WordPress Security Plugins
VistoShield provides 5 specialized WordPress plugins that work independently or together as a comprehensive security suite.
Available Plugins
🔍 Security Scanner
File integrity monitoring, malware detection, and vulnerability scanning. Checks WordPress core files against official checksums, scans for malicious patterns, and identifies known vulnerabilities.
Read Security Scanner documentation →
🛡 Firewall & WAF
WordPress Application Firewall with 7 rule categories (SQLi, XSS, LFI, RFI, RCE, Scanner Detection, Comment Spam). Includes security hardening checklist and HTTP security headers management.
🤖 Bot Detector
User-Agent signature matching with 143+ patterns. Behavioral scoring engine assigns suspicion scores (0-100). Cloudflare-style inline controls for Block/Challenge/Allow/Monitor per signature.
Read Bot Detector documentation →
🔒 Login Guard
Brute force protection with progressive lockouts (5min → 15min → 24h). TOTP two-factor authentication. Hidden honeypot field. Login attempt logging with CSV export.
Read Login Guard documentation →
📋 Activity Log
Comprehensive security event monitoring — logins, content changes, plugin/theme actions, settings changes. Alert rules with email, Slack, and webhook notifications. GDPR-compliant.
Read Activity Log documentation →
Installation
- Go to Plugins → Add New in your WordPress admin
- Search for "VistoShield"
- Click Install Now then Activate
Or download from GitHub Releases and upload via Plugins → Add New → Upload Plugin.
Unified Dashboard
When multiple VistoShield plugins are active, they share a single VistoShield menu in the WordPress admin sidebar. A central dashboard shows summary cards for all installed plugins with live statistics.
Server Integration
All plugins can optionally connect to the VistoShield Linux daemon running on the same server. This enables WordPress-level detections to feed into the server-level firewall for complete protection.
Configure the integration in each plugin's Settings tab → VistoShield Server section.