is usually a paid upgrade is the floor here.

IP blacklist

Block a single IP, a CIDR range, or an IPv4 wildcard, each with a reason. The platform gates every public request, increments a per-rule hit count, and stamps the last-matched time. A built-in Test-IP tool previews a block before it happens.

Site protection

Password-gate the site or drop it into maintenance mode from the platform through the Tools module. Lock a staging site or hide a work-in-progress without installing third-party code.

Audit-ready logging

The platform keeps audit-ready logs, the evidence trail you need for accessibility and GDPR posture, recorded at the platform level and ready to review.

GDPR consent log

The native Consent and Tracking module keeps a per-session consent log you can review entry by entry, so you can show, session by session, what each visitor consented to. Consent capture is part of the module, ready to switch on.

Patched infrastructure

Security patching runs at the platform level on monitored, hardened infrastructure, so every site you run sits on patched, centrally managed servers from day one.

Compliance-grade posture: this is audit-ready logging and a consent trail. SGEN is HIPAA compliant for healthcare. SOC 2 and ISO are in progress, posture not certification; no badges, no "certified" claim.

Check a block before it lands

Test whether any IP is blocked, without making the visit yourself.

SGEN ships a Test-IP tool inside the blacklist toolbar that runs a read-only dry run: type an address, press Test, and the platform tells you whether it is blocked and by which rule. A flat block field makes you publish a rule and wait to see if it caught the right traffic. SGEN lets you confirm the match first. The check is read-only and does not count as a hit, so you verify a CIDR or wildcard rule covers the address you meant without skewing the per-rule analytics.

Test IPRead-only dry run
A rules manager, not a text box

Every rule carries a reason, an author, a hit count, and a last-matched time.

SGEN renders the blacklist as a searchable, paginated, bulk-deletable rules table, not a single field. The Hits counter increments on every blocked public request and Last Matched stamps the time, so you see which rules actually fire and can prune the ones that never do. The Reason and Author columns make it a documented, attributable blocklist, every entry says why it exists and who added it, instead of an anonymous deny-list. And there is no caching lag: add, edit, or delete a rule and it takes effect on the visitor's very next public request, so a block you set is live the moment you save it.

Blacklist rules20 per pageSearch entries...

Search is a LIKE-match on the Item column. The blacklist blocks by source IP only: single IPs, CIDR ranges, and IPv4 wildcards. It is not a domain, user-agent, country, or keyword filter, and it is not an allow-list.

Native, not assembled

One platform. The whole security stack, native.

SGEN handles security at the platform level: a free Foundation Pack WAF, platform security patching, the IP blacklist, and site protection, all native. Each protection runs in the same engine you build in, so there is no separate update, no separate maintainer, and nothing extra in your vulnerability surface.

Foundation Pack WAFSecurity patchingIP blacklistSite protection

91% of WordPress vulnerabilities were in plugins, Patchstack, State of WordPress Security 2026. When protection is native, there is no add-on layer to exploit: SGEN runs the firewall, patching, and IP blacklist in the platform, so that attack surface is simply not there.

Foundation Pack, native
Web application firewallfree, every plan
in the box
Security patchingplatform level
in the box
IP blacklistTest-IP + analytics
in the box
Site protectionpassword gate, maintenance
in the box
The platform behind the posture

Protected on day one. On every plan.

$0
WAF and patching reach even the free Sandbox
0 installs
nothing to install, license, or patch yourself
23
native modules included on every plan

Security sits in the same platform as the rest of your stack. Pair the IP blacklist and Foundation Pack WAF with the native Attribution module for the source behind every visitor, and the full set of 23 native modules included on every plan.

Questions

Common questions about security

Does SGEN comply with GDPR? +
SGEN ships the GDPR tools, a cookie-consent banner and a per-session consent log you can audit entry by entry, through the native Consent and Tracking module. Configuring your site to meet GDPR is still your responsibility; the consent trail is built into the module, ready to switch on.
What does the IP blacklist actually block, and what does it not do? +
The blacklist blocks by source IP only: single IPs, CIDR ranges, and IPv4 wildcards. It is a response tool: it blocks addresses you have already identified and redirects those visitors away. It does not detect threats or rate-limit on its own, and it does not block by domain, user-agent, referrer, country, or keyword, and it is not an allow-list. Pair it with the Foundation Pack WAF for automated filtering and use the blacklist for the specific bad actors you have identified.
What about HIPAA? +
SGEN is HIPAA compliant for healthcare; it runs on a single secure database with data protection and does not host patients' records or PHI, so the protected data stays under the clinic's control while the public site runs on a firewalled, centrally-patched platform.
What security does SGEN cover natively? +
SGEN covers it at the platform level: a free Foundation Pack WAF, platform security patching, IP blacklisting with the Test-IP tool and per-rule analytics, and site protection with a password gate and maintenance mode. It runs in the same dashboard you build in, with nothing to install, license, or keep updated.
Are SGEN's SOC 2 and ISO certifications complete? +
SOC 2 and ISO are in progress. We do not display certification badges or claim "certified" status until they are. The Trust Center lists the current status.
Which plan includes the security controls? +
Every plan. The Foundation Pack WAF and security patching are free on every plan, including the $0 Sandbox. The deeper platform security controls, including the IP blacklist with its Test-IP tool and per-rule analytics, are part of the whole platform, included on every paid plan, from $39/mo (billed annually; $47 monthly). Plans differ only by how many live sites you run.
Included in your plan

A WAF, audit-ready logging, and a consent trail. From $39/mo.

SGEN ships security natively across the whole platform, included on every plan, with free WAF and patching reaching even the $0 Sandbox, so you can build and protect a site before paying anything.

From $39/mo, billed annually. $47 monthly. 2-week trial, cancel anytime. Every module included.