How PowerSEC's malware scanner stays safe (it never runs the code it scans)
PowerSEC's scanner detects malware by static pattern matching and never executes, evals, or unpacks-by-running the code it scans — so a scanned file can't compromise the scanner.
Actively-exploited vulnerabilities: why some are flagged "fix first"
PowerSEC flags vulnerabilities that are confirmed exploited in the wild (CISA KEV) and sorts them to the top so you patch what attackers are actually using first.
Web Application Firewall (WAF) basics
The PowerSEC WAF blocks SQL injection, XSS, and WordPress-specific attacks. Learn how to configure rules and handle false positives.
File integrity monitoring explained
File integrity monitoring detects unexpected file changes by comparing your live filesystem against a known-good baseline.
Understanding malware types found by PowerSEC
Learn what each PowerSEC malware verdict means — from clean to confirmed_malicious — and how to respond.
Common WordPress attack vectors
The 7 most common WordPress attack types — brute-force, SQLi, XSS, file uploads, SEO spam, and more — and how PowerSEC defends against them.
Why your WordPress site needs security
WordPress powers 43% of the web and is the #1 attack target. Here's what's at stake and why automated security matters.
Trigger an on-demand scan
You can trigger a manual security scan at any time from the dashboard, CLI, or API. Using the CLI From the dashboard 1. Dashboard → Sites → your site 2. Click Run scan now 3. Choose scan type: - Quick scan — malware signatures + changed files only (30 seconds) - Full scan —…