[WordPress] 外掛分享: Forvault Security

首頁外掛目錄 › Forvault Security
WordPress 外掛 Forvault Security 的封面圖片
全新外掛
安裝啟用
尚無評分
6 天前
最後更新
問題解決
WordPress 5.6+ PHP 7.2+ v1.0.0 上架:2026-07-10

外掛標籤

開發者團隊

⬇ 下載最新版 (v1.0.0) 或搜尋安裝

① 下載 ZIP → 後台「外掛 › 安裝外掛 › 上傳外掛」
② 後台搜尋「Forvault Security」→ 直接安裝(推薦)
📦 歷史版本下載

原文外掛簡介

Forvault Security is a read-only, on-demand forensic scanner for WordPress. It is built for confirming whether a site is clean (or proving what changed after an incident) without touching your files. Every scan runs only when you click a button — there is no background processing on front-end page loads, no automatic file edits, and scanned code is never executed.
The plugin is fully functional on its own. There are no locked features and no trial timers.
What it does

Malware Scan — Heuristically inspects every PHP file for web-shell and backdoor indicators: encoded payloads passed to eval, request input invoked as a function, OS command execution, known shell-family marker strings, packed/obfuscated blobs, executable PHP inside wp-content/uploads/, and more. Each suspicious file is scored and reported with the exact path and line numbers. Comments and docblocks are stripped before matching, and strong vs. supporting signals are separated to reduce false positives. Findings are advisory heuristics — review each flagged file.

Core Integrity — Verifies every WordPress core file against the official checksum manifest for your exact version and locale (from api.wordpress.org). Reports modified core files, missing core files, and unknown files hiding inside wp-admin/ or wp-includes/. No prior snapshot is required, so it works even on an already-compromised site.

File Baseline — Fingerprints your plugins, themes, mu-plugins and uploads with SHA-256 and stores the inventory. Re-check at any time to see exactly which files were added, modified or removed since the snapshot. This covers the code that has no official manifest.

Privacy
The plugin performs all scanning locally on your server. It does not collect analytics, does not phone home, and stores nothing about your site on any remote server. See External services below for the single, optional outbound request used by Core Integrity.
Premium add-on
An optional premium add-on (a separate plugin, distributed and licensed at storearmory.com, not hosted on WordPress.org) adds response and monitoring features such as scheduled scans, real-time file-change watching, reversible quarantine, outbound-connection auditing and forensic evidence bundles. The free plugin does not require it and is not time-limited.
External services
This plugin connects to one external service, and only when you explicitly click Verify core files on the Core Integrity screen:

WordPress.org Checksum API (https://api.wordpress.org/core/checksums/1.0/)

What it is used for: to download the official MD5 checksum manifest for your installed WordPress version, so core files can be compared against the known-good originals.
What data is sent: only your WordPress version number and site locale (as URL query parameters). No personal data, site content, file contents or identifiers are transmitted.
When: only on demand, when you run a core verification. It is never contacted automatically.
WordPress.org terms: https://wordpress.org/about/privacy/ — Privacy policy: https://wordpress.org/about/privacy/

No other external services are contacted. The optional premium add-on (a separate plugin) is what communicates with storearmory.com for licensing; this free plugin does not.

延伸相關外掛

文章
Filter
Apply Filters
Mastodon