WordPress Security Modules
VistoShield provides 14 security modules managed from one EU-hosted cloud dashboard.
Available Modules
🔍 Security Scanner
File integrity monitoring, malware detection, and vulnerability scanning. Checks WordPress core files against official checksums, scans for malicious patterns, and identifies known vulnerabilities.
Read Security Scanner documentation →
🛡 Firewall & WAF
WordPress Application Firewall with 7 rule categories (SQLi, XSS, LFI, RFI, RCE, Scanner Detection, Comment Spam). Includes security hardening checklist and HTTP security headers management.
🤖 Bot Detector
User-Agent signature matching with 143+ patterns. Behavioral scoring engine assigns suspicion scores (0-100). Cloudflare-style inline controls for Block/Challenge/Allow/Monitor per signature.
Read Bot Detector documentation →
🔒 Login Guard
Brute force protection with progressive lockouts (5min → 15min → 24h). TOTP two-factor authentication. Hidden honeypot field. Login attempt logging with CSV export.
Read Login Guard documentation →
📋 Activity Log
Comprehensive security event monitoring — logins, content changes, plugin/theme actions, settings changes. Alert rules with email, Slack, and webhook notifications. GDPR-compliant.
Read Activity Log documentation →
📡 Live Traffic
Real-time HTTP request monitoring. Watch every request hitting your server — filter by humans, bots, and blocked traffic. User agent analysis, geographic origin data, and response code tracking.
Read Live Traffic documentation →
🔑 Password Policy
Enforce strong password requirements with configurable complexity rules, breach detection via Have I Been Pwned, password expiration, and per-role policy overrides.
Read Password Policy documentation →
🔐 API Security
REST API key authentication, rate limiting, endpoint control, user enumeration prevention, XML-RPC protection, and CORS configuration.
Read API Security documentation →
🩹 Vulnerability Patcher
Detect known vulnerabilities in plugins, themes, and core. Apply virtual patches via WAF rules, manage auto-updates by severity, and roll back problematic changes.
Read Vulnerability Patcher documentation →
🚨 Incident Response
Automated incident detection from multiple security sources with pre-built response playbooks. Isolation tools, multi-channel notifications, and detailed incident reporting.
Read Incident Response documentation →
🌐 CDN Connector
Multi-CDN integration for Cloudflare, Bunny CDN, Fastly, AWS CloudFront, and KeyCDN. Sync blocked IPs to the edge, manage cache, and activate shield mode during attacks.
Read CDN Connector documentation →
🔎 DNS Monitor
DNS health checks across 9 categories, SSL certificate monitoring, change detection, and email security validation (SPF, DKIM, DMARC).
Read DNS Monitor documentation →
⏱ Uptime Monitor
Cloud-based HTTP, TCP, DNS, and ping monitoring with incident tracking, response time graphs, and SMS notifications.
Read Uptime Monitor documentation →
🛡 Reputation Monitor
Domain blacklist checking against 12+ providers including Spamhaus, SURBL, SpamCop, Google Safe Browsing, and more. Status change alerts and remediation guidance.
Read Reputation Monitor documentation →
☁️ Cloud Dashboard
Centralized security management across all your sites. Multi-site overview, automated PDF reports, team management, alerts, and incident workflows — all from one EU-hosted interface.
Read Cloud Dashboard documentation →
Installation
- Go to Plugins → Add New in your WordPress admin
- Search for "VistoShield"
- Click Install Now then Activate
Or download from GitHub Releases and upload via Plugins → Add New → Upload Plugin.
Unified Dashboard
All VistoShield modules share a single VistoShield menu in the WordPress admin sidebar. A central dashboard shows summary cards for all enabled modules with live statistics.
Server Integration
All modules can optionally connect to the VistoShield Linux daemon running on the same server. This enables WordPress-level detections to feed into the server-level firewall for complete protection.
Configure the integration in each module's Settings tab → VistoShield Server section.