How does Moat AIS learn my website?

When you connect a website, Moat AIS performs an initial analysis to map its structure and traffic patterns. It then monitors real traffic over time to refine that understanding. The result is a precise, site-specific security profile that is automatically maintained. You can also supplement it manually through your dashboard for areas the automated analysis cannot reach.

Does Moat AIS work with WordPress, Shopify, or other platforms?

Yes. Moat AIS operates at the web server level, independently of your CMS, platform, or e-commerce system. It is compatible with any website regardless of how it is built, including WordPress, Shopify, WooCommerce, Wix, Squarespace, and custom-coded sites.

How long does Moat AIS setup take?

Most sites are live within 24 hours of signing up. Complex setups with multiple sites or custom requirements may take a little longer. Customers are emailed when their protection is active.

What is the difference between Moat AIS and a traditional WAF?

A traditional Web Application Firewall uses generic rules applied to all websites. Moat AIS builds a site-specific intelligence profile, meaning it understands what belongs on your particular website — not just websites in general. This allows it to catch threats a generic ruleset would miss and reduces false positive rates significantly.

How much does website security cost in New Zealand?

Moat AIS web security starts from $35 NZD per month for a single website (Solo plan). The Duo plan covers 2 websites for $59/month, and the Agency plan covers 5 websites for $130/month. All plans include AI-powered threat detection, automatic IP banning, and a management dashboard. There are no setup fees and a 14-day money-back guarantee applies to all plans.

What is website security and why does my New Zealand business need it?

Website security protects your site from automated attacks including vulnerability scanners, bots, SQL injection, and hacking attempts. NZ business websites receive thousands of malicious requests every day — most owners are unaware this is happening. Without protection, attackers can exploit vulnerabilities, steal data, inject malware, or take your site offline. Moat AIS detects and blocks these threats automatically, without any technical knowledge required.

How AI Website Security Works | Web Security NZ

The Core Idea

Your website is unique.
Your security should be too.

Every website has a different structure, different URLs, different traffic patterns. A blog looks nothing like a shop. A news site looks nothing like a SaaS app.

Moat AIS analyses your specific website to understand exactly what legitimate activity looks like — and uses that as its baseline for everything else. Anything that deviates gets evaluated. Anything that clearly doesn't belong gets blocked.

The result: security that is as unique as your site, without you having to configure a thing.

Live threat log · web1.example.com

✓ ALLOW 09:14:22 /products/shoes/

✓ ALLOW 09:14:23 /checkout/

✕ BLOCKED 09:14:31 /wp-config.php

✕ BLOCKED 09:14:31 /admin/login.php

✓ ALLOW 09:14:44 /about/

⚠ SCORED 09:14:51 /api/users?id=1 UNION SELECT

93.8% hit rate · 2 IPs auto-banned today

Three Pillars

The Moat AIS intelligence stack

Site Intelligence

Moat AIS develops a precise understanding of what your website is supposed to look like — its structure, its patterns, the behaviour of its legitimate visitors. This isn't a generic ruleset shared with every other customer. It's a model built specifically for your site.

That understanding deepens over time, and your dashboard gives you full visibility and control over what's permitted — including areas that require your direct input.

Real-Time Threat Detection

Every request reaching your site is evaluated the moment it arrives — before it touches your server. Traffic that fits your site's profile passes through without friction. Traffic that doesn't is assessed, tracked, and acted on.

Threats don't get a second chance. Persistent or high-risk sources are blocked automatically, with no manual intervention required on your part.

AI Pattern Analysis

On a continuous cycle, our AI looks across recent activity for patterns that point-in-time detection can miss — coordinated behaviour, subtle enumeration, attack campaigns that spread across multiple sources over time.

It also works to keep your protection current as your site evolves — surfacing suggestions that keep legitimate visitors flowing freely while the net tightens around everything else. You stay in control of every decision.

Comparison

Moat AIS vs traditional website security

Feature	Moat AIS	Traditional WAF	IP Blocklist
Site-specific intelligence	✓ Yes	✕ No	✕ No
Zero-day threat detection	✓ Yes	Partial	✕ No
No rules to write or maintain	✓ Yes	✕ No	✕ No
AI analysis on a continuous cycle	✓ Yes	✕ No	✕ No
Adapts as your site changes	✓ Automatic	Manual	✕ No
Real-time blocking	✓ Yes	✓ Yes	Partial
No performance impact on site	✓ None	Some latency	✓ Yes
Multi-site dashboard	✓ Included	Add-on	✕ No

Threat Coverage

What Moat AIS stops

⊘

Vulnerability scanners

Automated tools probing for exploitable paths, config files, and outdated software.

⊘

SQL injection & query attacks

Requests designed to extract, manipulate, or destroy your database via malicious query strings.

⊘

Path traversal attacks

Attempts to reach files outside your web root using directory traversal sequences.

⊘

Zero-day probing

Mass exploitation of newly-disclosed CVEs. Requests for paths that don't belong on your site are blocked before they reach your server.

⊘

Coordinated & distributed scans

Attacks spread across many IP addresses to evade simple blocklists. Our AI analysis is specifically designed to detect coordinated behaviour.

⊘

Known attack tools

Recognised scanner and exploitation frameworks identified by their signatures and behaviour patterns.

⊘

Aggressive bot scraping

High-volume automated harvesting using known bot signatures and unusual request patterns. Rate limiting applies to all sources.

FAQ

Website security FAQ

We use a guided training approach. During setup, your IP is registered as a training IP and you simply browse your site normally — visiting every page, testing forms, using features. Moat AIS records every URL and query pattern it sees from that session and presents them for you to approve in the dashboard. Once approved, those paths form your site's blueprint. The AI then monitors real traffic to suggest additions over time, and you can add paths manually at any point.

Moat AIS is designed to block threats, not visitors. It distinguishes between genuine browsing behaviour and malicious activity with high accuracy. The dashboard also lets you explicitly whitelist any path or IP at any time, giving you full control over what passes through.

No. Our team handles the technical setup. Once live, your dashboard is designed to be clear and actionable without requiring security expertise. You see what's being blocked, what threats were stopped, and how your protection is performing.

Yes — and nothing on your server needs to change. Moat AIS operates as a transparent security gateway in front of your existing server. It intercepts traffic at the DNS level, filters it, and forwards clean requests to your origin. Your CMS, platform, and server configuration are completely untouched. It works with WordPress, Shopify, WooCommerce, Squarespace, or any custom-built site.

Most sites are live within an hour. The only real delay is DNS propagation — once your DNS record points to our security gateway, your TLS certificate is issued automatically and traffic starts flowing through protection immediately. We'll confirm when you're live.

Moat AIS automatically re-analyses your site on a weekly cycle to pick up new pages and content. You can also trigger an update manually at any time through your dashboard, or add new paths directly to your whitelist.

No — and that's by design. Every new deployment starts in Passive Mode. In passive mode, Moat AIS scores and analyses all traffic exactly as it would in live operation, but no visitors are blocked. Threats are identified and flagged in your dashboard as "earmarked." This lets you review what the system would block before it blocks anything, so you can verify the setup is correct and your legitimate visitors won't be affected.

When you're ready — typically after 24–48 hours of monitoring — you switch to Blocking Mode with a single click in the dashboard. All earmarked threats are banned instantly, and new threats are blocked in real time from that point forward. You can revert to Passive at any time if you need to make changes safely.

Yes. Government portals, critical infrastructure, and large enterprise deployments have different requirements — high traffic volumes, compliance frameworks like NZISM or ISO 27001, data sovereignty constraints, and custom SLA expectations. We scope these engagements individually rather than offering a fixed price. Our team has 15 years of experience managing government and enterprise web infrastructure at scale, so we understand the operational realities these environments demand. Get in touch and we'll work through the requirements with you.

Intelligence built
differently.

Your website is unique.
Your security should be too.

The Moat AIS intelligence stack

Moat AIS vs traditional website security

What Moat AIS stops

Website security FAQ

See it in action on your website

Intelligence builtdifferently.

Your website is unique.Your security should be too.

The Moat AIS intelligence stack

Moat AIS vs traditional website security

What Moat AIS stops

Website security FAQ

See it in action on your website

Intelligence built
differently.

Your website is unique.
Your security should be too.