Create your account
Go to recon44.com and click Start free. Enter your email address and choose a password.No credit card is required to sign up. Your Free plan activates immediately, and you can upgrade at any time from the Plans section of the dashboard.
If your organization uses SSO or requires team access, contact Recon44 support to discuss an Enterprise plan before signing up individually.
Add your website
After signing in, the dashboard prompts you to add your first site. Enter the domain you want to protect — for example,
example.com. Do not include a protocol prefix (https://) or trailing slash.Click Add site. Recon44 immediately queues a full vulnerability scan against your domain.Recon44 scans the public-facing surface of your site, exactly as an external attacker would. No access to your server or codebase is required.
Review the vulnerability scan
The initial scan typically completes within 60–90 seconds. While it runs, you’ll see a progress indicator on the site’s overview page. Once it finishes, the Security Score panel updates with findings across six categories:
Each finding shows a severity level (Critical, High, Medium, Low) and a plain-English description of the issue and how to fix it.
| Category | What Recon44 checks |
|---|---|
| SSL / TLS | Certificate validity, expiry date, weak cipher suites |
| Security headers | Content-Security-Policy, X-Frame-Options, HSTS, and others |
| Exposed files | .env, .git, backup archives, and other sensitive paths |
| Open ports | Ports that are externally reachable but shouldn’t be |
| Injection vectors | Forms and parameters susceptible to SQL injection or XSS |
| Rate limiting | Whether your site enforces request throttling on key endpoints |
Explore the live threat feed
Click Threat Feed in the left sidebar. Even before you add a DNS record, Recon44 begins populating this view with passive threat data for your domain.Each row in the feed shows:
- Threat type — DDoS, SQL Injection, XSS, Brute Force, or Scanner
- Source IP — the originating address
- Country — geographic origin flag and country name
- Action — what Recon44 did:
blocked,mitigated,throttled, orlogged - Timestamp — when the event occurred
On the Free plan, WAF mode is set to read-only (monitor). Recon44 logs threats but does not actively block them until you upgrade to Pro or higher and enable active blocking.
Manually block or whitelist an IP (optional)
If you see a suspicious IP in the threat feed, click the IP address to open its detail panel. From there you can:
- Click Block to add the IP to your blocklist immediately. Future requests from this IP are dropped at the edge.
- Click Whitelist to ensure Recon44 never blocks requests from this IP — useful for your own office IPs or trusted monitoring services.
Route live traffic through Recon44 (recommended)
To enable active WAF inspection on every real visitor request, you need to add one CNAME DNS record to point your domain at Recon44’s edge network.This step is required for active blocking, real-time inspection, and DDoS mitigation. It does not affect your hosting or application setup.See the full walkthrough in the DNS setup guide.
What’s next
Add your CNAME record
Route live traffic through Recon44’s inspection layer in 3 steps.
Understand the WAF
Learn how Recon44 matches requests against 200+ OWASP attack patterns.
Set up alerts
Get notified by email, Telegram, or SMS when attacks are detected.
Export audit logs
Download tamper-proof logs for compliance and incident review.