=== SiteFort - Advanced Security, Firewall & Malware Scanner ===
Contributors: sitefortteam
Tags: security, 2fa, vulnerability, malware scanner, firewall
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Enterprise-grade WordPress malware scanner and firewall with 2FA, country blocking, vulnerability scanner and hardening.

== Description ==

### ENTERPRISE WORDPRESS SECURITY, FIREWALL & MALWARE SCANNER

SiteFort protects WordPress sites with a full-site security scanner, malware detection, firewall rules, country blocking, Cloudflare edge blocking, login security, 2FA, vulnerability checks, hardening controls, audit logging, and optional centralized management.

Run SiteFort from **wp-admin** for one site. Connect sites to **SiteFort Console** when you want one panel for multiple websites, remote workflows, alerts, reports, uptime, SSL, and team access.

**Helpful links:** [Plugin Features](https://securewp.net/wordpress-security-plugin/) | [Free Remote Scan](https://securewp.net/security-checker/) | [Pricing](https://securewp.net/pricing/) | [Documentation](https://securewp.net/docs/)

#### CORE SECURITY FEATURES

* **Full-site WordPress security scanner** checks files, accounts, content, database safety, reputation, vulnerabilities, and hidden administrator risks.
* **WordPress malware scanner** detects backdoors, web shells, malicious PHP, injected scripts, SEO spam, suspicious redirects, modified files, and exposed sensitive files.
* **Firewall with country blocking** blocks unwanted traffic by IP, CIDR, country, bot, crawler, user agent, rate limit, scanner behavior, and threat intelligence.
* **Cloudflare edge blocking** syncs supported firewall rules to Cloudflare so high-volume blocks can happen before traffic reaches WordPress.
* **Easy bot filter policy** gives you Basic, Balanced, and Maximum bot protection without writing manual rules.
* **Login security and 2FA** protect users with authenticator apps, email codes, recovery codes, brute-force protection, CAPTCHA, custom login URLs, weak password checks, and breached-password detection.
* **Security hardening** reduces exposure from XML-RPC, user enumeration, PHP execution in uploads, sensitive files, file editing, REST access, application passwords, version output, and missing security headers.
* **Audit log and Console** provide event history, security evidence, multi-site visibility, remote workflows, reports, team access, and alert routing.

#### WORDPRESS SECURITY SCANNER

SiteFort is not limited to file scanning. It runs a layered review of the WordPress site and groups findings by risk so administrators can act quickly.

* **File integrity and malware detection** - checks WordPress core, plugins, themes, uploads, and custom files for unauthorized changes, backdoors, web shells, malware variants, suspicious PHP, injected code, SEO spam, malicious redirects, and exposed sensitive files.
* **User account security** - detects weak account posture, breached passwords, risky roles, suspicious user data, and administrator accounts that need review.
* **Ghost administrator detection** - flags hidden or unexpected administrator accounts, including suspicious admin users created outside normal site workflows.
* **Content and database safety** - checks WordPress data for injected malicious content, suspicious options, unsafe URLs, spam injections, and malicious redirect indicators.
* **Domain and IP reputation** - checks reputation context for the website domain and server IP so blocklist or abuse signals are visible before they affect trust.
* **Vulnerability scanner** - checks WordPress core, plugins, and themes for known vulnerabilities, affected versions, severity, CVE references where available, and recommended action.
* **Server state and exposure checks** - finds public paths, backups, logs, configuration files, and server conditions that can expose secrets or make compromise easier.

#### WORDPRESS FIREWALL

SiteFort provides practical firewall controls for production sites without requiring custom WAF rule writing.

* Block or allow by **IP address, CIDR range, country, bot, crawler, or user agent**.
* Use **country blocking** in block-selected or allow-only mode.
* Detect probes for `.env`, `.git`, `wp-config.php` backups, SQL dumps, debug logs, installer files, and sensitive paths.
* Enable **Cloudflare Sync** to push supported IP, country, and user-agent rules to Cloudflare's edge.
* Escalate repeated active attacks to temporary edge blocks when Cloudflare sync is configured.
* Reduce abusive spikes with rate limiting, 404 probe controls, and community threat intelligence.

#### BOT AND CRAWLER POLICY

Choose **Basic**, **Balanced**, or **Maximum** protection to block hacking tools, vulnerability scanners, scrapers, automated scripts, and unrecognized bots. Trusted search engines, social previews, and major crawlers can stay allowed while unwanted automation is filtered.

#### LOGIN SECURITY AND 2FA

Account takeover is one of the fastest ways to lose control of a WordPress site. SiteFort adds role-based 2FA, authenticator app codes, email codes, recovery codes, brute-force lockouts, CAPTCHA, custom login URLs, weak password enforcement, breached-password detection, safer login responses, and XML-RPC/REST authentication controls.

#### WORDPRESS SECURITY HARDENING

Close common WordPress exposure points from the dashboard: block PHP execution in uploads, protect sensitive files, disable directory listing, disable the theme/plugin file editor, disable or restrict XML-RPC and application passwords, block username enumeration, hide WordPress version output, restrict REST access where appropriate, and apply security headers where supported.

#### VULNERABILITY MANAGEMENT

SiteFort checks installed WordPress core, plugin, and theme versions against vulnerability intelligence and shows affected assets, severity, CVE references where available, and recommended fixes.

**Pro:** automated vulnerability alerts notify teams when a known vulnerability affects an installed plugin, theme, or WordPress core version.

#### AUDIT LOG AND SITEFORT CONSOLE

Track logins, failed logins, lockouts, user changes, plugin/theme changes, firewall blocks, scan results, hardening changes, and sensitive actions.

Use SiteFort from wp-admin for site-level protection. Connect to **SiteFort Console** for multi-site status, scan history, vulnerability tracking, uptime monitoring, SSL expiry checks, remote website scanning, alert routing, downloadable reports, team roles, and support workflows.

#### PRO AND MANAGED SECURITY FEATURES

Core protection is available in the plugin. Paid plans add **unlimited cloud deep threat analysis**, **scheduled malware scans**, **automated vulnerability alerts**, **one-click malware repair**, uptime/SSL monitoring, Slack/Discord/email alert workflows, expert cleanup discounts, and managed security options.

== Installation ==

1. Install SiteFort from the WordPress plugin directory, or upload the plugin ZIP file.
2. For manual installation, upload the unzipped `sitefort` folder to `/wp-content/plugins/`.
3. Activate the plugin from the **Plugins** screen and open **SiteFort** in wp-admin.
4. Activate protection using email verification, a license key, or SiteFort Console authorization.
5. Review scanner, firewall, country blocking, bot policy, login security, 2FA, and hardening settings.
6. Connect Cloudflare from **Settings > Integrations** if you want edge-level firewall enforcement.
7. Run your first security scan and review malware, account, database, reputation, vulnerability, and hardening findings.

SiteFort requires outbound HTTPS for license activation, cloud malware analysis, vulnerability intelligence, firewall intelligence, community blocklist updates, and optional Console sync.

== Frequently Asked Questions ==

= Can I use SiteFort only from my WordPress dashboard? =

Yes. Scanner, malware detection, firewall rules, country blocking, bot policy, login security, 2FA, vulnerability scanning, hardening, audit log, and settings are available from wp-admin. The SiteFort Console is optional for centralized management, remote workflows, reports, alert routing, uptime/SSL monitoring, team access, and support workflows.

= What does the SiteFort scanner check? =

SiteFort scans files, file integrity, malware indicators, user account security, weak and breached passwords, hidden administrator accounts, content and database safety, suspicious URLs, injected content, domain/IP reputation, exposed sensitive files, server state, and known vulnerabilities in WordPress core, plugins, and themes.

= What features require a paid plan? =

Paid plans add unlimited cloud deep threat analysis, scheduled and automated scans, automated vulnerability alerts, one-click malware repair, uptime/SSL monitoring, Slack/Discord/email alert workflows, expert cleanup discounts, and managed security options.

= How does cloud-assisted malware scanning work? =

SiteFort hashes files locally and checks known signatures first. Known clean or known malicious files can be resolved quickly. Unknown or suspicious files may be analyzed more deeply when needed. Results are cached so unchanged files do not need the same work again.

= Does SiteFort send my site's database content to the cloud? =

No. Database and content safety checks run from the WordPress site. SiteFort does not upload posts, pages, comments, WooCommerce orders, customer records, or full database content for malware scanning.

For file scanning, file hashes are sent first. Only files that cannot be verified by hash alone may be uploaded for deeper malware analysis. If `wp-config.php` requires analysis, sensitive configuration values are removed before upload.

= Does SiteFort include country blocking and Cloudflare support? =

Yes. Country blocking is part of the firewall rules. SiteFort can also sync supported IP, country, and user-agent firewall rules to Cloudflare when the domain is proxied through Cloudflare and a scoped API token is configured.

= Can SiteFort help after a site is already hacked? =

Yes. SiteFort can scan for malware, suspicious users, injected content, reputation issues, exposed files, and vulnerable components. Supported plans add one-click malware repair, and expert cleanup or managed security services are available when hands-on response is needed.

== Screenshots ==

1. **Security Overview** - malware status, firewall activity, vulnerability count, login protection, and action center.
2. **Security Scanner** - staged scan progress across files, malware, accounts, database/content safety, reputation, vulnerabilities, and server exposure.
3. **Malware Findings** - affected files, severity, detection type, file integrity status, and remediation actions.
4. **Firewall Controls** - IP rules, country blocking, bot/crawler policy, rate limits, community blocklist, and Cloudflare Sync.
5. **Login Security and 2FA** - role enforcement, authenticator app setup, lockouts, CAPTCHA, custom login URL, and password policy controls.
6. **Security Hardening** - sensitive file protection, PHP execution controls, XML-RPC, REST API, user enumeration, file editor, and headers.
7. **Vulnerability Scanner** - affected plugins, themes, WordPress core, CVE references, severity, and fix guidance.
8. **Audit Log** - searchable security events, user activity, firewall actions, scan results, and sensitive changes.
9. **SiteFort Console** - multi-site status, scans, alerts, reports, uptime, SSL, and team workflows.

== External Services ==

SiteFort connects to external services for licensing, cloud-assisted security analysis, optional Console sync, and integrations you enable. If an optional integration is not configured, SiteFort does not use that service for that feature.

= SiteFort Cloud =

* **Service:** SiteFort Cloud
* **Endpoints:** `intel.securewp.net`, `console.securewp.net`
* **Purpose:** license activation, cloud malware analysis, vulnerability intelligence, firewall intelligence, community blocklist sync, reputation context, and optional Console sync.
* **When/data:** used during license activation, malware scans, vulnerability checks, firewall intelligence updates, blocklist sync, reputation checks, and optional Console sync. Data may include email address, license key/token, site URL, WordPress/plugin versions, installed plugin/theme names and versions, file hashes, scan results, vulnerability findings, reputation status, firewall metadata, blocked IPs, and security configuration metadata.
* **Malware scanning:** file hashes are sent first. Only files that cannot be verified by hash alone may be uploaded for deeper analysis and are deleted after processing. Posts, pages, comments, WooCommerce orders, customer data, and full database content are not sent for malware scanning. If `wp-config.php` requires analysis, sensitive configuration values are removed before upload.
* **Privacy policy:** https://securewp.net/privacy-policy/
* **Terms:** https://securewp.net/terms-and-conditions/

= MaxMind GeoLite2 =

* **Service:** https://www.maxmind.com/en/geolite2/geolite2-country
* **Purpose:** local GeoIP country lookups when MaxMind is configured.
* **When/data:** used to download/update GeoLite2. Sends MaxMind license/download request data. Visitor IPs are resolved locally and are not sent to MaxMind at request time.
* **Privacy policy:** https://www.maxmind.com/en/privacy-policy
* **Terms/EULA:** https://www.maxmind.com/en/geolite2/eula

= Have I Been Pwned =

* **Service:** https://haveibeenpwned.com/Passwords
* **Purpose:** breached-password detection when enabled.
* **When/data:** during login or password validation. Sends only the first 5 characters of the SHA-1 password hash. Full passwords and full hashes are never sent.
* **Privacy policy:** https://haveibeenpwned.com/Privacy
* **Terms:** https://haveibeenpwned.com/TermsOfUse

= Google reCAPTCHA =

* **Service:** https://www.google.com/recaptcha/about/
* **Purpose:** CAPTCHA protection when selected and configured.
* **When/data:** protected login form load or challenge verification. Sends CAPTCHA token, site key, and visitor/browser data required by Google.
* **Privacy policy:** https://policies.google.com/privacy
* **Terms:** https://policies.google.com/terms

= Cloudflare Turnstile =

* **Service:** https://developers.cloudflare.com/turnstile/
* **Purpose:** CAPTCHA protection when selected and configured.
* **When/data:** protected login form load or challenge verification. Sends challenge token, site key, and visitor/browser data required by Cloudflare.
* **Privacy policy:** https://www.cloudflare.com/turnstile-privacy-policy/
* **Terms:** https://www.cloudflare.com/website-terms/

= Cloudflare API =

* **Service:** https://api.cloudflare.com/
* **Purpose:** Cloudflare edge blocking and WAF rule sync when enabled.
* **When/data:** when Cloudflare settings are saved, verified, or synced. Sends Zone ID, API token/credentials, zone details, blocked IPs, country rules, selected user-agent rules, and firewall rule data.
* **Privacy policy:** https://www.cloudflare.com/privacypolicy/
* **Terms:** https://www.cloudflare.com/website-terms/

== Changelog ==

= 1.0.0 =
* Initial release
