Once the PowerSEC plugin is installed and active, you need to pair it with your PowerSEC Central account.
The pairing flow
- In your WP admin, click PowerSEC → Connect
- The plugin opens a browser window to powersec.io/connect
- Sign in with your PowerSEC account (or create one if you don't have one)
- Confirm the site — you'll see the site name + URL pre-filled
- Click Connect this site
- The plugin and Central exchange API keys automatically — takes ~5 seconds
- Done! You'll be redirected back to your WP admin with a success banner
What happens behind the scenes
- The plugin generates two API keys: a telemetry key (for sending data to Central) and a remote-action key (for receiving commands from Central)
- Central stores hashed copies of both keys
- All future communication is signed using HMAC-SHA256 — no API keys ever travel in the clear
After connecting
Within ~30 seconds you should see your site appear in your dashboard at powersec.io/dashboard/sites. The first scan starts automatically.
What if connection fails?
Common causes:
- Firewall blocking — your server must allow outbound HTTPS to
powersec.io - WAF rule blocking — some hosts (esp. SiteGround, WP Engine) have rules that block the pairing endpoint. Whitelist
powersec.ioin your WAF - Site URL mismatch — if your wp-options site_url differs from where you accessed wp-admin, plugin pairing can fail
If issues persist, see Plugin installation troubleshooting.