{"id":330348,"date":"2026-07-09T12:06:47","date_gmt":"2026-07-09T12:06:47","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/sentinel-guard-security\/"},"modified":"2026-07-09T12:06:39","modified_gmt":"2026-07-09T12:06:39","slug":"nexura-security","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/nexura-security\/","author":23505823,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.0","stable_tag":"1.0.0","tested":"7.0.1","requires":"5.8","requires_php":"7.4","requires_plugins":null,"header_name":"Nexura Security","header_author":"Prokash Sarker","header_description":"Enterprise-level WordPress security plugin with malware scanning, file integrity monitoring, vulnerability auditing, and Google Safe Browsing integration.","assets_banners_color":"1d4229","last_updated":"2026-07-09 12:06:39","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/wordpress.org\/plugins\/nexura-security\/","header_author_uri":"https:\/\/profiles.wordpress.org\/prokashsarker2026\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":38,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"prokashsarker2026","date":"2026-07-09 12:06:39"}},"upgrade_notice":{"1.0.0":"<p>First stable release. Install now to protect your WordPress website with enterprise-level security features \u2014 completely free.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3601451,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3601451,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3601451,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3601451,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3601451,"resolution":"1","location":"assets","locale":"","width":1732,"height":885},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3601451,"resolution":"2","location":"assets","locale":"","width":1729,"height":892},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3601451,"resolution":"3","location":"assets","locale":"","width":1731,"height":882},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3601451,"resolution":"4","location":"assets","locale":"","width":1720,"height":883},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3601451,"resolution":"5","location":"assets","locale":"","width":1733,"height":893},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3601451,"resolution":"6","location":"assets","locale":"","width":1715,"height":894},"screenshot-7.png":{"filename":"screenshot-7.png","revision":3601451,"resolution":"7","location":"assets","locale":"","width":1715,"height":891}},"screenshots":{"1":"<strong>Security Dashboard<\/strong> \u2014 Your complete security overview at a glance showing scan status, threat summary, and quick actions.","2":"<strong>Malware Scanner<\/strong> \u2014 Deep heuristic scanner in action, detecting suspicious files across your entire WordPress installation.","3":"<strong>Security Hardening<\/strong> \u2014 One-click hardening options to lock down your WordPress site in seconds.","4":"<strong>Two-Factor Authentication<\/strong> \u2014 Easy QR code setup for Google Authenticator and other TOTP apps.","5":"<strong>Login Protection<\/strong> \u2014 Brute-force protection settings with configurable lockout rules."}},"plugin_section":[],"plugin_tags":[46125,1174,55021,600,1909],"plugin_category":[54],"plugin_contributors":[78154,265854],"plugin_business_model":[],"class_list":["post-330348","plugin","type-plugin","status-publish","hentry","plugin_tags-brute-force-protection","plugin_tags-firewall","plugin_tags-malware-scanner","plugin_tags-security","plugin_tags-two-factor-authentication","plugin_category-security-and-spam-protection","plugin_contributors-freemius","plugin_contributors-prokashsarker2026","plugin_committers-prokashsarker2026"],"banners":{"banner":"https:\/\/ps.w.org\/nexura-security\/assets\/banner-772x250.png?rev=3601451","banner_2x":"https:\/\/ps.w.org\/nexura-security\/assets\/banner-1544x500.png?rev=3601451","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/nexura-security\/assets\/icon-128x128.png?rev=3601451","icon_2x":"https:\/\/ps.w.org\/nexura-security\/assets\/icon-256x256.png?rev=3601451","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/nexura-security\/assets\/screenshot-1.png?rev=3601451","caption":"<strong>Security Dashboard<\/strong> \u2014 Your complete security overview at a glance showing scan status, threat summary, and quick actions."},{"src":"https:\/\/ps.w.org\/nexura-security\/assets\/screenshot-2.png?rev=3601451","caption":"<strong>Malware Scanner<\/strong> \u2014 Deep heuristic scanner in action, detecting suspicious files across your entire WordPress installation."},{"src":"https:\/\/ps.w.org\/nexura-security\/assets\/screenshot-3.png?rev=3601451","caption":"<strong>Security Hardening<\/strong> \u2014 One-click hardening options to lock down your WordPress site in seconds."},{"src":"https:\/\/ps.w.org\/nexura-security\/assets\/screenshot-4.png?rev=3601451","caption":"<strong>Two-Factor Authentication<\/strong> \u2014 Easy QR code setup for Google Authenticator and other TOTP apps."},{"src":"https:\/\/ps.w.org\/nexura-security\/assets\/screenshot-5.png?rev=3601451","caption":"<strong>Login Protection<\/strong> \u2014 Brute-force protection settings with configurable lockout rules."},{"src":"https:\/\/ps.w.org\/nexura-security\/assets\/screenshot-6.png?rev=3601451","caption":""},{"src":"https:\/\/ps.w.org\/nexura-security\/assets\/screenshot-7.png?rev=3601451","caption":""}],"raw_content":"<!--section=description-->\n<p><strong>Nexura Security<\/strong> is a complete, all-in-one WordPress security plugin that protects your website from hackers, malware, and brute-force attacks \u2014 <strong>completely free<\/strong>.<\/p>\n\n<p>Whether you run a personal blog, an online store, or a business website, Nexura Security gives you enterprise-level protection without slowing your site down.<\/p>\n\n<h4>\u26a1 Why Choose Nexura Security?<\/h4>\n\n<p>Looking for a <strong>lightweight, faster alternative<\/strong> to Wordfence, Sucuri, or MalCare? Tired of heavy security plugins that slow down your site and bloat your database?<\/p>\n\n<p>Nexura Security is different:<\/p>\n\n<ul>\n<li><strong>Zero Database Bloat<\/strong> \u2014 Uses smart micro-batching so scans run quietly in the background without slowing down your server.<\/li>\n<li><strong>Easy to Use<\/strong> \u2014 One-click setup. No technical knowledge required.<\/li>\n<li><strong>100% Free Core<\/strong> \u2014 All essential security features are included at no cost.<\/li>\n<\/ul>\n\n<h3>\ud83d\udee1\ufe0f Free Features (Included with This Plugin)<\/h3>\n\n<p><strong>\ud83d\udd0d Deep Malware Scanner<\/strong>\nAutomatically scans your entire WordPress installation \u2014 themes, plugins, uploads, and core files \u2014 for hidden backdoors, obfuscated PHP code, suspicious JavaScript, and known malware patterns. Clean infected files with a single click.<\/p>\n\n<p><strong>\ud83d\udcc2 WordPress Core File Integrity Monitor<\/strong>\nCompares your WordPress core files against clean, official versions to detect any unauthorized changes. If a hacker modifies <code>wp-login.php<\/code>, <code>wp-config.php<\/code>, or any other core file, you will know instantly.<\/p>\n\n<p><strong>\ud83d\udcc1 Root Directory Integrity Checker<\/strong>\nDetects suspicious and unknown files dropped directly into your WordPress root folder \u2014 a common technique used by attackers to plant backdoors and web shells.<\/p>\n\n<p><strong>\ud83d\udd10 Two-Factor Authentication (2FA)<\/strong>\nAdd an extra layer of protection to your admin login. Works with Google Authenticator, Authy, Microsoft Authenticator, or any TOTP-compatible app. Includes QR code setup.<\/p>\n\n<p><strong>\ud83d\udd17 Passwordless Magic Link Login<\/strong>\nAllow trusted users to log in via a secure, time-limited link sent to their email \u2014 no password required.<\/p>\n\n<p><strong>\ud83d\udeab Brute-Force Attack Protection<\/strong>\nAutomatically blocks IP addresses after too many failed login attempts. Configurable lockout duration and attempt limits.<\/p>\n\n<p><strong>\ud83d\udd11 Pwned Password Checker<\/strong>\nWhen users set or change their passwords, the plugin securely checks against the HaveIBeenPwned database to make sure the password has not been exposed in a data breach. Uses k-Anonymity \u2014 your full password is never sent anywhere.<\/p>\n\n<p><strong>\ud83e\udd16 Anti-Spam &amp; Bot Protection<\/strong>\nProtects your comment forms, login pages, and registration pages from automated spam bots using Cloudflare Turnstile or Google reCAPTCHA integration.<\/p>\n\n<p><strong>\ud83c\udf0d Cloud-Based Threat Intelligence<\/strong>\nSyncs with the Nexura Threat Intel Cloud to receive up-to-date malicious IP blocklists and attack signatures, keeping your firewall rules current.<\/p>\n\n<p><strong>\ud83d\udee0\ufe0f Security Hardening (One-Click)<\/strong>\nApply best-practice WordPress security settings with one click:<\/p>\n\n<ul>\n<li>Disable the built-in file editor (prevents hackers from editing your files from the dashboard)<\/li>\n<li>Block PHP execution in the uploads folder<\/li>\n<li>Disable directory listing<\/li>\n<li>Block XML-RPC (stops brute-force attacks via XML-RPC)<\/li>\n<\/ul>\n\n<p><strong>\ud83d\udee0\ufe0f Extended WAF &amp; Core Auto-Restore<\/strong>\nUses an advanced <code>.htaccess<\/code> <code>auto_prepend_file<\/code> directive to load the Web Application Firewall <em>before<\/em> WordPress even boots. If a hacker deletes critical WordPress core files (like <code>wp-settings.php<\/code> or <code>wp-login.php<\/code>), this feature automatically downloads a fresh copy of WordPress from the official WordPress.org API in the background and instantly restores the missing files \u2014 keeping your site online without manual intervention.<\/p>\n\n<p><strong>\ud83d\ude91 Fatal Error Auto-Heal<\/strong>\nUtilizes the official WordPress Drop-in pattern (<code>wp-content\/fatal-error-handler.php<\/code>) to catch PHP fatal errors before they crash your entire site. If a newly installed plugin or theme causes a \"White Screen of Death,\" Nexura automatically detects the faulty plugin, safely disables it, and reloads the page.<\/p>\n\n<p><strong>\ud83d\uddc4\ufe0f Database Security Scanner<\/strong>\nScans your WordPress database for hidden administrator accounts and suspicious configurations that may have been injected by attackers.<\/p>\n\n<p><strong>\ud83d\udcbe Database Backup<\/strong>\nCreate a quick backup of your database before performing any cleanup or changes \u2014 so you can always roll back.<\/p>\n\n<p><strong>\ud83d\udcca Real-Time Upload Scanning<\/strong>\nEvery file uploaded through WordPress (media, plugins, themes) is automatically scanned for malware before it reaches your server.<\/p>\n\n<p><strong>\ud83d\udd0d Google Safe Browsing Check<\/strong>\nVerifies whether your website has been flagged by Google as containing malware or phishing content.<\/p>\n\n<h3>\ud83c\udf1f Pro Features (Upgrade to Unlock)<\/h3>\n\n<p>Want to go further? <strong>Nexura Security Pro<\/strong> adds powerful automation and advanced protection:<\/p>\n\n<ul>\n<li><strong>Web Application Firewall (WAF)<\/strong> \u2014 Blocks SQLi\/XSS\/Bot attacks and loads before WordPress to stop threats at the lowest server level using <code>auto_prepend_file<\/code>.<\/li>\n<li><strong>Tokenizer-Based Smart Scanner<\/strong> \u2014 Uses PHP's <code>token_get_all()<\/code> to detect zero-day backdoors that evade regex-based scanners.<\/li>\n<li><strong>Automated Malware Cleanup<\/strong> \u2014 Automatically strips malware injections and restores your files without manual intervention.<\/li>\n<li><strong>WordPress Core Auto-Restore<\/strong> \u2014 Downloads clean copies of modified core files directly from WordPress.org and replaces them using atomic (crash-safe) file writes.<\/li>\n<li><strong>File Quarantine<\/strong> \u2014 Moves suspicious files to a secure, locked quarantine zone where they cannot execute.<\/li>\n<li><strong>Custom Login URL<\/strong> \u2014 Hide <code>wp-login.php<\/code> and <code>wp-admin<\/code> behind a secret URL to stop 99% of automated brute-force bots.<\/li>\n<li><strong>HTTP Security Headers<\/strong> \u2014 Add Content-Security-Policy, HSTS, X-Frame-Options, Permissions-Policy, and more with presets (Recommended, Strict, or Custom).<\/li>\n<li><strong>REST API Security<\/strong> \u2014 Block user enumeration and restrict unauthenticated REST API access.<\/li>\n<li><strong>WooCommerce Security<\/strong> \u2014 Anti-card-testing protection for checkout pages and account takeover prevention.<\/li>\n<li><strong>Vulnerability Audit<\/strong> \u2014 Instantly detect outdated plugins, themes, and core versions with known vulnerabilities.<\/li>\n<li><strong>Database Optimizer<\/strong> \u2014 Clean up post revisions, transients, orphaned metadata, and optimize database tables.<\/li>\n<li><strong>Storage Cleanup Scanner (Enterprise)<\/strong> \u2014 Safely detect and remove unused images, PDFs, and orphan files from your uploads directory to save disk space and improve backup speed.<\/li>\n<li><strong>Plugin Conflict Cleaner<\/strong> \u2014 Safely remove database leftovers from old or conflicting security plugins.<\/li>\n<li><strong>Security Trust Badge<\/strong> \u2014 Display a \"Protected by Nexura Security\" seal on your website to build visitor trust.<\/li>\n<li><strong>\ud83d\udce1 Active Monitoring<\/strong> \u2014 Real-time visitor tracking dashboard with live stats, 4 interactive charts (Traffic Trend, Browser, Device, OS), auto-refreshing visitor table, and bot detection.<\/li>\n<li><strong>\ud83d\udccc Visitor Stats Shortcodes<\/strong> \u2014 5 beautiful shortcodes (<code>[nexura_visitors]<\/code>, <code>[nexura_stats]<\/code>, <code>[nexura_live]<\/code>, <code>[nexura_popular]<\/code>, <code>[nexura_page_views]<\/code>) to display visitor stats anywhere on your site with premium glassmorphism design and Nexura branding.<\/li>\n<li><strong>Scheduled Automatic Scans<\/strong> \u2014 Set scans to run every 2 hours, daily, weekly, or monthly \u2014 fully automatic.<\/li>\n<li><strong>Advanced Audit Logs<\/strong> \u2014 Detailed logs of every security event, login, file change, and admin action.<\/li>\n<li><strong>Priority Support<\/strong> \u2014 Get direct help from our security team.<\/li>\n<\/ul>\n\n<p><a href=\"https:\/\/nexurasecurity.com\">Upgrade to Pro \u2192<\/a><\/p>\n\n<h4>\ud83d\udd17 Third-Party Services &amp; External API Connections<\/h4>\n\n<p>To provide comprehensive security, Nexura Security connects to several trusted third-party services. <strong>No connections are made automatically \u2014 each feature must be enabled by you in the plugin settings.<\/strong> Here is a complete list of external services this plugin may connect to:<\/p>\n\n<p><strong>1. Cloudflare Turnstile<\/strong>\n<em>Used for:<\/em> Human verification (CAPTCHA) on login, registration, and comment forms to block spam bots.\n<em>Data sent:<\/em> Visitor's browser fingerprint and interaction data (processed by Cloudflare, not stored by us).\n<em>When:<\/em> Only when you enable Turnstile integration in the Anti-Spam settings.\n<em>Service links:<\/em> <a href=\"https:\/\/www.cloudflare.com\/privacypolicy\/\">Cloudflare Privacy Policy<\/a> | <a href=\"https:\/\/www.cloudflare.com\/website-terms\/\">Cloudflare Terms<\/a><\/p>\n\n<p><strong>2. Google reCAPTCHA<\/strong>\n<em>Used for:<\/em> Alternative CAPTCHA option for blocking automated bots on login and registration pages.\n<em>Data sent:<\/em> Visitor's browser data and interaction signals (processed by Google).\n<em>When:<\/em> Only when you enable Google reCAPTCHA in the Anti-Spam settings.\n<em>Service links:<\/em> <a href=\"https:\/\/policies.google.com\/privacy\">Google Privacy Policy<\/a> | <a href=\"https:\/\/policies.google.com\/terms\">Google Terms<\/a><\/p>\n\n<p><strong>3. HaveIBeenPwned API (Pwned Passwords)<\/strong>\n<em>Used for:<\/em> Checking whether a user's password has appeared in known data breaches.\n<em>Data sent:<\/em> Only the first 5 characters of a SHA-1 hash of the password (k-Anonymity model). Your actual password is NEVER sent.\n<em>When:<\/em> Only when the Pwned Passwords feature is enabled and a user sets or changes their password.\n<em>Service links:<\/em> <a href=\"https:\/\/haveibeenpwned.com\/Privacy\">HaveIBeenPwned Privacy Policy<\/a> | <a href=\"https:\/\/haveibeenpwned.com\/API\/v3#Terms\">API Terms<\/a><\/p>\n\n<p><strong>4. Google Safe Browsing API<\/strong>\n<em>Used for:<\/em> Checking whether your website URL has been flagged by Google as containing malware or phishing.\n<em>Data sent:<\/em> Your website's URL.\n<em>When:<\/em> Only when you manually trigger a Safe Browsing check from the dashboard.\n<em>Service links:<\/em> <a href=\"https:\/\/policies.google.com\/privacy\">Google Privacy Policy<\/a> | <a href=\"https:\/\/developers.google.com\/safe-browsing\/terms\">Safe Browsing Terms<\/a><\/p>\n\n<p><strong>5. VirusTotal API<\/strong>\n<em>Used for:<\/em> Scanning file hashes against 70+ antivirus engines to detect malware.\n<em>Data sent:<\/em> Only the SHA-256 cryptographic hash of the file. The actual file is NEVER uploaded.\n<em>When:<\/em> Only during a manual malware scan when unknown files are detected.\n<em>Service links:<\/em> <a href=\"https:\/\/docs.virustotal.com\/docs\/privacy-policy\">VirusTotal Privacy Policy<\/a> | <a href=\"https:\/\/docs.virustotal.com\/docs\/terms-of-service\">VirusTotal Terms<\/a><\/p>\n\n<p><strong>6. Nexura Threat Intel Cloud (sgs-db-worker.sentinel-guard-security.workers.dev)<\/strong>\n<em>Used for:<\/em> Syncing the latest WAF rules, malicious IP blocklists, and malware detection signatures with your site. Also used for anonymous threat reporting to help protect the community.\n<em>Data sent:<\/em> Blocked attacker IP addresses and blocked payload patterns (anonymized). No personal user data is ever collected.\n<em>When:<\/em> When the Global Threat Intelligence feature is enabled in settings.\n<em>Service links:<\/em> <a href=\"https:\/\/nexurasecurity.com\/privacy-policy.html\">Nexura Privacy Policy<\/a> | <a href=\"https:\/\/nexurasecurity.com\/terms-conditions.html\">Nexura Terms<\/a><\/p>\n\n<p><strong>7. WordPress.org API<\/strong>\n<em>Used for:<\/em> Downloading official WordPress core file checksums for integrity scans, and downloading the latest WordPress core ZIP file for the Core Auto-Restore WAF feature.\n<em>Data sent:<\/em> Your WordPress version number.\n<em>When:<\/em> During core file integrity checks, or automatically in the background if Core Auto-Restore is enabled.\n<em>Service links:<\/em> <a href=\"https:\/\/wordpress.org\/about\/privacy\/\">WordPress Privacy Policy<\/a><\/p>\n\n<p><strong>8. FlagCDN (flagpedia.net)<\/strong>\n<em>Used for:<\/em> Displaying country flag icons next to IP addresses in the Blocked IPs table for visual identification.\n<em>Data sent:<\/em> Country code (derived from IP). No personal data is sent.\n<em>When:<\/em> Only when viewing the Blocked IPs page in the admin dashboard.\n<em>Service links:<\/em> <a href=\"https:\/\/flagpedia.net\/privacy-policy\">FlagCDN Privacy Policy<\/a> | <a href=\"https:\/\/flagpedia.net\/terms\">FlagCDN Terms<\/a><\/p>\n\n<p><strong>9. Freemius SDK<\/strong>\n<em>Used for:<\/em> Plugin licensing, activation, opt-in analytics, and in-dashboard upgrade flow for the Pro version.\n<em>Data sent:<\/em> Site URL, WordPress version, plugin version, admin email (only if user opts in during activation).\n<em>When:<\/em> On plugin activation (opt-in dialog) and when checking license status.\n<em>Service links:<\/em> <a href=\"https:\/\/freemius.com\/privacy\/\">Freemius Privacy Policy<\/a> | <a href=\"https:\/\/freemius.com\/terms\/\">Freemius Terms<\/a><\/p>\n\n<h4>\ud83d\udcdc Privacy Policy &amp; Terms of Use<\/h4>\n\n<p>We believe in complete transparency about how your data is handled.<\/p>\n\n<p><strong>What We Collect:<\/strong>\nNexura Security does NOT collect any personal data from your website visitors. We do not track your users, we do not sell any data, and we do not place any tracking cookies.<\/p>\n\n<p><strong>What We May Report:<\/strong>\nWhen the Web Application Firewall blocks a malicious attack, the attacker's IP address and the type of blocked payload may be anonymously reported to the Nexura Threat Intel Cloud. This helps protect other WordPress websites using Nexura Security. <strong>You can disable this feature at any time<\/strong> in the plugin settings under \"Global Threat Intelligence.\"<\/p>\n\n<p><strong>Your Data, Your Control:<\/strong>\nAll scan results, logs, and settings are stored locally in your own WordPress database. Nothing is sent to any external server unless you explicitly enable a cloud feature.<\/p>\n\n<p><strong>Compliance:<\/strong>\nOur data handling practices comply with GDPR (EU), CCPA (California), and other major international privacy regulations. By installing and activating this plugin, you agree to the usage of the third-party services listed above when you choose to enable them.<\/p>\n\n<p><strong>Full Policy:<\/strong> <a href=\"https:\/\/nexurasecurity.com\/privacy-policy.html\">Privacy Policy<\/a> | <a href=\"https:\/\/nexurasecurity.com\/terms-conditions.html\">Terms &amp; Conditions<\/a><\/p>\n\n<h3>External services<\/h3>\n\n<p>This plugin connects to the following external services. Each connection is clearly documented below with the data transmitted, the conditions under which it occurs, and links to the relevant terms and privacy policy.<\/p>\n\n<h4>1. Nexura Threat Intel Cloud<\/h4>\n\n<p>Used for: Syncing malware detection signatures, WAF rules, and malicious IP blocklists. Also used for anonymous threat reporting to protect the wider WordPress community.<\/p>\n\n<p>Data sent:\n- SHA-256 file hashes (for reputation lookup)\n- Blocked attacker IP addresses (anonymized)\n- Blocked payload patterns (anonymized)\n- No personal user data is ever collected<\/p>\n\n<p>When: Only when the administrator enables the \"Global Threat Intelligence\" feature in plugin settings. Disabled by default.<\/p>\n\n<p>Service provider: Nexura Security (sgs-db-worker.sentinel-guard-security.workers.dev)\nPrivacy Policy: https:\/\/nexurasecurity.com\/privacy-policy.html\nTerms of Service: https:\/\/nexurasecurity.com\/terms-conditions.html<\/p>\n\n<h4>2. Nexura Threat Intel Cloud \u2014 Cloud Hash Scanner (Pro)<\/h4>\n\n<p>Used for: Submitting file SHA-256 hashes to the Nexura cloud to check whether each file is known-clean or requires deeper analysis.<\/p>\n\n<p>Data sent:\n- MD5 hashes of scanned files\n- No file contents, no personal data<\/p>\n\n<p>When: Only when the administrator enables \"Cloud Scanner\" in Pro settings AND initiates a manual scan. Disabled by default.<\/p>\n\n<p>Service provider: Nexura Security (sgs-db-worker.sentinel-guard-security.workers.dev)\nPrivacy Policy: https:\/\/nexurasecurity.com\/privacy-policy.html\nTerms of Service: https:\/\/nexurasecurity.com\/terms-conditions.html<\/p>\n\n<h4>3. Nexura Threat Intel Cloud \u2014 Cloud Deep Scan (Pro)<\/h4>\n\n<p>Used for: Submitting the content of files whose hashes are unknown to the cloud for deeper malware analysis.<\/p>\n\n<p>Data sent:\n- Base64-encoded file contents of flagged files only\n- File path (for reporting purposes)<\/p>\n\n<p>When: Only when \"Cloud Scanner\" is enabled in Pro settings and a hash lookup returns an unknown result during a manual scan. Disabled by default.<\/p>\n\n<p>Service provider: Nexura Security (sgs-db-worker.sentinel-guard-security.workers.dev)\nPrivacy Policy: https:\/\/nexurasecurity.com\/privacy-policy.html\nTerms of Service: https:\/\/nexurasecurity.com\/terms-conditions.html<\/p>\n\n<h4>4. Have I Been Pwned (HaveIBeenPwned API)<\/h4>\n\n<p>Used for: Checking whether a user's password has appeared in known public data breaches.<\/p>\n\n<p>Data sent:\n- Only the first 5 characters of a SHA-1 hash of the password (k-Anonymity model)\n- Your actual password is NEVER sent in any form<\/p>\n\n<p>When: Only when the administrator enables the \"Pwned Password Checker\" feature AND a user sets or changes their password.<\/p>\n\n<p>Service provider: Have I Been Pwned (haveibeenpwned.com)\nPrivacy Policy: https:\/\/haveibeenpwned.com\/Privacy\nTerms of Service: https:\/\/haveibeenpwned.com\/API\/v3#Terms<\/p>\n\n<h4>5. Google Safe Browsing API<\/h4>\n\n<p>Used for: Checking whether your website URL has been flagged by Google as containing malware or phishing content.<\/p>\n\n<p>Data sent:\n- Your website's public URL<\/p>\n\n<p>When: Only when the administrator manually triggers a Safe Browsing check from the Nexura dashboard.<\/p>\n\n<p>Service provider: Google LLC\nPrivacy Policy: https:\/\/policies.google.com\/privacy\nTerms of Service: https:\/\/developers.google.com\/safe-browsing\/terms<\/p>\n\n<h4>6. WordPress.org API<\/h4>\n\n<p>Used for: Downloading the latest WordPress core ZIP for the Core Auto-Restore feature when critical core files are detected missing.<\/p>\n\n<p>Data sent:\n- No personal data. A standard HTTPS GET request is made to https:\/\/wordpress.org\/latest.zip.<\/p>\n\n<p>When: Automatically and only when the WAF detects that one or more critical WordPress core files (wp-load.php, wp-login.php, wp-settings.php, index.php) are missing \u2014 indicating the site is in a crash state. All temporary files are written to the server's system temp directory (sys_get_temp_dir()), not to the uploads folder.<\/p>\n\n<p>Service provider: WordPress.org\nPrivacy Policy: https:\/\/wordpress.org\/about\/privacy\/<\/p>\n\n<h4>7. Cloudflare Turnstile<\/h4>\n\n<p>Used for: Human verification (CAPTCHA) on login, registration, and comment forms to block spam bots.<\/p>\n\n<p>Data sent:\n- Visitor browser fingerprint and interaction data (processed by Cloudflare; not stored by this plugin)<\/p>\n\n<p>When: Only when the administrator enables the Turnstile integration in the Anti-Spam settings.<\/p>\n\n<p>Service provider: Cloudflare, Inc.\nPrivacy Policy: https:\/\/www.cloudflare.com\/privacypolicy\/\nTerms of Service: https:\/\/www.cloudflare.com\/website-terms\/<\/p>\n\n<h4>8. Google reCAPTCHA<\/h4>\n\n<p>Used for: Alternative CAPTCHA option for blocking automated bots on login and registration pages.<\/p>\n\n<p>Data sent:\n- Visitor browser data and interaction signals (processed by Google)<\/p>\n\n<p>When: Only when the administrator enables Google reCAPTCHA in the Anti-Spam settings.<\/p>\n\n<p>Service provider: Google LLC\nPrivacy Policy: https:\/\/policies.google.com\/privacy\nTerms of Service: https:\/\/policies.google.com\/terms<\/p>\n\n<h4>9. Freemius<\/h4>\n\n<p>Used for: Plugin licensing, activation, optional opt-in analytics, and in-dashboard upgrade flow for the Pro version.<\/p>\n\n<p>Data sent:\n- Site URL, WordPress version, plugin version, admin email (only if user opts in during activation dialog)<\/p>\n\n<p>When: On plugin activation (opt-in dialog shown) and when checking license status.<\/p>\n\n<p>Service provider: Freemius Ltd.\nPrivacy Policy: https:\/\/freemius.com\/privacy\/\nTerms of Service: https:\/\/freemius.com\/terms\/<\/p>\n\n<h4>10. Google.com (Time Synchronization for 2FA)<\/h4>\n\n<p>Used for: Fetching the current server time from Google's HTTP Date header to improve TOTP (Time-based One-Time Password) accuracy for Two-Factor Authentication. Only the HTTP response headers are used \u2014 no  &hellip;<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Go to <strong>Plugins \u2192 Add New<\/strong> in your WordPress dashboard.<\/li>\n<li>Search for <strong>\"Nexura Security\"<\/strong>.<\/li>\n<li>Click <strong>Install Now<\/strong>, then click <strong>Activate<\/strong>.<\/li>\n<li>Navigate to the <strong>Nexura Security<\/strong> menu in your sidebar to run your first security scan.<\/li>\n<\/ol>\n\n<p>Or, if installing manually:<\/p>\n\n<ol>\n<li>Download the plugin zip file.<\/li>\n<li>Upload it via <strong>Plugins \u2192 Add New \u2192 Upload Plugin<\/strong>.<\/li>\n<li>Activate the plugin.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"is%20nexura%20security%20really%20free%3F\"><h3>Is Nexura Security really free?<\/h3><\/dt>\n<dd><p>Yes! All the core security features \u2014 malware scanning, file integrity monitoring, 2FA, brute-force protection, hardening, and more \u2014 are completely free. The Pro version adds advanced automation features for users who need even more protection.<\/p><\/dd>\n<dt id=\"can%20it%20clean%20a%20hacked%20wordpress%20site%3F\"><h3>Can it clean a hacked WordPress site?<\/h3><\/dt>\n<dd><p>Yes. The built-in malware scanner detects backdoors, obfuscated code, and known malware patterns. You can remove detected threats with a single click. For automated cleanup and core file restoration, upgrade to Pro.<\/p><\/dd>\n<dt id=\"will%20it%20slow%20down%20my%20website%3F\"><h3>Will it slow down my website?<\/h3><\/dt>\n<dd><p>No. Nexura Security uses a micro-batching architecture that runs scans quietly in the background. Your website visitors will not experience any slowdown.<\/p><\/dd>\n<dt id=\"does%20it%20work%20with%20woocommerce%3F\"><h3>Does it work with WooCommerce?<\/h3><\/dt>\n<dd><p>Yes. The free version protects WooCommerce sites just like any WordPress site. The Pro version adds WooCommerce-specific features like checkout fraud protection and account takeover prevention.<\/p><\/dd>\n<dt id=\"does%20it%20send%20my%20data%20to%20external%20servers%3F\"><h3>Does it send my data to external servers?<\/h3><\/dt>\n<dd><p>Only when you explicitly enable a cloud feature (like Threat Intelligence or Pwned Passwords). All connections are documented in the Third-Party Services section above. By default, everything stays on your own server.<\/p><\/dd>\n<dt id=\"is%20it%20compatible%20with%20other%20security%20plugins%3F\"><h3>Is it compatible with other security plugins?<\/h3><\/dt>\n<dd><p>Nexura Security is designed to be a complete standalone solution. Running multiple security plugins simultaneously is not recommended as it can cause conflicts. If you are switching from another plugin, Nexura Pro includes a Plugin Conflict Cleaner to safely remove leftover data.<\/p><\/dd>\n<dt id=\"what%20php%20version%20do%20i%20need%3F\"><h3>What PHP version do I need?<\/h3><\/dt>\n<dd><p>PHP 7.4 or higher is required. PHP 8.0+ is recommended for optimal performance.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<li>Deep recursive malware scanner with micro-batching architecture.<\/li>\n<li>WordPress core file integrity monitoring.<\/li>\n<li>Root directory integrity checker.<\/li>\n<li>Two-Factor Authentication (2FA) with TOTP support.<\/li>\n<li>Passwordless Magic Link login.<\/li>\n<li>Brute-force attack protection with IP lockout.<\/li>\n<li>Pwned Password checking via HaveIBeenPwned API.<\/li>\n<li>Anti-spam protection with Cloudflare Turnstile and Google reCAPTCHA.<\/li>\n<li>Cloud-based Threat Intelligence sync.<\/li>\n<li>Google Safe Browsing integration.<\/li>\n<li>One-click security hardening (file editor, directory listing, PHP execution, XML-RPC).<\/li>\n<li>Database security scanner for hidden admin accounts.<\/li>\n<li>Database backup tool.<\/li>\n<li>Real-time upload scanning.<\/li>\n<li>Session management.<\/li>\n<\/ul>","raw_excerpt":"The most complete free WordPress security plugin. Malware scanner, firewall, 2FA, brute-force protection, file integrity monitoring, and more.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/330348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=330348"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/prokashsarker2026"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=330348"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=330348"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=330348"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=330348"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=330348"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=330348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}