Website security, built in. Not bolted on.
SGEN ships a web application firewall, SSL, a CDN, and platform security patching on every plan through the Foundation Pack, including the $0 Sandbox, then adds a native IP blacklist that gates every public request by source IP. Add a single IP, a CIDR range like 45.79.0.0/16, or an IPv4 wildcard like 192.168.*.*, give each rule a reason and an author, and a built-in Test-IP tool tells you whether any address would be blocked before a visitor ever hits it.
SGEN hardens the platform itself, so the firewall, patching, and IP blacklist run in your dashboard with nothing to install, license, or keep patched.
Firewall, patching, and IP blocking, with nothing to install.
SGEN ships a WAF and security patching on every plan, including the $0 Sandbox, through the Foundation Pack, so a site is firewalled and on patched infrastructure before you have paid anything. The deeper controls run in the platform itself, configured from the same dashboard as the rest of your stack.
Foundation Pack WAF
A web application firewall, SSL, CDN, and security patching on every plan, free, even on the $0 Sandbox. The protection that is usually a paid upgrade is the floor here.
IP blacklist
Block a single IP, a CIDR range, or an IPv4 wildcard, each with a reason. The platform gates every public request, increments a per-rule hit count, and stamps the last-matched time. A built-in Test-IP tool previews a block before it happens.
Site protection
Password-gate the site or drop it into maintenance mode from the platform through the Tools module. Lock a staging site or hide a work-in-progress without installing third-party code.
Audit-ready logging
The platform keeps audit-ready logs, the evidence trail you need for accessibility and GDPR posture, recorded at the platform level and ready to review.
GDPR consent log
The native Consent and Tracking module keeps a per-session consent log you can review entry by entry, so you can show, session by session, what each visitor consented to. Consent capture is part of the module, ready to switch on.
Patched infrastructure
Security patching runs at the platform level on monitored, hardened infrastructure, so every site you run sits on patched, centrally managed servers from day one.
Compliance-grade posture: this is audit-ready logging and a consent trail. SGEN is HIPAA compliant for healthcare. SOC 2 and ISO are in progress, posture not certification; no badges, no "certified" claim.
Test whether any IP is blocked, without making the visit yourself.
SGEN ships a Test-IP tool inside the blacklist toolbar that runs a read-only dry run: type an address, press Test, and the platform tells you whether it is blocked and by which rule. A flat block field makes you publish a rule and wait to see if it caught the right traffic. SGEN lets you confirm the match first. The check is read-only and does not count as a hit, so you verify a CIDR or wildcard rule covers the address you meant without skewing the per-rule analytics.
Every rule carries a reason, an author, a hit count, and a last-matched time.
SGEN renders the blacklist as a searchable, paginated, bulk-deletable rules table, not a single field. The Hits counter increments on every blocked public request and Last Matched stamps the time, so you see which rules actually fire and can prune the ones that never do. The Reason and Author columns make it a documented, attributable blocklist, every entry says why it exists and who added it, instead of an anonymous deny-list. And there is no caching lag: add, edit, or delete a rule and it takes effect on the visitor's very next public request, so a block you set is live the moment you save it.
Search is a LIKE-match on the Item column. The blacklist blocks by source IP only: single IPs, CIDR ranges, and IPv4 wildcards. It is not a domain, user-agent, country, or keyword filter, and it is not an allow-list.
One platform. The whole security stack, native.
SGEN handles security at the platform level: a free Foundation Pack WAF, platform security patching, the IP blacklist, and site protection, all native. Each protection runs in the same engine you build in, so there is no separate update, no separate maintainer, and nothing extra in your vulnerability surface.
91% of WordPress vulnerabilities were in plugins, Patchstack, State of WordPress Security 2026. When protection is native, there is no add-on layer to exploit: SGEN runs the firewall, patching, and IP blacklist in the platform, so that attack surface is simply not there.
Protected on day one. On every plan.
Security sits in the same platform as the rest of your stack. Pair the IP blacklist and Foundation Pack WAF with the native Attribution module for the source behind every visitor, and the full set of 23 native modules included on every plan.
Common questions about security
Does SGEN comply with GDPR? +
What does the IP blacklist actually block, and what does it not do? +
What about HIPAA? +
What security does SGEN cover natively? +
Are SGEN's SOC 2 and ISO certifications complete? +
Which plan includes the security controls? +
A WAF, audit-ready logging, and a consent trail. From $39/mo.
SGEN ships security natively across the whole platform, included on every plan, with free WAF and patching reaching even the $0 Sandbox, so you can build and protect a site before paying anything.
From $39/mo, billed annually. $47 monthly. 2-week trial, cancel anytime. Every module included.

