WordPress.org

Ready to get started?Download WordPress

Plugin Directory

6Scan Security

6Scan Security provides comprehensive enterprise-grade security with frequent site scans, powerful firewall, automatic backup, web analytics and much

Does 6Scan Security work with other security plugins?

Yes, 6Scan Security has been tested with many other security, antivirus, firewall and backup plugins and does not conflict with them. If you suspect any compatibility problem, please contact us via our support area or email support@6scan.com.

Will 6Scan Security work with my hosting package?

We work with all standard hosting packages that support WordPress. We have specifically tested 6Scan Security with many popular hosting companies, including GoDaddy, Hostgator, Dreamhost, Site5, 1&1 and others. Of course, more advanced configurations such as VPS/VDS are also supported, as long as your file permissions are configured correctly (see the Installation section for more details).

I get the error "Can't create signature file" or "Can't update .htaccess file" when installing the plugin

6Scan requires write permissions to your web root directory and .htaccess file in order to install the automatic fix signatures. For more information on how to enable write access, please see http://codex.wordpress.org/Changing_File_Permissions .

What web servers does 6Scan support?

6Scan Security currently works with any server that has .htaccess and mod_rewrite support, such as Apache and IIS. This is required, so that 6Scan could intercept and analyze requests before they reach server and potentially vulnerable scripts. Support for Nginx is planned in the future.

Does 6Scan affect my site's performance?

We pay specific attention to our plugin's performance because it should work seamlessly, even under heavy load. Because our initial flagging rules are optimized to be lightning fast, and only suspicious requests undergo additional checks, your site's legigimate users will not be affected.

Does 6Scan protect against TimThumb vulnerability?

TimThumb is an RFI vulnerability, which is based on including a malicious PHP script as a path to your TimbThumb gallery. It is easily filtered out by 6Scan Security's Web Application Firewall. One of the advantages of the application firewall rules is that they are complete generic, and will block out TimThumb wherever it is on your site, as well as automatically blocking similar vulnerabilities in the future.

What is the 6Scan WAF feature?

WAF is an acronym for Web Application Firewall. It is a set of rules which are designed to flag suspicious requests and then act accordingly (for example, by blocking the request before it reaches its target). Our firewall is written to match a set of widespread attacks patterns, while minimizing its impact on user experience.

How often does 6Scan Security scan my site for the newest security threats?

On average, your site will be scanned once every few hours, making sure your site is scanned several times every day for the latest security issues. However, when a new vulnerability is discovered and published, 6Scan Security will scan affected sites with a higher priority to make sure the vulnerability is fixed right away.

How quickly does 6Scan find and protect against new exploits?

We monitor all the large exploit databases 24/7, which allows us to respond immediately to any publicly published exploit. Our security research team also analyzes WordPress and plugin code to find vulnerabilities and malware even before they are known to the general public. Finally, we use honeypots - special traps designed to lure hackers in - to gather information about new techniques hackers try, and those techniques are immediately found and fixed on your site before any damage can happen.

When you have 6Scan installed, you do not need to worry about a newly found exploit for WordPress or any of your installed plugins - we follow security newsfeeds for you and release a fix before hackers find out about and exploit new vulnerabilities.

Why should I choose 6Scan Security and not any other available security plugin?

First, because other plugins do not protect against all the security vulnerabilities we can. Most other plugins are based on a ruleset which recognizes and blocks certain attack signatures. This approach is effective for protecting against some common SQL injection attacks, but fails to detect or prevent hackers from exploiting flawed logic. For example, it could not protect against an authorization bug in a file upload plugin, potentially allowing unauthorized users to upload malware and viruses to your site. 6Scan's security response team constantly updates your blog's protection to deal with the latest threats found on all major exploit databases on the Internet.

Second, because 6Scan Security is easy-to-use, so that anyone - even without a technical background - can understand and use our plugin to fix security problems. Our plugin is easy to activate, very user-friendly but still extremely efficient.

What is a zero-day security vulnerability?

A zero-day vulnerability is a security flaw which has been found by hackers, but has not yet been patched by the vendor of the affected component, making it an easy target for hackers. In fact, most hackers operate by taking the latest zero-day vulnerabilities and scanning the entire web for sites which have them! A general firewall or antivirus product will not protect you against many zero-day attacks since new attacks might not match any currently known pattern.

Once the vendor has released an update, the vulnerability is no longer classified as 'zero-day', but websites must still update the affected component before they are secure. 6Scan Security protects you against zero-day vulnerabilities immediately after they are found and without forcing you to update any components.

Why is it important to fix security vulnerabilities?

Hackers are constantly on the prowl for sites they can exploit. Security vulnerabilities are the hacker's method of gaining unauthorized access to sites. Once they do, they can steal data, deface pages, install spyware or botnets, and perform other malicious actions against the website and its users. Only by making sure your site does not have any vulnerabilities can you secure yourself against these hackers.

What other security measures should I employ?

  • Password strength: 6Scan Security protects your website against hackers, but nobody can protect against a hacker who can guess your password. Always use a complex password that contains letters of different cases, numbers and punctuation. Never use a dictionary word, names of loved ones, or birthdays as passwords, as hackers can easily find them out.
  • Spyware: if your computer is infected with spyware or other malware, it may steal your passwords from you without you even knowing! Always make sure to have current versions of anti-spyware, antivirus and antimalware products active on your computer. Never log in to your site from a public computer, such as a computer in a public library, as these are frequently compromised with malware designed especially to steal passwords as they are entered.
  • Access through HTTPS on public networks: If your website's login form does not use HTTPS, your login details can easily be intercepted as they pass through public networks, such as WiFi in a coffee shop or a public library network. If you must log in from a public network, be sure your login form uses HTTPS encryption.

Can 6Scan Security fix a site that has already been hacked?

6Scan Security protects you from hackers attempting to compromise your site, but it cannot undo the damage a hacker has already caused - it is not an antivirus, but a preemptive protection solution. Any damage must be manually cleaned before 6Scan can effectively secure your site. Our backup feature helps you by ensuring that even if your site is compromised, you will always be able to roll back to a clean and secure version with a minimum of hassle - no antivirus or antimalware required.

6Scan scanned my site and no vulnerabilities were found. What does this mean?

Good news! This means that there are no immediate security problems with your site. However, you should still keep 6Scan Security installed so it can continue to monitor your site. It is quite possible that one of your site's components has a security vulnerability which hasn't yet been discovered. Once it is discovered (either by our security research team or by another party), 6Scan Security will notify you and allow you to patch it before hackers use it to compromise your site.

How is 6Scan Security different from an antivirus or antimalware product?

Antivirus and antimalware products are designed to let you know when your site is infected by a virus or malware, and help you remove it. However, the existence of a virus or malware on your site means it has already been compromised by hackers! 6Scan Security prevents hackers from getting into your site in the first place, meaning you will never have malware installed. However, 6Scan does include a malware scanner that will let you know if there is any pre-existing malicious code on your site.

How am I notified if new security vulnerabilities are found on my site?

You can be notified in three different ways:

  • An email message.
  • A text (SMS) message.
  • A notification on your WordPress dashbord.

To set your notification preferences, simply open your 6Scan Security dashboard, click the Settings tab, and check or uncheck the boxes under Notifications.

How do I unsubscribe from email notifications?

Easy! Open your 6Scan Security dashboard, click the Settings tab, and uncheck the email box under Notifications. You will no longer receive new vulnerability notifications by email.

What is the backup feature?

In addition to our security features, we have also added automatic scheduled backups for your WordPress site. The backup feature makes sure that even in case of an accidental deletion, server problem, or even lost password, you will be able to restore a working and secure version of your site.

Our automatic backup runs automatically on a schedule, backing up both your database and your site's files to our secure cloud datacenter. A number of previous backups can be stored, ensuring you can go back to a number of points in time. You can download the backups from your 6Scan dashboard; backups are secured, and their download is protected by a key, so only you can download them.

I have a feature request!

We are always open to feature requests, especially for security-related features. Please contact us with a detailed description of your request at our support area, and we will consider including it in our plugin.

Who is 6Scan?

We are a team of ex-military security experts who have implemented traditional expensive and complicated website security solutions. We couldn't find a way to effectively secure small and medium websites with lower budgets and no technical expertise - which is why we decided to create a WordPress plugin that's both comprehensive and easy-to-use.

Requires: 3.0.0 or higher
Compatible up to: 3.9.1
Last Updated: 2014-4-6
Downloads: 64,210

Ratings

4 stars
4.1 out of 5 stars

Support

0 of 1 support threads in the last two months have been resolved.

Got something to say? Need help?

Compatibility

+
=
Not enough data

1 person says it works.
0 people say it's broken.

100,1,1
100,1,1 100,2,2 50,2,1 100,1,1
100,2,2 100,1,1 0,1,0 100,1,1
100,2,2 75,4,3 100,2,2 100,2,2
100,2,2
100,2,2 0,1,0 0,1,0
100,1,1 100,1,1
0,1,0
100,1,1 100,1,1 0,1,0
33,3,1
50,2,1
50,2,1
100,1,1
50,2,1
100,1,1