Onboard 50 sites in one afternoon
Most agencies get every site under PowerSEC by the end of one work session. Here is the path our top customers take. Step 1 — Generate one shared install token Step 2 — Run the bulk-install script over SSH Step 3 — Watch sites come online in Central Within 30–90 seconds of…
Incident → Receipt — the full triage flow
When PowerSEC raises an incident, you can go from alert to closed receipt without leaving the platform. Here is the canonical flow. 1. Receive the alert 2. Open the incident — see the evidence The incident page shows the matched signatures, the file paths, the snippet that…
Performance impact of PowerSEC
PowerSEC is designed to be lightweight. Here's what to expect for performance impact and how to tune if needed. Typical impact For a site with average traffic (1000 visits/day): | Metric | Impact | |--------|--------| | Page load time | +5-20ms (well under perceptible) | | CPU…
False positives in malware scans
Sometimes the scanner flags a legitimate file as suspicious or malicious. Here's how to handle it. What "false positive" means A false positive is a legitimate file that triggers heuristic detection because it has patterns commonly associated with malware: - Heavy obfuscation…
Site not syncing — what to check
If your site shows "Last sync: 24 hours ago" or "Connection lost" in the dashboard, work through this checklist. 1. Check the plugin is active WP admin → Plugins → confirm PowerSEC is Active. If it's been deactivated, reactivate it. Sync resumes within 5 minutes. 2. Check the…
Plugin installation troubleshooting
If the PowerSEC plugin won't install or activate, this guide walks through common causes. "The link you followed has expired" Your server's PHP uploadmaxfilesize or postmaxsize is smaller than the plugin ZIP. Fix: 1. SSH into your server 2. Edit php.ini (location varies; php…
Refund policy
We want PowerSEC to work for your business. Here's our refund policy in plain language. 30-day money-back guarantee Your first annual subscription comes with a 30-day money-back guarantee. If PowerSEC doesn't work for you: 1. Email support@powersec.io within 30 days of your…
Managing your subscription
Manage your PowerSEC subscription, payment methods, and invoices from the /dashboard/billing page. Viewing your current plan Dashboard → Billing shows: - Current plan (Free / Pro / Agency) - Billing cycle (monthly / annual) - Next billing date + amount - Payment method on file…
IP blocking and rate limiting
Beyond brute-force protection, PowerSEC lets you block specific IPs, IP ranges, or set general rate limits for your site. Manual IP blocking To block a specific IP (or range): 1. PowerSEC → Firewall → IP Blocklist 2. Click Add rule 3. Enter: - IP or CIDR range (e.g.,…
Login security: brute-force protection
Brute-force attacks are the 1 most common attack against WordPress sites. PowerSEC blocks them before they can guess your password. How brute-force attacks work A bot tries thousands of username + password combinations against /wp-login.php and /xmlrpc.php. Common patterns: -…
Vulnerability scanner: reading reports
Your vulnerability report shows known security issues in the plugins, themes, and WordPress core installed on your sites. Where to find it Dashboard → Vulnerabilities tab. Or per-site: open a site → Vulnerabilities sub-tab. What each row means Each vulnerability shows: - CVE ID…
Web Application Firewall (WAF) basics
The PowerSEC WAF inspects every HTTP request to your WordPress site and blocks attacks before they reach your code. How requests flow Rule sets PowerSEC includes: - OWASP Core Rule Set — covers SQL injection, XSS, RFI/LFI, and other OWASP Top 10 categories - WordPress-specific…
File integrity monitoring explained
File integrity monitoring (FIM) detects when files on your server change unexpectedly. PowerSEC compares your live filesystem against a known-good baseline. How baselines work PowerSEC builds a baseline of every file in: - WordPress core (wp-admin/, wp-includes/) - All active…
Understanding malware types found by PowerSEC
When PowerSEC scans your site, suspicious files get one of these verdicts: clean The file matches a known-good signature (WordPress core, official plugin, or your committed code). No action needed. likelyclean Heuristics suggest the file is benign but it doesn't match a known…
Common WordPress attack vectors
Here are the attacks PowerSEC defends against most often, in rough order of frequency. 1. Brute-force login attacks Bots try thousands of common username/password combinations against /wp-login.php and /xmlrpc.php. Most attacks come from compromised IoT devices. PowerSEC…
Why your WordPress site needs security
WordPress powers 43% of all websites — which makes it the 1 target for attackers. If your site is online, it's being probed automatically every few minutes by bots looking for known weaknesses. What attackers are after - Spam injection — your site sends pharmacy spam without…
Welcome to PowerSEC
PowerSEC is an all-in-one WordPress security platform that protects your sites from malware, vulnerabilities, brute-force attacks, and downtime — without you needing to become a security expert. What PowerSEC does for your sites - Real-time threat detection — continuous scanning…
Installing the WordPress plugin
The PowerSEC plugin is the agent that connects your WordPress site to PowerSEC Central. You install it like any other WP plugin. Method 1 — From the WordPress admin 1. Go to Plugins → Add New in your WP admin 2. Search for PowerSEC 3. Click Install Now, then Activate 4. After…
Connecting your first site
Once the PowerSEC plugin is installed and active, you need to pair it with your PowerSEC Central account. The pairing flow 1. In your WP admin, click PowerSEC → Connect 2. The plugin opens a browser window to powersec.io/connect 3. Sign in with your PowerSEC account (or create…
Plan comparison: Free vs Pro vs Agency
Choose the plan that fits your needs. You can upgrade or downgrade at any time from your billing page. Free For personal sites and developers trying out PowerSEC. - ✅ Up to 10 sites - ✅ Daily malware scans - ✅ Vulnerability alerts (manual scan) - ✅ Basic firewall (rule updates…
List all sites under your account
Authenticated GET — returns one row per site you own, including current security state. Response (truncated):
Trigger an on-demand scan
Queue a malware + vulnerability scan for a specific site. Returns a job id you can poll. The scan typically completes within 30–120 seconds depending on site size. Subscribe to the websocket channel site-$SITEID to receive progress updates.
Restore a site from backup
Choose a backup id and target it at the original site (or a different site for migration). Restores run as remote actions. The plugin pulls the backup directly from cloud storage — no transit through Central.
Fetch open incidents across all sites
Useful for building a custom dashboard or piping incidents into your SIEM/Slack. Each incident includes the rule that fired, the affected site/files, the AI-suggested remediation, and a deep-link URL.