🔌 VistoShield
WordPress Edition

5 specialized security plugins that work standalone. No server required. Each plugin handles a specific security domain — install one or all five for comprehensive WordPress protection.

See All Plugins → Compare Solutions

All plugins free on wordpress.org. GPL-2.0 license.

✅ Works independently — no server needed. Connect to Server Edition for extra power.

5 Plugins. Complete WordPress Security.

Each plugin focuses on a specific security domain. Install individually or combine them for layered protection.

🔍

Security Scanner

File integrity monitoring against official WordPress checksums. Malware detection with 62+ pattern signatures. Vulnerability scanning for known CVEs. Quarantine management with one-click restore.

  • Core file integrity checks against wordpress.org checksums
  • Malware pattern scanning with 62+ detection signatures
  • File quarantine with safe restore and permanent delete
  • Scheduled automated scans with email notifications
Learn More →
🛡️

Firewall & WAF

WordPress Application Firewall with 7 rule categories covering SQL injection, XSS, RFI, directory traversal, and more. 14-point security hardening checklist. HTTP security headers management for HSTS, CSP, and X-Frame-Options.

  • SQL injection, XSS, RFI, and directory traversal blocking
  • 14-point security hardening checklist with one-click fixes
  • 7 HTTP security headers (HSTS, CSP, X-Frame-Options, etc.)
  • Learning mode for safe testing before enforcement
Learn More →
🤖

Bot Detector

User-Agent signature matching with 143+ patterns covering scrapers, spam bots, AI crawlers, and vulnerability scanners. Behavioral scoring engine rates each visitor 0–100. rDNS verification lets legitimate search engine bots through.

  • Block / Challenge / Allow / Monitor per-bot actions
  • Behavioral scoring engine (0–100 threat rating)
  • rDNS verification for Google, Bing, and other good bots
  • AI crawler management (GPTBot, CCBot, ClaudeBot, etc.)
Learn More →
🔒

Login Guard

Brute force protection with progressive lockouts that escalate from 5 minutes to 24 hours. TOTP two-factor authentication for all user roles. Hidden honeypot field catches automated bots. Full login attempt logging with CSV export.

  • Progressive lockout intervals (5m → 15m → 1h → 24h)
  • TOTP two-factor authentication with QR code setup
  • Hidden honeypot field for automated bot detection
  • Login attempt logging with search, filter, and CSV export
Learn More →
📋

Activity Log

Comprehensive security event monitoring that tracks logins, content changes, plugin/theme activations, user role modifications, and settings changes. Alert rules with email, Slack, and webhook notifications. GDPR-compliant data export and erasure.

  • Login, content, plugin, theme, and user tracking
  • Alert rules with email, Slack, and webhook notifications
  • Configurable retention and automatic log cleanup
  • GDPR-compliant data export and personal data erasure
Learn More →

Unified Dashboard (Pro Bundle)

The Pro Bundle combines all 5 plugins into a single management experience.

📊

Central Security Overview

One dashboard shows scanner results, firewall blocks, bot activity, login attempts, and security events. No more switching between 5 plugin pages — everything is unified.

🌐

Multi-Site Management

Manage security across multiple WordPress sites from a single interface. Push configurations, view aggregated reports, and respond to threats across your entire network.

📨

Advanced Reporting

Weekly and monthly security reports delivered to your inbox. Trend analysis, attack pattern detection, and actionable recommendations to strengthen your security posture.

How We Compare

See how VistoShield WordPress Edition stacks up against other WordPress security solutions.

Feature VistoShield Wordfence Sucuri iThemes
Open source ✅ GPL-2.0 Partial
Cloud dependency ✅ None Required Required (CDN) Required
Malware scanning ✅ Local (62+ sigs) ✅ Cloud ✅ Cloud ✅ Cloud
WAF / Firewall ✅ Application-level ✅ Application-level ✅ CDN-level ✅ Basic
Bot detection ✅ 143+ signatures Basic Basic
2FA authentication ✅ TOTP built-in ✅ Premium ✅ Premium
Activity logging ✅ Full (dedicated plugin) ✅ Premium ✅ Basic ✅ Basic
Server-level firewall ✅ Via Server Edition
Modular architecture ✅ 5 separate plugins ❌ Monolithic ❌ Monolithic ❌ Monolithic
Free tier ✅ Full features Limited Limited Limited

WordPress Pricing

All plugins are free with full functionality. The Pro Bundle adds management and support.

WP Free

$0 forever
  • All 5 plugins individually
  • Full core functionality — no artificial limits
  • 7-day event history for all plugins
  • 143 open source bot signatures
  • Daily automated scans
  • Community support (GitHub)
  • Available on wordpress.org
  • No account required
Download Free
Best Value

WP Pro Bundle

49 /site/year
  • All 5 plugins in one license
  • Configurable history retention up to 3,650 days (10 years). Default: 365 days (1 year)
  • Unified Dashboard with cross-plugin insights
  • 500+ premium bot signatures (daily updates)
  • Advanced reporting: weekly email reports, PDF export
  • Multisite management: sync settings across sites
  • White-label: replace branding with your own
  • Custom scan scheduling (hourly, specific times)
  • Priority email & ticket support (24h response)
  • Early access to beta features
  • License key activation
Get WP Pro Bundle

Install from WordPress

Available on the official WordPress plugin directory.

From Plugin Directory

In your WordPress admin, go to:

Plugins → Add New → Search "VistoShield"

Install each plugin individually or search for the specific one you need: Security Scanner, Firewall, Bot Detector, Login Guard, or Activity Log.

Manual Install

Download the ZIP from our plugins page or from wordpress.org.

Upload via Plugins → Add New → Upload Plugin in your WordPress admin.

Want server-level protection too? Explore Server Edition →