Title: Vulnity Security Author: manuelgalan Published: January 28, 2026 Last modified: April 1, 2026 --- Search plugins ![](https://ps.w.org/vulnity/assets/banner-772x250.png?rev=3448566) ![](https://ps.w.org/vulnity/assets/icon-256x256.png?rev=3497049) # Vulnity Security By [manuelgalan](https://profiles.wordpress.org/manuelgalan/) [Download](https://downloads.wordpress.org/plugin/vulnity.1.2.3.zip) * [Details](https://wordpress.org/plugins/vulnity/#description) * [Reviews](https://wordpress.org/plugins/vulnity/#reviews) * [Installation](https://wordpress.org/plugins/vulnity/#installation) * [Development](https://wordpress.org/plugins/vulnity/#developers) [Support](https://wordpress.org/support/plugin/vulnity/) ## Description Vulnity Security brings enterprise-grade threat detection to WordPress. It connects your site to Vulnity’s SIEM platform, correlates events, and alerts you before issues become incidents. #### Features * Real-time security event collection and forwarding to Vulnity SIEM. * Dashboard widgets that highlight critical findings and remediation steps. * Scheduled security scans for core files, plugins, and themes. * Centralized logging compatible with major SOC workflows. #### Integration Requirements To receive alerts, configure an API token and endpoint URL provided by your Vulnity SIEM account. Detailed configuration instructions are displayed after activating the plugin under **Vulnity > Settings**. #### External Services This plugin connects to Vulnity’s external API hosted on Supabase Edge Functions( domain: `euxnoekqasvzwfcbybkg.supabase.co`, base URL `https://euxnoekqasvzwfcbybkg. supabase.co/functions/v1`) to power SIEM alerts, inventory sync, and mitigation updates. * **What the service is and what it is used for:** - Vulnity SIEM API for pairing/unpairing, heartbeat checks, sending alerts, testing connectivity, syncing inventory, and receiving mitigation policies. * **Endpoints used:** - `/pair-plugin`, `/unpair-plugin` (pairing and disconnecting the site). - `/heartbeat` (periodic health check). - `/connection-test` (manual connection test). - `/scan-site-info` (inventory sync). - `/generic-alert`, `/brute-force-alert`, `/file-security-alert`, `/manage-user`,`/ user-management-alert`, `/permission-change-alert`, `/file-editor-alert`, `/ plugin-change-alert`, `/theme-change-alert`, `/core-update-alert`, `/suspicious- query-alert`, `/scanner-detected-alert` (security alerts). - `/mitigation-config`, `/mitigation-update` (mitigation policy sync and block/ unblock updates). * **What data is sent and when:** - Pairing/unpairing: site ID, pair code, plugin/WordPress/PHP versions, and timestamp when pairing or disconnecting occurs. - Heartbeat: site ID, URLs, site metadata (name, language, timezone, theme), and runtime info (plugin/WordPress/PHP versions, latency) on a scheduled interval. - Alerts: site ID, alert type/severity, timestamps, and event details (such as IP address, user/action metadata, or file change context) whenever a security event is detected. - Inventory sync: site inventory details (installed plugins/themes/core metadata) when inventory sync runs. - Mitigation: site ID, block/unblock actions, IP address, reason, duration, and rule metadata when mitigation rules are synced or enforcement actions occur. * **Why the data is sent:** - To associate the site with your Vulnity account, deliver security alerts to the SIEM, validate connectivity, synchronize inventory and mitigation policies, and keep firewall enforcement consistent. * **Policies:** See the Vulnity [Terms of Service](https://vulnity.io/terms) and [Privacy Policy](https://vulnity.io/privacy) for details on how data is handled. ### License This plugin is licensed under the GNU General Public License v2.0 or later. You are free to redistribute and/or modify it under the terms of the GPL as published by the Free Software Foundation. The complete license text is included in the bundled` license.txt` file and is also available online at https://www.gnu.org/licenses/gpl- 2.0.html. ## Screenshots * [[ * Dashboard overview with real-time threat summary. * [[ * Alert detail screen showing remediation steps. * [[ * Settings page for configuring API credentials and scan schedules. * [[ * [[ * [[ ## Installation 1. Upload the plugin files to the `/wp-content/plugins/vulnity` directory or install from the WordPress plugin repository. 2. Activate the plugin through the **Plugins** screen in WordPress. 3. Navigate to **Vulnity > Settings**, enter your Vulnity SIEM credentials, and save. 4. (Optional) Enable scheduled scans on the **Monitoring** tab to receive weekly reports. ## FAQ ### Do I need a Vulnity SIEM subscription? Yes. The plugin requires an active Vulnity SIEM account to collect and analyze events. ### Will the plugin slow down my site? No. Event collection runs asynchronously and offloads processing to the Vulnity cloud platform. ### Can I disable certain alerts? Absolutely. Use the **Alert Policies** section within the plugin settings to mute or reclassify events. ## Reviews There are no reviews for this plugin. ## Contributors & Developers “Vulnity Security” is open source software. The following people have contributed to this plugin. Contributors * [ manuelgalan ](https://profiles.wordpress.org/manuelgalan/) [Translate “Vulnity Security” into your language.](https://translate.wordpress.org/projects/wp-plugins/vulnity) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/vulnity/), check out the [SVN repository](https://plugins.svn.wordpress.org/vulnity/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/vulnity/) by [RSS](https://plugins.trac.wordpress.org/log/vulnity/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.2.3 * Fixed firewall bootstrap blocking wp-login.php, wp-cron.php, admin-ajax.php, and xmlrpc.php for blocked IPs — admins can now recover access. * Fixed firewall bootstrap returning HTML instead of JSON for REST API requests from blocked IPs. * Fixed uninstall leaving broken .htaccess when file is read-only — now creates safe stub to prevent HTTP 500. * Fixed early IP blocking (plugins_loaded:0) intercepting AJAX and REST requests, breaking admin panel functionality. * Reduced SIEM alert timeout from 10s to 3s to prevent page hangs during attacks. * Reduced inventory sync timeout from 30s to 8s to prevent random slow page loads via pseudo-cron. * Improved file detection in Protect Common Paths — now handles query strings, trailing slashes, and dotted directory names correctly. * Added PHP execution blocking rule for uploads directory in generated Nginx configuration snippet. * Expanded REST API public route whitelist: added WooCommerce v3, UpdraftPlus, BackWPup, Elementor, Forminator, FluentForms, SureCart, MailPoet, and block editor endpoints. * Added `Options -Indexes` to Protect Common Paths .htaccess rules as defense-in- depth measure. * Updated Stable tag from 1.2.2 to 1.2.3. #### 1.2.2 * Fixed anti-collapse dedup system blocking subsequent auto-update state toggle events due to identical hash. * Fixed wrong authentication headers for `/real-time-alerts` endpoint (now uses HMAC-SHA256 signature instead of token). * Fixed missing `remediation` field in auto-update state events sent to the SIEM. * Fixed `version_old` not captured in auto-update events; now recorded via `upgrader_pre_install` hook before files are replaced. * Fixed auto-update trigger running on disable; updates now only fire for newly enabled component types. * Fixed auto-update event detection using `instanceof WP_Automatic_Updater` instead of `wp_doing_cron()` for broader compatibility. * Fixed single-file plugin slug resolving to `.` (e.g. hello-dolly) in update event payloads. * Added `triggered_by` field to update events: `siem_manual`, `siem_auto_update`, or `wp_auto_updater`. * Auto-update toggles in the admin panel are now read-only; changes must be made from the SIEM. * Replaced `parse_url()` with `wp_parse_url()` for WordPress coding standards compliance. #### 1.2.1 * Plugin Check compatibility improvements for filesystem and nonce-related warnings. * Runtime validation improvements for scanner detection, file editor monitoring, and firewall state serialization. #### 1.2.0 * Fixed login URL rename validation against existing pages/posts and reserved WordPress routes. * Fixed uninstall cron cleanup to use `wp_unschedule_hook()` for complete removal. * Fixed heartbeat, mitigation sync, and alert buffer crons not cancelled on plugin disconnect. #### 1.1.9 * Send whitelist IPs (user public IP + localhost) to the SIEM during pairing so the whitelist persists after synchronization. #### 1.1.8 * Fixed Nginx warning notice appearing repeatedly on every admin page load; it now displays only once. * Improved notice format: each protected path is shown on its own line for better readability. * Added link to solution documentation for Nginx .htaccess compatibility. #### 1.1.7 * Fixed deactivation not clearing all cron jobs (4 missing hooks, plus events re- scheduled by late-firing alert hooks). * Added `final_deactivation_cleanup` at priority 9999 to ensure complete cron and. htaccess cleanup after all hooks fire. * Replaced `wp_clear_scheduled_hook` with `wp_unschedule_hook` to clear single events with arguments. * Added native PHP fallback for .htaccess marker removal when WP_Filesystem is unavailable. * Fixed Plugin Check error: replaced direct `is_writable()` with `vulnity_path_is_writable()` and `WP_Filesystem_Direct`. #### 1.1.5 * Fix uninstall multisite cleanup query when `sitemeta` table is not available to prevent SQL warnings in debug.log. #### 1.1.4 * Ensure uninstall removes Vulnity firewall/log folders recursively so no plugin- owned folders are left behind. #### 1.1.3 * Ensure uninstall removes Vulnity firewall/log folders even when permissions are restrictive by attempting safe chmod before cleanup. #### 1.1.2 * Added a dedicated Vulnity log with line-based rotation and safe fallbacks when uploads are not writable. * Added admin warning when firewall storage cannot be written, with clear remediation guidance. * Expanded uninstall cleanup to remove Vulnity log files and firewall artifacts across fallback paths. #### 1.1.1 * Fixed deactivation cleanup so Vulnity hardening marker blocks are removed fully from `.htaccess` without modifying user-defined rules. * Improved deactivation safety in shared hosting environments with conservative, marker-only rollback behavior. #### 1.1.0 * Improved admin UI consistency across Dashboard, Synchronization, Mitigation, Hardening, and Setup screens. * Hardened plugin lifecycle behavior for shared hosting compatibility and safer deactivation/uninstall flows. * Added conservative server integration safeguards to reduce side effects in Apache/ Nginx environments. #### 1.0.5 * Version bump to 1.0.5. #### 1.0.4 * Version bump to 1.0.4. #### 1.0.3 * Standardized admin asset enqueues and AJAX URL localization for compliant loading. * Hardened nonce and capability checks across alerts and admin handlers. * Improved path resolution using WordPress APIs for non-default installs. * Documented external Supabase services used for alerts and mitigation updates. #### 1.0.2 * Initial release. ## Meta * Version **1.2.3** * Last updated **2 days ago** * Active installations **Fewer than 10** * WordPress version ** 5.8 or higher ** * Tested up to **6.9.4** * PHP version ** 7.4 or higher ** * Tags * [intrusion detection](https://wordpress.org/plugins/tags/intrusion-detection/) [monitoring](https://wordpress.org/plugins/tags/monitoring/)[security](https://wordpress.org/plugins/tags/security/) * [Advanced View](https://wordpress.org/plugins/vulnity/advanced/) ## Ratings No reviews have been submitted yet. [Add my review](https://wordpress.org/support/plugin/vulnity/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/vulnity/reviews/) ## Contributors * [ manuelgalan ](https://profiles.wordpress.org/manuelgalan/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/vulnity/)