Web Application Firewall (WAF) basics
The PowerSEC WAF inspects every HTTP request to your WordPress site and blocks attacks before they reach your code. How requests flow Rule sets PowerSEC includes: - OWASP Core Rule Set — covers SQL injection, XSS, RFI/LFI, and other OWASP Top 10 categories - WordPress-specific…
File integrity monitoring explained
File integrity monitoring (FIM) detects when files on your server change unexpectedly. PowerSEC compares your live filesystem against a known-good baseline. How baselines work PowerSEC builds a baseline of every file in: - WordPress core (wp-admin/, wp-includes/) - All active…
Understanding malware types found by PowerSEC
When PowerSEC scans your site, suspicious files get one of these verdicts: clean The file matches a known-good signature (WordPress core, official plugin, or your committed code). No action needed. likelyclean Heuristics suggest the file is benign but it doesn't match a known…
Common WordPress attack vectors
Here are the attacks PowerSEC defends against most often, in rough order of frequency. 1. Brute-force login attacks Bots try thousands of common username/password combinations against /wp-login.php and /xmlrpc.php. Most attacks come from compromised IoT devices. PowerSEC…
Why your WordPress site needs security
WordPress powers 43% of all websites — which makes it the 1 target for attackers. If your site is online, it's being probed automatically every few minutes by bots looking for known weaknesses. What attackers are after - Spam injection — your site sends pharmacy spam without…
Trigger an on-demand scan
Queue a malware + vulnerability scan for a specific site. Returns a job id you can poll. The scan typically completes within 30–120 seconds depending on site size. Subscribe to the websocket channel site-$SITEID to receive progress updates.