Title: Forvault Security
Author: Store Armory
Published: <strong>Июл 11, 2026</strong>
Last modified: Июл 11, 2026

---

Search plugins

![](https://ps.w.org/forvault-security/assets/banner-772x250.png?rev=3604269)

![](https://ps.w.org/forvault-security/assets/icon-256x256.png?rev=3604269)

# Forvault Security

 By [Store Armory](https://profiles.wordpress.org/abocchetti/)

[Download](https://downloads.wordpress.org/plugin/forvault-security.1.0.0.zip)

 * [Details](https://tg.wordpress.org/plugins/forvault-security/#description)
 * [Reviews](https://tg.wordpress.org/plugins/forvault-security/#reviews)
 *  [Installation](https://tg.wordpress.org/plugins/forvault-security/#installation)
 * [Development](https://tg.wordpress.org/plugins/forvault-security/#developers)

 [Support](https://wordpress.org/support/plugin/forvault-security/)

## Description

Forvault Security is a **read-only, on-demand** forensic scanner for WordPress. 
It is built for confirming whether a site is clean (or proving what changed after
an incident) without touching your files. Every scan runs only when you click a 
button — there is no background processing on front-end page loads, no automatic
file edits, and scanned code is never executed.

The plugin is fully functional on its own. There are no locked features and no trial
timers.

#### What it does

 * **Malware Scan** — Heuristically inspects every PHP file for web-shell and backdoor
   indicators: encoded payloads passed to `eval`, request input invoked as a function,
   OS command execution, known shell-family marker strings, packed/obfuscated blobs,
   executable PHP inside `wp-content/uploads/`, and more. Each suspicious file is
   scored and reported with the exact path and line numbers. Comments and docblocks
   are stripped before matching, and strong vs. supporting signals are separated
   to reduce false positives. Findings are advisory heuristics — review each flagged
   file.
 * **Core Integrity** — Verifies every WordPress core file against the official 
   checksum manifest for your exact version and locale (from api.wordpress.org).
   Reports modified core files, missing core files, and unknown files hiding inside`
   wp-admin/` or `wp-includes/`. No prior snapshot is required, so it works even
   on an already-compromised site.
 * **File Baseline** — Fingerprints your plugins, themes, mu-plugins and uploads
   with SHA-256 and stores the inventory. Re-check at any time to see exactly which
   files were added, modified or removed since the snapshot. This covers the code
   that has no official manifest.

#### Privacy

The plugin performs all scanning locally on your server. It does not collect analytics,
does not phone home, and stores nothing about your site on any remote server. See**
External services** below for the single, optional outbound request used by Core
Integrity.

#### Premium add-on

An optional premium add-on (a **separate** plugin, distributed and licensed at storearmory.
com, not hosted on WordPress.org) adds response and monitoring features such as 
scheduled scans, real-time file-change watching, reversible quarantine, outbound-
connection auditing and forensic evidence bundles. The free plugin does not require
it and is not time-limited.

### External services

This plugin connects to one external service, and only when you explicitly click**
Verify core files** on the Core Integrity screen:

 * **WordPress.org Checksum API** (`https://api.wordpress.org/core/checksums/1.0/`)
    - **What it is used for:** to download the official MD5 checksum manifest for
      your installed WordPress version, so core files can be compared against the
      known-good originals.
    - **What data is sent:** only your WordPress version number and site locale (
      as URL query parameters). No personal data, site content, file contents or
      identifiers are transmitted.
    - **When:** only on demand, when you run a core verification. It is never contacted
      automatically.
    - WordPress.org terms: https://wordpress.org/about/privacy/ — Privacy policy:
      https://wordpress.org/about/privacy/

No other external services are contacted. The optional premium add-on (a separate
plugin) is what communicates with storearmory.com for licensing; this free plugin
does not.

## Screenshots

[⌊Dashboard overview of the three free scanners.⌉⌊Dashboard overview of the three
free scanners.⌉[

Dashboard overview of the three free scanners.

[⌊Malware Scan results with scored findings, file paths and line numbers.⌉⌊Malware
Scan results with scored findings, file paths and line numbers.⌉[

Malware Scan results with scored findings, file paths and line numbers.

[⌊Core Integrity report against the official WordPress checksums.⌉⌊Core Integrity
report against the official WordPress checksums.⌉[

Core Integrity report against the official WordPress checksums.

[⌊File Baseline change report (added / modified / removed files).⌉⌊File Baseline
change report (added / modified / removed files).⌉[

File Baseline change report (added / modified / removed files).

## Installation

 1. Upload the `forvault-security` folder to `/wp-content/plugins/`, or install it 
    from the Plugins screen in your WordPress dashboard.
 2. Activate the plugin through the **Plugins** menu in WordPress.
 3. Open **Forvault Security** in the admin sidebar.
 4. Run a **Malware Scan** and **Core Integrity** check, and take a **File Baseline**
    while the site is clean so you can detect future changes.

## FAQ

### Will this plugin modify or delete any of my files?

No. Every feature is strictly read-only. The scanner reads file contents to analyze
them but never edits, moves, deletes or executes them. The baseline only stores 
hashes.

### Are the malware findings definitive?

No. The Malware Scan uses scored heuristics, the same approach as tools like php-
malware-finder or a YARA pass. A high score means a file deserves review, not that
it is certainly malicious. Always inspect a flagged file before taking action.

### Does it run scans automatically in the background?

No. The free plugin only scans when you click a button, and it does no work on public
page loads. Scheduled/automatic scanning is offered by the separate premium add-
on.

### What WordPress versions can Core Integrity verify?

Any version published on WordPress.org. The check downloads the official manifest
for your exact version and locale at the moment you run it.

### Do I need the premium add-on?

No. All three scanners are complete and free. The premium add-on is optional and
adds response/monitoring tooling.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“Forvault Security” is open source software. The following people have contributed
to this plugin.

Contributors

 *   [ Store Armory ](https://profiles.wordpress.org/abocchetti/)

[Translate “Forvault Security” into your language.](https://translate.wordpress.org/projects/wp-plugins/forvault-security)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/forvault-security/),
check out the [SVN repository](https://plugins.svn.wordpress.org/forvault-security/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/forvault-security/)
by [RSS](https://plugins.trac.wordpress.org/log/forvault-security/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.0.0

 * Initial release: Malware Scan (heuristic web-shell detection), Core Integrity(
   official checksum verification) and File Baseline (SHA-256 change detection).

## Meta

 *  Version **1.0.0**
 *  Last updated ** 22 соат ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 5.6 or higher **
 *  Tested up to **7.0.1**
 *  PHP version ** 7.2 or higher **
 *  Language
 * [English (US)](https://wordpress.org/plugins/forvault-security/)
 * Tags
 * [integrity](https://tg.wordpress.org/plugins/tags/integrity/)[malware](https://tg.wordpress.org/plugins/tags/malware/)
   [scanner](https://tg.wordpress.org/plugins/tags/scanner/)[security](https://tg.wordpress.org/plugins/tags/security/)
 *  [Advanced View](https://tg.wordpress.org/plugins/forvault-security/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/forvault-security/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/forvault-security/reviews/)

## Contributors

 *   [ Store Armory ](https://profiles.wordpress.org/abocchetti/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/forvault-security/)