{"id":328386,"date":"2026-06-23T06:49:50","date_gmt":"2026-06-23T06:49:50","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/vaultshift\/"},"modified":"2026-06-23T08:22:33","modified_gmt":"2026-06-23T08:22:33","slug":"vaultshift","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/vaultshift\/","author":14817540,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.1.0","stable_tag":"1.1.0","tested":"7.0","requires":"5.8","requires_php":"7.4","requires_plugins":null,"header_name":"VaultShift","header_author":"Saju Gopal \/ Wontonee DigitalCraft LLP","header_description":"Secure your WordPress site with malware scanning, WAF, login protection, hardening, activity logging, and spam protection.","assets_banners_color":"043d7d","last_updated":"2026-06-23 08:22:33","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/github.com\/wontonee\/vaultshift","header_author_uri":"https:\/\/wontonee.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":58,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.1.0":{"tag":"1.1.0","author":"sajudeveloper18","date":"2026-06-23 08:22:33"}},"upgrade_notice":[],"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3582754,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3582754,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3582754,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3582754,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.1.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3582774,"resolution":"1","location":"assets","locale":"","width":1905,"height":1916},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3582774,"resolution":"2","location":"assets","locale":"","width":1920,"height":879},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3582774,"resolution":"3","location":"assets","locale":"","width":1905,"height":908},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3582774,"resolution":"4","location":"assets","locale":"","width":1905,"height":1010},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3582774,"resolution":"5","location":"assets","locale":"","width":1905,"height":3256},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3582774,"resolution":"6","location":"assets","locale":"","width":1905,"height":1540},"screenshot-7.png":{"filename":"screenshot-7.png","revision":3582774,"resolution":"7","location":"assets","locale":"","width":1905,"height":1255},"screenshot-8.png":{"filename":"screenshot-8.png","revision":3582774,"resolution":"8","location":"assets","locale":"","width":1905,"height":1164},"screenshot-9.png":{"filename":"screenshot-9.png","revision":3582774,"resolution":"9","location":"assets","locale":"","width":1905,"height":1968}},"screenshots":{"1":"Security dashboard with score, WAF status, activity feed, and recommendations","2":"Malware scanner \u2014 run scans and review findings","3":"Login protection \u2014 brute-force lockout, custom login URL, and reCAPTCHA","4":"Hardening checklist with one-click security toggles","5":"Tamper-evident activity log of security events","6":"Web Application Firewall modes, geo-blocking, and WAF log","7":"Spam protection with local heuristics and optional cloud scoring","8":"Backup, restore, and backup history","9":"Settings \u2014 cloud key, VaultShift Cloud, and threat response"}},"plugin_section":[],"plugin_tags":[1174,602,1184,600,599],"plugin_category":[38,54],"plugin_contributors":[241727],"plugin_business_model":[],"class_list":["post-328386","plugin","type-plugin","status-publish","hentry","plugin_tags-firewall","plugin_tags-login","plugin_tags-malware","plugin_tags-security","plugin_tags-spam","plugin_category-authentication","plugin_category-security-and-spam-protection","plugin_contributors-sajudeveloper18","plugin_committers-sajudeveloper18"],"banners":{"banner":"https:\/\/ps.w.org\/vaultshift\/assets\/banner-772x250.png?rev=3582754","banner_2x":"https:\/\/ps.w.org\/vaultshift\/assets\/banner-1544x500.png?rev=3582754","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/vaultshift\/assets\/icon-128x128.png?rev=3582754","icon_2x":"https:\/\/ps.w.org\/vaultshift\/assets\/icon-256x256.png?rev=3582754","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/vaultshift\/assets\/screenshot-1.png?rev=3582774","caption":"Security dashboard with score, WAF status, activity feed, and recommendations"},{"src":"https:\/\/ps.w.org\/vaultshift\/assets\/screenshot-2.png?rev=3582774","caption":"Malware scanner \u2014 run scans and review findings"},{"src":"https:\/\/ps.w.org\/vaultshift\/assets\/screenshot-3.png?rev=3582774","caption":"Login protection \u2014 brute-force lockout, custom login URL, and reCAPTCHA"},{"src":"https:\/\/ps.w.org\/vaultshift\/assets\/screenshot-4.png?rev=3582774","caption":"Hardening checklist with one-click security toggles"},{"src":"https:\/\/ps.w.org\/vaultshift\/assets\/screenshot-5.png?rev=3582774","caption":"Tamper-evident activity log of security events"},{"src":"https:\/\/ps.w.org\/vaultshift\/assets\/screenshot-6.png?rev=3582774","caption":"Web Application Firewall modes, geo-blocking, and WAF log"},{"src":"https:\/\/ps.w.org\/vaultshift\/assets\/screenshot-7.png?rev=3582774","caption":"Spam protection with local heuristics and optional cloud scoring"},{"src":"https:\/\/ps.w.org\/vaultshift\/assets\/screenshot-8.png?rev=3582774","caption":"Backup, restore, and backup history"},{"src":"https:\/\/ps.w.org\/vaultshift\/assets\/screenshot-9.png?rev=3582774","caption":"Settings \u2014 cloud key, VaultShift Cloud, and threat response"}],"raw_content":"<!--section=description-->\n<p><strong>VaultShift<\/strong> hardens your WordPress site with a unified security dashboard, real-time threat monitoring, and tools that run locally on your server. Every core module is included and works out of the box after you activate your <strong>Free or Cloud key<\/strong> from <a href=\"https:\/\/myapps.wontonee.com\">myapps.wontonee.com<\/a>.<\/p>\n\n<p>Optional <strong>VaultShift Cloud<\/strong> services (signature sync, IP reputation, cloud spam scoring) stay <strong>off by default<\/strong> until you enable them under Settings.<\/p>\n\n<h4>Malware &amp; file integrity scanner<\/h4>\n\n<ul>\n<li>Full-site file scans in the background \u2014 no need to keep a browser tab open<\/li>\n<li>Daily or weekly scheduled scans, plus on-demand manual scans<\/li>\n<li>WordPress core checksum verification against the official release<\/li>\n<li>Quarantine suspicious files instead of deleting immediately<\/li>\n<li>Security score and scan history on the dashboard<\/li>\n<li>Automatic scan triggers when attacks are detected<\/li>\n<\/ul>\n\n<h4>Web Application Firewall (WAF)<\/h4>\n\n<ul>\n<li>Runs as a <strong>must-use plugin<\/strong> before WordPress loads, blocking threats early<\/li>\n<li>Learning, active, and paranoid modes<\/li>\n<li>Built-in rule sets plus optional cloud rule updates (when Cloud is enabled)<\/li>\n<li>Block and allow lists, rate limiting, and WAF event logging<\/li>\n<li>Geo-blocking by country and optional VPN\/proxy blocking<\/li>\n<\/ul>\n\n<h4>Login protection<\/h4>\n\n<ul>\n<li>Brute-force lockout after failed attempts<\/li>\n<li>Optional custom login URL to hide <code>wp-login.php<\/code><\/li>\n<li>Google reCAPTCHA v3 when you add your own site keys<\/li>\n<li>Two-factor authentication (TOTP) for administrator accounts<\/li>\n<\/ul>\n\n<h4>WordPress hardening<\/h4>\n\n<ul>\n<li>One-click checklist: disable file editor, limit REST user enumeration, security headers, and more<\/li>\n<li>Sensible defaults with per-toggle control<\/li>\n<li>WordPress Site Health tests for scan freshness, WAF status, and backup directory<\/li>\n<\/ul>\n\n<h4>Activity log<\/h4>\n\n<ul>\n<li>Tamper-evident log of logins, file changes, plugin updates, and security events<\/li>\n<li>Filterable admin view and REST API access<\/li>\n<li>Helps with audits and incident response<\/li>\n<\/ul>\n\n<h4>Spam protection<\/h4>\n\n<ul>\n<li>Honeypot, heuristics, and scoring for comments and registration<\/li>\n<li>Optional cloud spam check when VaultShift Cloud is enabled<\/li>\n<li>Integrations for common form plugins<\/li>\n<\/ul>\n\n<h4>Backup &amp; restore<\/h4>\n\n<ul>\n<li>Create compressed backups of your database and <code>wp-content<\/code><\/li>\n<li>Scheduled or manual backups with retention controls<\/li>\n<li>Restore from backup history with progress tracking<\/li>\n<\/ul>\n\n<h4>VaultShift Cloud (optional)<\/h4>\n\n<p>Enable <strong>Cloud services<\/strong> under Settings when you want enhanced protection backed by VaultShift servers:<\/p>\n\n<ul>\n<li>Up-to-date malware signatures<\/li>\n<li>IP reputation and VPN\/proxy detection<\/li>\n<li>Cloud-based spam scoring<\/li>\n<\/ul>\n\n<p>Remote calls are <strong>opt-in only<\/strong> \u2014 nothing is sent until you turn Cloud on.<\/p>\n\n<h4>Free vs Cloud keys<\/h4>\n\n<p>VaultShift requires a <strong>cloud key<\/strong> to activate (Free or Cloud tier). Keys tie your site to myapps for plan validation. All local security features remain on your server; Cloud keys unlock optional remote services when you choose to enable them.<\/p>\n\n<h3>External services<\/h3>\n\n<p>This plugin may connect to external services when configured or when you opt in.<\/p>\n\n<h4>VaultShift Cloud<\/h4>\n\n<p>Optional malware signature updates, IP reputation checks, VPN\/proxy detection, and cloud-based spam scoring when <strong>Cloud services<\/strong> is enabled under Settings.<\/p>\n\n<p>Sends visitor IP addresses, comment metadata\/content (when cloud spam check is enabled), and site identification data when those features run.<\/p>\n\n<p>Service: VaultShift Cloud API at https:\/\/myapps.wontonee.com\/v1\nTerms of use: https:\/\/wontonee.com\/terms\/\nPrivacy policy: https:\/\/wontonee.com\/privacy\/<\/p>\n\n<h4>myapps cloud keys (VaultShift activation)<\/h4>\n\n<p>Used when you activate a Free or Cloud key during setup or under Settings.<\/p>\n\n<p>Sends your cloud key and site domain to register and validate your plan.<\/p>\n\n<p>Service: https:\/\/myapps.wontonee.com\/api\/vaultshift\nTerms of use: https:\/\/wontonee.com\/terms\/\nPrivacy policy: https:\/\/wontonee.com\/privacy\/<\/p>\n\n<h4>Google reCAPTCHA<\/h4>\n\n<p>Used when you enter reCAPTCHA v3 site and secret keys under Login Protection.<\/p>\n\n<p>Sends the visitor IP address and reCAPTCHA token to Google for verification when someone logs in or registers.<\/p>\n\n<p>Terms of use: https:\/\/policies.google.com\/terms\nPrivacy policy: https:\/\/policies.google.com\/privacy<\/p>\n\n<h4>ipapi.co<\/h4>\n\n<p>Used for country-based geo-blocking when you configure blocked country codes under Firewall.<\/p>\n\n<p>Sends the visitor IP address when determining country code.<\/p>\n\n<p>Terms of use: https:\/\/ipapi.co\/terms\/\nPrivacy policy: https:\/\/ipapi.co\/privacy\/<\/p>\n\n<h4>WordPress.org API<\/h4>\n\n<p>Used during malware scans to verify WordPress core file checksums against the official release.<\/p>\n\n<p>Sends WordPress version and locale.<\/p>\n\n<p>Terms of use: https:\/\/wordpress.org\/about\/gpl\/\nPrivacy policy: https:\/\/wordpress.org\/about\/privacy\/<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin to <code>\/wp-content\/plugins\/vaultshift\/<\/code> or install via <strong>Plugins \u2192 Add New \u2192 Upload Plugin<\/strong>.<\/li>\n<li>Activate VaultShift through the Plugins menu.<\/li>\n<li>Enter your <strong>Free or Cloud key<\/strong> from <a href=\"https:\/\/myapps.wontonee.com\">myapps.wontonee.com<\/a> when prompted.<\/li>\n<li>Open <strong>VaultShift \u2192 Dashboard<\/strong> to review your security score and run your first scan.<\/li>\n<li>Optionally enable <strong>Cloud services<\/strong> under <strong>VaultShift \u2192 Settings<\/strong> if you use a Cloud key and want remote features.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20vaultshift%20send%20data%20to%20external%20servers%3F\"><h3>Does VaultShift send data to external servers?<\/h3><\/dt>\n<dd><p>Most processing runs locally on your server. Remote requests are opt-in: enable <strong>Cloud services<\/strong> under VaultShift \u2192 Settings only if you want optional VaultShift Cloud features. Geo-blocking uses ipapi.co when configured. reCAPTCHA uses Google when you add your own site keys. Cloud key activation sends your key and domain to myapps once during setup.<\/p><\/dd>\n<dt id=\"where%20is%20the%20waf%20loaded%3F\"><h3>Where is the WAF loaded?<\/h3><\/dt>\n<dd><p>On activation, VaultShift installs a must-use plugin at <code>wp-content\/mu-plugins\/vaultshift-waf.php<\/code>. It loads before WordPress core so malicious requests can be blocked early.<\/p><\/dd>\n<dt id=\"do%20i%20need%20a%20paid%20cloud%20key%3F\"><h3>Do I need a paid Cloud key?<\/h3><\/dt>\n<dd><p>No. A <strong>Free cloud key<\/strong> activates VaultShift and includes all local security modules. A <strong>Cloud key<\/strong> adds access to optional VaultShift Cloud services when you enable them in Settings.<\/p><\/dd>\n<dt id=\"can%20i%20run%20scans%20on%20a%20schedule%3F\"><h3>Can I run scans on a schedule?<\/h3><\/dt>\n<dd><p>Yes. Choose daily, weekly, or manual-only under <strong>VaultShift \u2192 Scanner<\/strong>. Scans run in the background via Action Scheduler.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.1.0<\/h4>\n\n<ul>\n<li>Cloud key activation: Free and Cloud plans require a myapps cloud key before using VaultShift admin.<\/li>\n<li>Onboarding modal with Free vs Cloud plan comparison, blurred background overlay, and one-click activation.<\/li>\n<li>Settings panel shows active cloud key status when registered.<\/li>\n<li>myapps API integration for register, validate, remove, and plan info.<\/li>\n<\/ul>\n\n<h4>1.0.3<\/h4>\n\n<ul>\n<li>Plugin URI points to GitHub; cloud API and legal links use wontonee.com domains (removed vaultshift.io).<\/li>\n<\/ul>\n\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>WordPress.org review compliance: removed feature gating, cloud opt-in only, enqueue fixes, path constants, readme external services disclosure.<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Daily and weekly scheduled malware scans.<\/li>\n<li>WordPress Site Health tests for scan freshness, WAF, and backup directory.<\/li>\n<li>Backup restore from history, detailed restore progress, and improved queue handling.<\/li>\n<li>Plugin Check and PHPCS compliance fixes.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release: security modules and REST API.<\/li>\n<\/ul>","raw_excerpt":"Secure WordPress with malware scanning, WAF, login protection, hardening, backups, activity log, and spam defense.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/328386","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=328386"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/sajudeveloper18"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=328386"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=328386"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=328386"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=328386"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=328386"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=328386"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}