WordPress.org

In order to install 6Scan Security, please follow these steps:

1. Upload the ZIP file containing the plugin to your WordPress site, using the "Add New"->"Upload" option on the Plugins screen (or automatically find us by searching for "6Scan").
2. When the plugin has been installed, click to activate the plugin.
3. Once activated, 6Scan Security will display a message informing you how to activate protection.

Please note that 6Scan Security requires read/write access to your .htaccess file, which allows us to intercept and analyze/block suspicious requests before they reach any vulnerable script. If you do not have this access, installation of the plugin may fail.

To allow 6Scan Security to constantly update its signatures and keep you protected, we require the fopen or curl library to be installed and enabled. If you have a file-monitoring extension, you may see frequent changes in the 6Scan signature files; this is normal and is an indication that your protection is working properly and up to date.

Once you register with 6Scan, we will automatically send you an email notification when our scanner detects a threat or another problem with your website. To change the notification options (or completely unsubscribe from these messages) please visit the 6Scan Settings panel. You may also elect to be notified of new threats or problems by SMS to any destination worldwide.

Once installed, 6Scan Security will add three items to your WordPress menu: Dashboard, Settings and Support.

The dashboard shows you the list of security vulnerabilities detected by our scanner. Every security issue can be clicked for more information. There is a textual description of each vulnerability and a link to a public advisory (when available) on a Bugtraq site.

The settings page allows you to configure the following Web Application Firewall security options:

• SQL Injection - Detects and blocks database hacking attempts
• Cross Site Scripting (XSS) - Detects and blocks identity theft attacks, which are based on stolen cookies
• Disable Non-standard request types - Disables any non-GET/POST requests to your site
• Remote File Inclusion protection - Disables requests that include a path to an external PHP file, which could be a major security risk
• CSRF protection for POST requests - Detects and blocks POST requests originating from foreign domains

The support area allows you to ask questions, report bugs or consult on security-related matters. If you need to add confidential details to your support request (such as passwords), you may email us at support@6scan.com instead of posting on our public support forum. All tickets received at support@6scan.com are handled with discretion and your information will only be shared with employees on a need-to-know basis to help solve your problem.

In order to uninstall the 6Scan Security plugin:

1. Open the Plugins menu item on your WordPress admin area
2. Next to the 6Scan Security plugin, click Deactivate, then Delete
3. When the plugin is deleted, any active 6Scan subscription will be automatically deactivated, along with any email or SMS notifications you have configured.

Please note that if you uninstall 6Scan Security, any fixed security vulnerabilities will lose their fixes. If 6Scan Security has fixed vulnerabilities on your site, you must keep the plugin installed to keep these fixes active.

If you encounter any problems during installation, please visit our support area or email us at support@6scan.com.