If you've ever run a live MetaTrader 5 terminal with real money, you know the feeling: a low-level anxiety that something could go wrong while you're not watching. A rogue script opens a position. An indicator with trading permissions fires off an accidental order. A leftover EA from last week's test session wakes up on the wrong chart.
These aren't hypothetical scenarios. They've happened to me, and they've happened to traders I've worked with. The result is always the same — unauthorized trades silently eating into your account while you assume everything is running according to plan.
The Problem with MetaTrader's Security Model
MetaTrader 5 is an incredibly powerful platform. But when it comes to controlling which programs can trade on your account, the built-in options are limited. You can enable or disable "AutoTrading" globally — a single toggle that affects every Expert Advisor, script, and indicator on every chart simultaneously.
There's no granularity. No way to say: "Only EA #1 and EA #2 are allowed to trade. Everything else gets blocked."
When you're running multiple strategies across different symbols and timeframes, this becomes a real problem. You might have:
- A gold scalping EA on XAUUSD M5
- A trend-following system on EURUSD H1
- A custom indicator that inadvertently has trade permissions enabled
- A test script you forgot to remove from a chart
All of them share the same execution pipeline. All of them can send orders to your broker. The global AutoTrading switch is either on (for everything) or off (for everything). There's no middle ground.
The Concept: Whitelisting by Magic Number
Every order in MetaTrader 5 carries a magic number — an integer identifier that EAs assign to the trades they open. It's how you tell one strategy's positions apart from another's. My firewall leverages this existing mechanism.
The idea is simple: maintain a whitelist of approved magic numbers. Before any trade request reaches the broker, intercept it and check the magic number against the whitelist. If it's approved, let it through. If not, block it and log the attempt.
Think of it like a network firewall, but for trade requests. Default deny — only explicitly whitelisted traffic gets through.
How It Works
The implementation uses a custom DLL that hooks into the trade execution layer. Here's the simplified flow:
// Firewall configuration
int approved_magics[] = {100001, 100002, 100003};
// On every trade request:
bool IsTradeAllowed(int magic_number)
{
for(int i = 0; i < ArraySize(approved_magics); i++)
{
if(approved_magics[i] == magic_number)
return true;
}
LogBlockedAttempt(magic_number);
SendTelegramAlert("Blocked trade attempt: magic " + IntegerToString(magic_number));
return false;
}The real implementation is more sophisticated — it handles pending orders, modifications, and partial closes. But the core principle stays the same: every trade request must present a valid magic number or it gets rejected.
Configuration Is Straightforward
Each EA you deploy gets a unique magic number. You register that magic number in the firewall's configuration. The firewall runs as a persistent service within the terminal, inspecting every OrderSend() call before it reaches the broker.
| Magic Number | Strategy | Symbol | Status |
|---|---|---|---|
| 100001 | Gold Scalper v3 | XAUUSD | Approved |
| 100002 | EUR Trend H1 | EURUSD | Approved |
| 100003 | Cable Mean Rev | GBPUSD | Approved |
| 999999 | Unknown | — | Blocked |
What Changed After Deploying It
The impact was immediate. Within the first week of running the firewall on a live VPS, it caught two unauthorized trade attempts — both from a test indicator I'd forgotten to remove from a chart. Neither had a registered magic number. Both were silently blocked, and I got a Telegram notification within seconds.
More importantly, the psychological effect was significant. I stopped worrying about what might happen when I wasn't monitoring the terminal. The firewall enforced a strict boundary: only my approved strategies could interact with the broker. Everything else was dead on arrival.
Real-World Benefits
- Account protection — No more surprise positions from forgotten scripts or misconfigured EAs
- Clean audit trail — Every blocked attempt is logged with timestamp, magic number, symbol, and requested volume
- Instant alerts — Telegram notifications let you investigate in real-time
- Safe testing — You can load test EAs on live charts without risking actual trades (just don't whitelist their magic numbers)
- Regulatory clarity — If you manage other people's money, you can prove exactly which strategies were authorized to trade
Should You Build One?
If you're running a single EA on a single chart, probably not. The overhead isn't worth it. But if you're managing multiple strategies on a live account — especially on a VPS that runs 24/7 without constant supervision — a trading firewall moves from "nice to have" to "essential infrastructure."
The cost of an unauthorized trade isn't just the financial loss. It's the contaminated track record, the unexplainable drawdown, the hours spent figuring out what happened. A firewall eliminates that entire category of risk.
I've open-sourced the core concept and will be sharing the implementation details in upcoming posts. If you're interested in deploying something similar for your own MT5 setup, get in touch — I'm happy to discuss the architecture.