VMP Wordpress Security - Firewall, Malware Scan

The WAF is a real-time security layer that inspects all incoming traffic to your website and blocks malicious requests before they reach WordPress. It protects against XSS, SQL injection, file inclusion attacks, and other common web vulnerabilities using pattern-based detection with 150+ built-in security rules.

VMP Wordpress Security monitors login attempts and automatically locks out IP addresses after a configurable number of failed logins. It can also block invalid usernames immediately, enforce strong passwords, and check credentials against known breach databases to prevent compromised password usage.

Rate limiting prevents abuse by restricting how many requests an IP address can make within a time period. This protects against content scraping, resource exhaustion, and vulnerability scanning. You can configure different limits for humans, crawlers, and error pages with options to throttle or block violators.

Yes. Navigate to Firewall > Options > Advanced Firewall Options and add your IP address to the "Allowlisted IP addresses that bypass all rules" field. Whitelisted IPs bypass all firewall rules including WAF, rate limiting, and brute force protection.

Go to Firewall > WAF Rules to see all available rules organized by attack category (XSS, SQLi, RFI, LFI, RCE, etc.). You can enable/disable individual rules, view rule details, and filter by category or action type. 150+ default rules are included and automatically installed.

Blocked attacks are logged in the firewall attack log with details including IP address, timestamp, attack type, violated rules, and severity score. The attacker receives a 403 Forbidden page with security information. Repeat offenders can be automatically permanently blocked based on your settings.

No. The WAF is optimized for minimal performance impact using efficient pattern matching and caching. Rate limiting only affects traffic that exceeds configured thresholds. Normal legitimate visitors experience no slowdown or interruption.

VMP Wordpress Security detects a comprehensive range of security threats including malware, backdoors, trojans, suspicious file changes, plugin/theme vulnerabilities, compromised user accounts, spam content injection, malicious URLs, exposed configuration files, brute force attacks, XSS, SQL injection, and various forms of code injection attacks.

VMP Wordpress Security uses 11 specialized scanners that each focus on specific security aspects. The Server State Scanner checks configuration, File Changes Scanner monitors file integrity, Malware Scanner detects malicious code, Vulnerability Scanner identifies security flaws, and so on. This modular approach provides comprehensive coverage while maintaining performance.

VMP Wordpress Security offers four scan types:

• Limited: Quick scan focusing on critical security checks and core files
• Standard: Balanced scan covering most security aspects with good performance
• High Sensitivity: Deep comprehensive scan with maximum threat detection
• Custom: Fully configurable scan where you can enable/disable individual scanner modules

VMP Wordpress Security focuses on detection and detailed reporting of security issues. While it identifies infected files and provides comprehensive analysis, VMP Wordpress Security offers repair options that you can execute manually for infected files. The plugin provides safe file restoration capabilities, but repairs require user confirmation to ensure complete and safe remediation.

VMP Wordpress Security integrates with Google's Safe Browsing API to check URLs found in your content, posts, and comments against Google's database of known malicious websites, phishing sites, and malware distribution points. This helps identify compromised content early.

No. VMP Wordpress Security is designed for optimal performance with background scanning, intelligent resource management, and optimized algorithms. Scans run independently without affecting your website's front-end performance or user experience.

VMP Wordpress Security can scan PHP files, JavaScript, CSS, WordPress core files, theme files, plugin files, configuration files, and optionally binary files including images and executables for embedded threats.

VMP Wordpress Security includes a flexible scheduling system that can run automatic scans at specified intervals (daily, twice daily, weekdays, weekends, or custom schedules). The scan monitor system ensures scans complete successfully and can automatically recover from interrupted scans.

Yes. VMP Wordpress Security provides flexible exclusion options allowing you to exclude specific files, directories, or file patterns from scanning. This is useful for large media directories, custom code, or known safe files that might trigger false positives.

When security issues are detected, VMP Wordpress Security provides detailed reports with issue classification, severity ratings, affected files, and remediation recommendations. You can choose to ignore false positives, repair infected files, or take manual action based on the findings.

Yes. VMP Wordpress Security is fully compatible with WordPress multisite (network) installations and can scan all sites in your network while providing centralized management and reporting.

VMP Wordpress Security provides comprehensive security reporting and activity logging for all scan results and security events. The plugin tracks scan completion, threat discoveries, and security activities through detailed logs accessible via the admin interface.