{"id":305768,"date":"2026-05-03T10:23:37","date_gmt":"2026-05-03T10:23:37","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/webkernelai-security\/"},"modified":"2026-05-08T09:36:21","modified_gmt":"2026-05-08T09:36:21","slug":"webkernelai-security","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/webkernelai-security\/","author":23452827,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.2","stable_tag":"1.0.2","tested":"6.9.4","requires":"6.2","requires_php":"7.4","requires_plugins":null,"header_name":"WebKernelAI Security","header_author":"WebKernelAI","header_description":"Connects your WordPress site to WebKernelAI as a secure data collector and policy executor. Intelligence and analysis run in WebKernelAI cloud.","assets_banners_color":"02132c","last_updated":"2026-05-08 09:36:21","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/webkernelai.com\/wordpress-security","header_author_uri":"https:\/\/webkernelai.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":92,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.1":{"tag":"1.0.1","author":"aamirsahil","date":"2026-05-03 10:23:13"},"1.0.2":{"tag":"1.0.2","author":"aamirsahil","date":"2026-05-08 09:36:21"}},"upgrade_notice":[],"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3521382,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3521382,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3521382,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3521382,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.1","1.0.2"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3521382,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3521382,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3521382,"resolution":"3","location":"assets","locale":""}},"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[19966,168808,2846,600,186],"plugin_category":[54,55],"plugin_contributors":[256805],"plugin_business_model":[],"class_list":["post-305768","plugin","type-plugin","status-publish","hentry","plugin_tags-csp","plugin_tags-file-integrity","plugin_tags-headers","plugin_tags-security","plugin_tags-seo","plugin_category-security-and-spam-protection","plugin_category-seo-and-marketing","plugin_contributors-aamirsahil","plugin_committers-aamirsahil"],"banners":{"banner":"https:\/\/ps.w.org\/webkernelai-security\/assets\/banner-772x250.png?rev=3521382","banner_2x":"https:\/\/ps.w.org\/webkernelai-security\/assets\/banner-1544x500.png?rev=3521382","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/webkernelai-security\/assets\/icon-128x128.png?rev=3521382","icon_2x":"https:\/\/ps.w.org\/webkernelai-security\/assets\/icon-256x256.png?rev=3521382","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/webkernelai-security\/assets\/screenshot-1.png?rev=3521382","caption":""},{"src":"https:\/\/ps.w.org\/webkernelai-security\/assets\/screenshot-2.png?rev=3521382","caption":""},{"src":"https:\/\/ps.w.org\/webkernelai-security\/assets\/screenshot-3.png?rev=3521382","caption":""}],"raw_content":"<!--section=description-->\n<p>WebKernelAI Security connects your WordPress site to the WebKernelAI platform.<\/p>\n\n<p>The plugin can:<\/p>\n\n<ul>\n<li>expose secure token-authenticated REST endpoints for WebKernelAI dashboard actions<\/li>\n<li>enforce signed requests with HMAC + timestamp + nonce replay protection<\/li>\n<li>restrict API access to trusted WebKernelAI hosts<\/li>\n<li>apply rate limiting for authentication attempts and security reporting endpoints<\/li>\n<li>provide file hash inventory for integrity checks (hashes only, no file contents)<\/li>\n<li>sync SEO metadata (title, description, canonical, OG fields)<\/li>\n<li>apply security header and CSP configuration<\/li>\n<li>support advanced CSP controls including manual policy editing for advanced users<\/li>\n<li>apply robots.txt and llms.txt controls<\/li>\n<li>apply random-page and taxonomy archive controls<\/li>\n<li>enable granular per-endpoint feature controls for safer operations<\/li>\n<li>support production lock profile and advanced security policy rollback history<\/li>\n<\/ul>\n\n<p>All analysis and recommendations run in WebKernelAI cloud.<\/p>\n\n<h3>External services<\/h3>\n\n<p>This plugin connects to WebKernelAI cloud services.<\/p>\n\n<p>It sends data to:<\/p>\n\n<ul>\n<li><code>https:\/\/webkernelai.com<\/code><\/li>\n<li>your configured WebKernelAI dashboard\/backend endpoint<\/li>\n<\/ul>\n\n<p>What data is sent:<\/p>\n\n<ul>\n<li>site connection data (site URL, API endpoint, token-authenticated requests)<\/li>\n<li>file integrity data (path, SHA-256 hash, file size, modification time)<\/li>\n<li>SEO sync payloads (IDs and configured metadata fields)<\/li>\n<li>security\/text control payloads (selected options and policy text)<\/li>\n<\/ul>\n\n<p>When data is sent:<\/p>\n\n<ul>\n<li>when an administrator connects the site from WebKernelAI dashboard<\/li>\n<li>when dashboard actions request scans, sync, or configuration apply operations<\/li>\n<\/ul>\n\n<p>Service links:<\/p>\n\n<ul>\n<li>Terms of Service: https:\/\/webkernelai.com\/terms<\/li>\n<li>Privacy Policy: https:\/\/webkernelai.com\/privacy<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin folder to <code>\/wp-content\/plugins\/<\/code> or install via the WordPress plugin screen.<\/li>\n<li>Activate the plugin.<\/li>\n<li>Go to <strong>Settings -&gt; WebKernelAI Security<\/strong>.<\/li>\n<li>Generate a site token and copy Site URL, API endpoint, and token into your WebKernelAI dashboard.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20plugin%20send%20file%20contents%20to%20webkernelai%3F\"><h3>Does this plugin send file contents to WebKernelAI?<\/h3><\/dt>\n<dd><p>No. The plugin sends file metadata and hashes (for supported scan modes), not raw file contents.<\/p><\/dd>\n<dt id=\"can%20i%20disable%20headers%20or%20csp%3F\"><h3>Can I disable headers or CSP?<\/h3><\/dt>\n<dd><p>Yes. Header and CSP controls are configured from the WebKernelAI dashboard.<\/p><\/dd>\n<dt id=\"can%20i%20customize%20csp%20manually%3F\"><h3>Can I customize CSP manually?<\/h3><\/dt>\n<dd><p>Yes. Advanced users can manually edit CSP policy directives from the dashboard integration and choose enforcement mode.<\/p><\/dd>\n<dt id=\"does%20the%20plugin%20protect%20against%20replayed%20api%20requests%3F\"><h3>Does the plugin protect against replayed API requests?<\/h3><\/dt>\n<dd><p>Yes. Signed requests include freshness validation and nonce replay defense when advanced security mode is enabled.<\/p><\/dd>\n<dt id=\"can%20i%20roll%20back%20security%20policy%20changes%3F\"><h3>Can I roll back security policy changes?<\/h3><\/dt>\n<dd><p>Yes. Advanced security policy versioning keeps history and supports rollback to a previous known-good configuration.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Added advanced security mode with signed request validation (HMAC, nonce replay protection, and timestamp freshness checks).<\/li>\n<li>Added trusted-origin host validation for plugin API access.<\/li>\n<li>Added rate limiting controls for authentication and selected security endpoints.<\/li>\n<li>Added production lock profile support and advanced security policy versioning with rollback history.<\/li>\n<li>Added advanced CSP management support including optional manual policy editing.<\/li>\n<li>Improved dashboard-facing error messaging and security configuration controls.<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>WordPress.org compliance: unique <code>webkernelai_security_*<\/code> option keys, <code>WebKernelAI_Security_*<\/code> class names, <code>X-WebKernelAI-Security-Token<\/code> auth header, automated migration from legacy option names.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<\/ul>","raw_excerpt":"Connects your WordPress site to WebKernelAI as a secure data collector and policy executor.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/305768","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=305768"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/aamirsahil"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=305768"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=305768"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=305768"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=305768"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=305768"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=305768"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}