Description
WebKernelAI Security connects your WordPress site to the WebKernelAI platform.
The plugin can:
- expose secure token-authenticated REST endpoints for WebKernelAI dashboard actions
- enforce signed requests with HMAC + timestamp + nonce replay protection
- restrict API access to trusted WebKernelAI hosts
- apply rate limiting for authentication attempts and security reporting endpoints
- provide file hash inventory for integrity checks (hashes only, no file contents)
- sync SEO metadata (title, description, canonical, OG fields)
- apply security header and CSP configuration
- support advanced CSP controls including manual policy editing for advanced users
- apply robots.txt and llms.txt controls
- apply random-page and taxonomy archive controls
- enable granular per-endpoint feature controls for safer operations
- support production lock profile and advanced security policy rollback history
All analysis and recommendations run in WebKernelAI cloud.
External services
This plugin connects to WebKernelAI cloud services.
It sends data to:
https://webkernelai.com- your configured WebKernelAI dashboard/backend endpoint
What data is sent:
- site connection data (site URL, API endpoint, token-authenticated requests)
- file integrity data (path, SHA-256 hash, file size, modification time)
- SEO sync payloads (IDs and configured metadata fields)
- security/text control payloads (selected options and policy text)
When data is sent:
- when an administrator connects the site from WebKernelAI dashboard
- when dashboard actions request scans, sync, or configuration apply operations
Service links:
- Terms of Service: https://webkernelai.com/terms
- Privacy Policy: https://webkernelai.com/privacy
Screenshots
Installation
- Upload the plugin folder to
/wp-content/plugins/or install via the WordPress plugin screen. - Activate the plugin.
- Go to Settings -> WebKernelAI Security.
- Generate a site token and copy Site URL, API endpoint, and token into your WebKernelAI dashboard.
FAQ
-
Does this plugin send file contents to WebKernelAI?
-
No. The plugin sends file metadata and hashes (for supported scan modes), not raw file contents.
-
Can I disable headers or CSP?
-
Yes. Header and CSP controls are configured from the WebKernelAI dashboard.
-
Can I customize CSP manually?
-
Yes. Advanced users can manually edit CSP policy directives from the dashboard integration and choose enforcement mode.
-
Does the plugin protect against replayed API requests?
-
Yes. Signed requests include freshness validation and nonce replay defense when advanced security mode is enabled.
-
Can I roll back security policy changes?
-
Yes. Advanced security policy versioning keeps history and supports rollback to a previous known-good configuration.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“WebKernelAI Security” is open source software. The following people have contributed to this plugin.
Contributors
Translate “WebKernelAI Security” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.0.2
- Added advanced security mode with signed request validation (HMAC, nonce replay protection, and timestamp freshness checks).
- Added trusted-origin host validation for plugin API access.
- Added rate limiting controls for authentication and selected security endpoints.
- Added production lock profile support and advanced security policy versioning with rollback history.
- Added advanced CSP management support including optional manual policy editing.
- Improved dashboard-facing error messaging and security configuration controls.
1.0.1
- WordPress.org compliance: unique
webkernelai_security_*option keys,WebKernelAI_Security_*class names,X-WebKernelAI-Security-Tokenauth header, automated migration from legacy option names.
1.0.0
- Initial release.