Title: SiteFort – Advanced Security, Firewall & Malware Scanner Author: securewpteam Published: May 19, 2026 Last modified: May 19, 2026 --- Search plugins ![](https://ps.w.org/sitefort/assets/banner-772x250.png?rev=3537228) ![](https://ps.w.org/sitefort/assets/icon.svg?rev=3536884) # SiteFort – Advanced Security, Firewall & Malware Scanner By [securewpteam](https://profiles.wordpress.org/securewpteam/) [Download](https://downloads.wordpress.org/plugin/sitefort.1.0.0.zip) * [Details](https://wordpress.org/plugins/sitefort/#description) * [Reviews](https://wordpress.org/plugins/sitefort/#reviews) * [Installation](https://wordpress.org/plugins/sitefort/#installation) * [Development](https://wordpress.org/plugins/sitefort/#developers) [Support](https://wordpress.org/support/plugin/sitefort/) ## Description ### ENTERPRISE WORDPRESS SECURITY, FIREWALL & MALWARE SCANNER SiteFort protects WordPress sites with a full-site security scanner, malware detection, firewall rules, country blocking, Cloudflare edge blocking, login security, 2FA, vulnerability checks, hardening controls, audit logging, and optional centralized management. Run SiteFort from **wp-admin** for one site. Connect sites to **SiteFort Console** when you want one panel for multiple websites, remote workflows, alerts, reports, uptime, SSL, and team access. **Helpful links:** [Plugin Features](https://securewp.net/wordpress-security-plugin/) | [Free Remote Scan](https://securewp.net/security-checker/) | [Pricing](https://securewp.net/pricing/) | [Documentation](https://securewp.net/docs/) #### CORE SECURITY FEATURES * **Full-site WordPress security scanner** checks files, accounts, content, database safety, reputation, vulnerabilities, and hidden administrator risks. * **WordPress malware scanner** detects backdoors, web shells, malicious PHP, injected scripts, SEO spam, suspicious redirects, modified files, and exposed sensitive files. * **Firewall with country blocking** blocks unwanted traffic by IP, CIDR, country, bot, crawler, user agent, rate limit, scanner behavior, and threat intelligence. * **Cloudflare edge blocking** syncs supported firewall rules to Cloudflare so high-volume blocks can happen before traffic reaches WordPress. * **Easy bot filter policy** gives you Basic, Balanced, and Maximum bot protection without writing manual rules. * **Login security and 2FA** protect users with authenticator apps, email codes, recovery codes, brute-force protection, CAPTCHA, custom login URLs, weak password checks, and breached-password detection. * **Security hardening** reduces exposure from XML-RPC, user enumeration, PHP execution in uploads, sensitive files, file editing, REST access, application passwords, version output, and missing security headers. * **Audit log and Console** provide event history, security evidence, multi-site visibility, remote workflows, reports, team access, and alert routing. #### WORDPRESS SECURITY SCANNER SiteFort is not limited to file scanning. It runs a layered review of the WordPress site and groups findings by risk so administrators can act quickly. * **File integrity and malware detection** – checks WordPress core, plugins, themes, uploads, and custom files for unauthorized changes, backdoors, web shells, malware variants, suspicious PHP, injected code, SEO spam, malicious redirects, and exposed sensitive files. * **User account security** – detects weak account posture, breached passwords, risky roles, suspicious user data, and administrator accounts that need review. * **Ghost administrator detection** – flags hidden or unexpected administrator accounts, including suspicious admin users created outside normal site workflows. * **Content and database safety** – checks WordPress data for injected malicious content, suspicious options, unsafe URLs, spam injections, and malicious redirect indicators. * **Domain and IP reputation** – checks reputation context for the website domain and server IP so blocklist or abuse signals are visible before they affect trust. * **Vulnerability scanner** – checks WordPress core, plugins, and themes for known vulnerabilities, affected versions, severity, CVE references where available, and recommended action. * **Server state and exposure checks** – finds public paths, backups, logs, configuration files, and server conditions that can expose secrets or make compromise easier. #### WORDPRESS FIREWALL SiteFort provides practical firewall controls for production sites without requiring custom WAF rule writing. * Block or allow by **IP address, CIDR range, country, bot, crawler, or user agent**. * Use **country blocking** in block-selected or allow-only mode. * Detect probes for `.env`, `.git`, `wp-config.php` backups, SQL dumps, debug logs, installer files, and sensitive paths. * Enable **Cloudflare Sync** to push supported IP, country, and user-agent rules to Cloudflare’s edge. * Escalate repeated active attacks to temporary edge blocks when Cloudflare sync is configured. * Reduce abusive spikes with rate limiting, 404 probe controls, and community threat intelligence. #### BOT AND CRAWLER POLICY Choose **Basic**, **Balanced**, or **Maximum** protection to block hacking tools, vulnerability scanners, scrapers, automated scripts, and unrecognized bots. Trusted search engines, social previews, and major crawlers can stay allowed while unwanted automation is filtered. #### LOGIN SECURITY AND 2FA Account takeover is one of the fastest ways to lose control of a WordPress site. SiteFort adds role-based 2FA, authenticator app codes, email codes, recovery codes, brute-force lockouts, CAPTCHA, custom login URLs, weak password enforcement, breached- password detection, safer login responses, and XML-RPC/REST authentication controls. #### WORDPRESS SECURITY HARDENING Close common WordPress exposure points from the dashboard: block PHP execution in uploads, protect sensitive files, disable directory listing, disable the theme/plugin file editor, disable or restrict XML-RPC and application passwords, block username enumeration, hide WordPress version output, restrict REST access where appropriate, and apply security headers where supported. #### VULNERABILITY MANAGEMENT SiteFort checks installed WordPress core, plugin, and theme versions against vulnerability intelligence and shows affected assets, severity, CVE references where available, and recommended fixes. **Pro:** automated vulnerability alerts notify teams when a known vulnerability affects an installed plugin, theme, or WordPress core version. #### AUDIT LOG AND SITEFORT CONSOLE Track logins, failed logins, lockouts, user changes, plugin/theme changes, firewall blocks, scan results, hardening changes, and sensitive actions. Use SiteFort from wp-admin for site-level protection. Connect to **SiteFort Console** for multi-site status, scan history, vulnerability tracking, uptime monitoring, SSL expiry checks, remote website scanning, alert routing, downloadable reports, team roles, and support workflows. #### PRO AND MANAGED SECURITY FEATURES Core protection is available in the plugin. Paid plans add **unlimited cloud deep threat analysis**, **scheduled malware scans**, **automated vulnerability alerts**,** one-click malware repair**, uptime/SSL monitoring, Slack/Discord/email alert workflows, expert cleanup discounts, and managed security options. ### External services SiteFort connects to external services for licensing, cloud-assisted security analysis, optional Console sync, optional CAPTCHA checks, optional GeoIP downloads, optional IP ownership lookups, and integrations you enable. If an optional feature or integration is not configured or used, SiteFort does not contact that service for that feature. #### SiteFort Cloud * **Service:** SiteFort Cloud * **Endpoints:** `securewp.net`, `intel.securewp.net`, `console.securewp.net` * **Purpose:** license activation, plugin service metadata, cloud malware analysis, vulnerability intelligence, firewall intelligence, community blocklist sync, reputation context, clean-file repair, and optional Console sync. * **When/data:** used during license activation, malware scans, vulnerability checks, firewall intelligence updates, blocklist sync, reputation checks, and optional Console sync. Data may include email address, license key/token, site URL, WordPress/ plugin versions, installed plugin/theme names and versions, file hashes, scan results, vulnerability findings, reputation status, firewall metadata, blocked IPs, and security configuration metadata. * **Malware scanning:** file hashes are sent first. Only files that cannot be verified by hash alone may be uploaded for deeper analysis and are deleted after processing. Posts, pages, comments, WooCommerce orders, customer data, and full database content are not sent for malware scanning. If `wp-config.php` requires analysis, sensitive configuration values are removed before upload. * **Temporary storage URLs:** SiteFort Cloud may return temporary upload or download URLs on object-storage hosts such as `*.amazonaws.com` or `*.r2.cloudflarestorage. com`. These URLs are used only for the specific scan upload or clean-file repair download requested by SiteFort Cloud. * **Privacy policy:** https://securewp.net/privacy-policy/ * **Terms:** https://securewp.net/terms-and-conditions/ * **Storage provider policies:** Amazon Web Services privacy policy https://aws. amazon.com/privacy/ and service terms https://aws.amazon.com/service-terms/; Cloudflare privacy policy https://www.cloudflare.com/privacypolicy/ and terms https://www.cloudflare.com/website-terms/ #### MaxMind GeoLite2 * **Service:** MaxMind GeoLite2, https://dev.maxmind.com/geoip/geolite2-free-geolocation- data/ * **Endpoints:** `download.maxmind.com`; MaxMind may redirect downloads to temporary storage URLs such as `*.amazonaws.com` or `*.r2.cloudflarestorage.com`. * **Purpose:** local GeoIP country lookups when MaxMind is configured. * **When/data:** used when an administrator downloads or updates the GeoLite2 database. Sends the configured MaxMind account ID and license key to MaxMind for authentication. Visitor IPs are resolved locally against the downloaded database and are not sent to MaxMind during normal visitor requests. * **Privacy policy:** https://www.maxmind.com/en/privacy-policy * **Terms/EULA:** https://www.maxmind.com/en/geolite2/eula #### Have I Been Pwned * **Service:** https://haveibeenpwned.com/Passwords * **Endpoint:** `api.pwnedpasswords.com` * **Purpose:** breached-password detection when enabled. * **When/data:** during login or password validation. Sends only the first 5 characters of the SHA-1 password hash. Full passwords and full hashes are never sent. * **Privacy policy:** https://haveibeenpwned.com/Privacy * **Terms:** https://haveibeenpwned.com/TermsOfUse #### RIPE NCC and ARIN RDAP * **Service:** RIPE NCC RDAP and ARIN RDAP public registry lookup services. * **Endpoints:** `rdap.db.ripe.net`, `rdap.arin.net` * **Purpose:** IP ownership, network, country, and abuse-contact lookups in the firewall tools. * **When/data:** used only when an administrator requests a WHOIS/RDAP lookup for an IP address from the firewall interface or API. Sends the queried IP address to RIPE NCC first and falls back to ARIN if RIPE does not return a result. Site credentials, user records, scan results, and plugin settings are not sent. Results are cached locally for one hour. * **RIPE NCC privacy policy:** https://www.ripe.net/about-us/legal/ripe-ncc-privacy- statement/ * **RIPE Database terms:** https://docs.db.ripe.net/HTML-Terms-And-Conditions * **ARIN privacy policy:** https://www.arin.net/about/privacy/ * **ARIN Whois/RDAP terms:** https://www.arin.net/resources/registry/whois/tou/ #### Google reCAPTCHA * **Service:** https://www.google.com/recaptcha/about/ * **Endpoints:** `www.google.com`, including `www.google.com/recaptcha/api.js` and `www.google.com/recaptcha/api/siteverify` * **Purpose:** CAPTCHA protection when selected and configured. * **When/data:** protected login form load or challenge verification. Sends CAPTCHA token, site key, and visitor/browser data required by Google. * **Privacy policy:** https://policies.google.com/privacy * **Terms:** https://policies.google.com/terms #### Cloudflare Turnstile * **Service:** https://developers.cloudflare.com/turnstile/ * **Endpoints:** `challenges.cloudflare.com`, including `challenges.cloudflare. com/turnstile/v0/api.js` and `challenges.cloudflare.com/turnstile/v0/siteverify` * **Purpose:** CAPTCHA protection when selected and configured. * **When/data:** protected login form load or challenge verification. Sends challenge token, site key, and visitor/browser data required by Cloudflare. * **Privacy policy:** https://www.cloudflare.com/turnstile-privacy-policy/ * **Terms:** https://www.cloudflare.com/website-terms/ #### Cloudflare API * **Service:** https://api.cloudflare.com/ * **Endpoint:** `api.cloudflare.com` * **Purpose:** Cloudflare edge blocking and WAF rule sync when enabled. * **When/data:** when Cloudflare settings are saved, verified, or synced. Sends Zone ID, API token/credentials, zone details, blocked IPs, country rules, selected user-agent rules, and firewall rule data. * **Privacy policy:** https://www.cloudflare.com/privacypolicy/ * **Terms:** https://www.cloudflare.com/website-terms/ #### Slack Webhooks * **Service:** Slack incoming webhooks, https://api.slack.com/messaging/webhooks * **Endpoint:** `hooks.slack.com` * **Purpose:** optional delivery of SiteFort security notifications to a Slack workspace selected by the administrator. * **When/data:** only when webhook notifications are enabled, a Slack webhook URL is saved, and a notification event or test notification is sent. Data may include site name, site URL, event type, severity, scan counts, vulnerability component names, CVE identifiers, firewall digest counts, lockout identifiers, usernames, IP addresses, browser names, action URLs, timestamps, and other event details included in the selected notification. * **Privacy policy:** https://slack.com/trust/privacy/privacy-policy * **Terms:** https://slack.com/terms-of-service/user #### Discord Webhooks * **Service:** Discord webhooks, https://docs.discord.com/developers/resources/ webhook * **Endpoints:** `discord.com`, `discordapp.com` * **Purpose:** optional delivery of SiteFort security notifications to a Discord channel selected by the administrator. * **When/data:** only when webhook notifications are enabled, a Discord webhook URL is saved, and a notification event or test notification is sent. Data may include site name, site URL, event type, severity, scan counts, vulnerability component names, CVE identifiers, firewall digest counts, lockout identifiers, usernames, IP addresses, browser names, action URLs, timestamps, and other event details included in the selected notification. * **Privacy policy:** https://discord.com/privacy * **Terms:** https://discord.com/terms #### Generic Webhooks * **Service:** Administrator-configured HTTPS webhook endpoint. * **Endpoint:** the HTTPS URL entered by the administrator. * **Purpose:** optional delivery of SiteFort security notifications to a custom endpoint controlled by the site owner or their chosen provider. * **When/data:** only when webhook notifications are enabled, a generic webhook URL is saved, and a notification event or test notification is sent. Data may include site name, site URL, event type, severity, scan counts, vulnerability component names, CVE identifiers, firewall digest counts, lockout identifiers, usernames, IP addresses, browser names, action URLs, timestamps, and other event details included in the selected notification. Generic webhook payloads may include an `X-SiteFort-Signature` header. * **Placeholder:** `https://your-endpoint.com/webhook` is an example shown in the settings UI. It is not contacted unless an administrator replaces it with a real URL and enables generic webhook delivery. * **Privacy policy and terms:** determined by the endpoint or provider configured by the administrator. Site administrators should review and disclose the policies for their chosen webhook receiver. #### Local or user-supplied URL checks Some HTTP requests are loopback checks against the WordPress site’s own public URL, for example security-header checks, public-file exposure checks, and scanner collection of links from the site’s homepage. These requests contact the site being protected, not a third-party service. #### 1.0.0 * Initial release ## Installation 1. Install SiteFort from the WordPress plugin directory, or upload the plugin ZIP file. 2. For manual installation, upload the unzipped `sitefort` folder to `/wp-content/ plugins/`. 3. Activate the plugin from the **Plugins** screen and open **SiteFort** in wp-admin. 4. Activate protection using email verification, a license key, or SiteFort Console authorization. 5. Review scanner, firewall, country blocking, bot policy, login security, 2FA, and hardening settings. 6. Connect Cloudflare from **Settings > Integrations** if you want edge-level firewall enforcement. 7. Run your first security scan and review malware, account, database, reputation, vulnerability, and hardening findings. SiteFort requires outbound HTTPS for license activation, cloud malware analysis, vulnerability intelligence, firewall intelligence, community blocklist updates, and optional Console sync. ## FAQ ### Can I use SiteFort only from my WordPress dashboard? Yes. Scanner, malware detection, firewall rules, country blocking, bot policy, login security, 2FA, vulnerability scanning, hardening, audit log, and settings are available from wp-admin. The SiteFort Console is optional for centralized management, remote workflows, reports, alert routing, uptime/SSL monitoring, team access, and support workflows. ### What does the SiteFort scanner check? SiteFort scans files, file integrity, malware indicators, user account security, weak and breached passwords, hidden administrator accounts, content and database safety, suspicious URLs, injected content, domain/IP reputation, exposed sensitive files, server state, and known vulnerabilities in WordPress core, plugins, and themes. ### What features require a paid plan? Paid plans add unlimited cloud deep threat analysis, scheduled and automated scans, automated vulnerability alerts, one-click malware repair, uptime/SSL monitoring, Slack/Discord/email alert workflows, expert cleanup discounts, and managed security options. ### How does cloud-assisted malware scanning work? SiteFort hashes files locally and checks known signatures first. Known clean or known malicious files can be resolved quickly. Unknown or suspicious files may be analyzed more deeply when needed. Results are cached so unchanged files do not need the same work again. ### Does SiteFort send my site’s database content to the cloud? No. Database and content safety checks run from the WordPress site. SiteFort does not upload posts, pages, comments, WooCommerce orders, customer records, or full database content for malware scanning. For file scanning, file hashes are sent first. Only files that cannot be verified by hash alone may be uploaded for deeper malware analysis. If `wp-config.php` requires analysis, sensitive configuration values are removed before upload. ### Does SiteFort include country blocking and Cloudflare support? Yes. Country blocking is part of the firewall rules. SiteFort can also sync supported IP, country, and user-agent firewall rules to Cloudflare when the domain is proxied through Cloudflare and a scoped API token is configured. ### Can SiteFort help after a site is already hacked? Yes. SiteFort can scan for malware, suspicious users, injected content, reputation issues, exposed files, and vulnerable components. Supported plans add one-click malware repair, and expert cleanup or managed security services are available when hands-on response is needed. ## Reviews There are no reviews for this plugin. ## Contributors & Developers “SiteFort – Advanced Security, Firewall & Malware Scanner” is open source software. The following people have contributed to this plugin. Contributors * [ securewpteam ](https://profiles.wordpress.org/securewpteam/) [Translate “SiteFort – Advanced Security, Firewall & Malware Scanner” into your language.](https://translate.wordpress.org/projects/wp-plugins/sitefort) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/sitefort/), check out the [SVN repository](https://plugins.svn.wordpress.org/sitefort/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/sitefort/) by [RSS](https://plugins.trac.wordpress.org/log/sitefort/?limit=100&mode=stop_on_copy&format=rss). ## Meta * Version **1.0.0** * Last updated **4 hours ago** * Active installations **Fewer than 10** * WordPress version ** 6.0 or higher ** * Tested up to **7.0** * PHP version ** 7.4 or higher ** * Tags * [2FA](https://wordpress.org/plugins/tags/2fa/)[firewall](https://wordpress.org/plugins/tags/firewall/) [malware scanner](https://wordpress.org/plugins/tags/malware-scanner/)[security](https://wordpress.org/plugins/tags/security/) [vulnerability](https://wordpress.org/plugins/tags/vulnerability/) * [Advanced View](https://wordpress.org/plugins/sitefort/advanced/) ## Ratings No reviews have been submitted yet. [Your review](https://wordpress.org/support/plugin/sitefort/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/sitefort/reviews/) ## Contributors * [ securewpteam ](https://profiles.wordpress.org/securewpteam/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/sitefort/)