Title: Genisoft Security Connector
Author: genisoftweb
Published: <strong>July 18, 2026</strong>
Last modified: July 18, 2026

---

Search plugins

![](https://ps.w.org/genisoft-security-connector/assets/icon-256x256.png?rev=3612799)

# Genisoft Security Connector

 By [genisoftweb](https://profiles.wordpress.org/genisoftweb/)

[Download](https://downloads.wordpress.org/plugin/genisoft-security-connector.0.8.1.zip)

 * [Details](https://wordpress.org/plugins/genisoft-security-connector/#description)
 * [Reviews](https://wordpress.org/plugins/genisoft-security-connector/#reviews)
 *  [Installation](https://wordpress.org/plugins/genisoft-security-connector/#installation)
 * [Development](https://wordpress.org/plugins/genisoft-security-connector/#developers)

 [Support](https://wordpress.org/support/plugin/genisoft-security-connector/)

## Description

**Genisoft Security Connector** is the official plugin for **[WP Security](https://wordpress.genisoft.fr)**(
by Genisoft) — a remote **security audit and malware detection** service for WordPress.

This plugin is a **lightweight connector**: it performs no analysis itself. It exposes
a **read-only REST API authenticated with HMAC-SHA256** that the WP Security engine
calls to audit your site **remotely**, without SSH or FTP. The heavy analysis (detection
of **webshells, backdoors, injections, obfuscated code**, WordPress core integrity
checks against the official `api.wordpress.org` checksums, and YARA rules) runs **
on our servers**, in an isolated environment — your site stays light and fast.

**What the scanner detects:**

 * PHP webshells and backdoors
 * Injectors and malicious redirects
 * Obfuscated / encoded code
 * Modified WordPress core files
 * Vulnerable plugins and themes (CVE)
 * Code injected into the database (wp_options, etc.)

**Secure by design:**

 * HMAC-SHA256 authentication on every request (signature + timestamp; requests 
   older than 5 minutes are rejected). One unique key per site.
 * **Read-only:** files are read for analysis, never executed (no `eval`, `exec`
   or `include` on external content).
 * No SSH, no SFTP.

#### Third-party service

This plugin is a connector: it **requires an account on the external WP Security
service** (`https://wordpress.genisoft.fr`) to be useful. Each time you start a 
scan from your WP Security dashboard, the service calls the plugin’s read-only REST
API to read the files to analyze. File contents are **not stored** by the service—
only analysis results (metadata) are kept; hosting is in the EU (GDPR).

 * Service website: https://wordpress.genisoft.fr
 * Terms of service: https://wordpress.genisoft.fr/legal/cgu
 * Privacy policy: https://wordpress.genisoft.fr/legal/confidentialite

## Installation

 1. Upload the `genisoft-security-connector` folder to `/wp-content/plugins/`, or install
    the plugin via **Plugins  Add New**.
 2. Activate the plugin from the **Plugins** menu in WordPress.
 3. Go to **Settings  Genisoft Security** and copy your site URL and connection key.
 4. Create an account at [wordpress.genisoft.fr](https://wordpress.genisoft.fr/sites/new),
    connect your site and run your first scan.

## FAQ

### Does the plugin slow down my site?

No. The connector only exposes a read-only API; all the heavy analysis runs on the
WP Security servers, not on your hosting.

### Do I need a WP Security account?

Yes. The plugin is a connector to the WP Security service; it does not work on its
own. Connecting a site and running a discovery scan are free.

### Can the plugin modify my files?

No. This connector is strictly **read-only**: it never executes, modifies, deletes
or moves your files.

### Are my files sent to a third party?

Only the files needed for analysis are read on demand during a scan. They are not
stored — only the results (metadata) are kept, hosted in the EU.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“Genisoft Security Connector” is open source software. The following people have
contributed to this plugin.

Contributors

 *   [ genisoftweb ](https://profiles.wordpress.org/genisoftweb/)

[Translate “Genisoft Security Connector” into your language.](https://translate.wordpress.org/projects/wp-plugins/genisoft-security-connector)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/genisoft-security-connector/),
check out the [SVN repository](https://plugins.svn.wordpress.org/genisoft-security-connector/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/genisoft-security-connector/)
by [RSS](https://plugins.trac.wordpress.org/log/genisoft-security-connector/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 0.8.1

 * Privacy: the database scan no longer returns site administrators’ email addresses(
   only non-personal signals: unusual login, account age).

#### 0.8.0

 * Read-only connector: info, files, file content and database scan endpoints.
 * HMAC-SHA256 authentication with signed query string.

## Meta

 *  Version **0.8.1**
 *  Last updated **14 hours ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 6.0 or higher **
 *  Tested up to **7.0.2**
 *  PHP version ** 8.0 or higher **
 * Tags
 * [hacked](https://wordpress.org/plugins/tags/hacked/)[malware](https://wordpress.org/plugins/tags/malware/)
   [scanner](https://wordpress.org/plugins/tags/scanner/)[security](https://wordpress.org/plugins/tags/security/)
   [security audit](https://wordpress.org/plugins/tags/security-audit/)
 *  [Advanced View](https://wordpress.org/plugins/genisoft-security-connector/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/genisoft-security-connector/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/genisoft-security-connector/reviews/)

## Contributors

 *   [ genisoftweb ](https://profiles.wordpress.org/genisoftweb/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/genisoft-security-connector/)