{"id":330834,"date":"2026-07-11T19:42:46","date_gmt":"2026-07-11T19:42:46","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/armory-security\/"},"modified":"2026-07-11T19:42:37","modified_gmt":"2026-07-11T19:42:37","slug":"forvault-security","status":"publish","type":"plugin","link":"https:\/\/tg.wordpress.org\/plugins\/forvault-security\/","author":15766676,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.0","stable_tag":"1.0.0","tested":"7.0.1","requires":"5.6","requires_php":"7.2","requires_plugins":null,"header_name":"Forvault Security","header_author":"Andrea Bocchetti","header_description":"Forensic malware & integrity scanner for WordPress. Heuristic web-shell detection, official core-checksum verification, and a file-change baseline \u2014 read-only, on demand.","assets_banners_color":"393e43","last_updated":"2026-07-11 19:42:37","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/storearmory.com\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":45,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"abocchetti","date":"2026-07-11 19:42:37"}},"upgrade_notice":{"1.0.0":"<p>Initial release.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3604269,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3604269,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3604269,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3604269,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3604269,"resolution":"1","location":"assets","locale":"","width":1200,"height":434},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3604269,"resolution":"2","location":"assets","locale":"","width":1200,"height":1052},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3604269,"resolution":"3","location":"assets","locale":"","width":1200,"height":813},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3604269,"resolution":"4","location":"assets","locale":"","width":1200,"height":923}},"screenshots":{"1":"Dashboard overview of the three free scanners.","2":"Malware Scan results with scored findings, file paths and line numbers.","3":"Core Integrity report against the official WordPress checksums.","4":"File Baseline change report (added \/ modified \/ removed files)."}},"plugin_section":[],"plugin_tags":[271118,173015,1184,6464,600],"plugin_category":[54],"plugin_contributors":[268384],"plugin_business_model":[],"class_list":["post-330834","plugin","type-plugin","status-publish","hentry","plugin_tags-forensics","plugin_tags-integrity","plugin_tags-malware","plugin_tags-scanner","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-abocchetti","plugin_committers-abocchetti"],"banners":{"banner":"https:\/\/ps.w.org\/forvault-security\/assets\/banner-772x250.png?rev=3604269","banner_2x":"https:\/\/ps.w.org\/forvault-security\/assets\/banner-1544x500.png?rev=3604269","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/forvault-security\/assets\/icon-128x128.png?rev=3604269","icon_2x":"https:\/\/ps.w.org\/forvault-security\/assets\/icon-256x256.png?rev=3604269","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/forvault-security\/assets\/screenshot-1.png?rev=3604269","caption":"Dashboard overview of the three free scanners."},{"src":"https:\/\/ps.w.org\/forvault-security\/assets\/screenshot-2.png?rev=3604269","caption":"Malware Scan results with scored findings, file paths and line numbers."},{"src":"https:\/\/ps.w.org\/forvault-security\/assets\/screenshot-3.png?rev=3604269","caption":"Core Integrity report against the official WordPress checksums."},{"src":"https:\/\/ps.w.org\/forvault-security\/assets\/screenshot-4.png?rev=3604269","caption":"File Baseline change report (added \/ modified \/ removed files)."}],"raw_content":"<!--section=description-->\n<p>Forvault Security is a <strong>read-only, on-demand<\/strong> forensic scanner for WordPress. It is built for confirming whether a site is clean (or proving what changed after an incident) without touching your files. Every scan runs only when you click a button \u2014 there is no background processing on front-end page loads, no automatic file edits, and scanned code is never executed.<\/p>\n\n<p>The plugin is fully functional on its own. There are no locked features and no trial timers.<\/p>\n\n<h4>What it does<\/h4>\n\n<ul>\n<li><p><strong>Malware Scan<\/strong> \u2014 Heuristically inspects every PHP file for web-shell and backdoor indicators: encoded payloads passed to <code>eval<\/code>, request input invoked as a function, OS command execution, known shell-family marker strings, packed\/obfuscated blobs, executable PHP inside <code>wp-content\/uploads\/<\/code>, and more. Each suspicious file is scored and reported with the exact path and line numbers. Comments and docblocks are stripped before matching, and strong vs. supporting signals are separated to reduce false positives. Findings are advisory heuristics \u2014 review each flagged file.<\/p><\/li>\n<li><p><strong>Core Integrity<\/strong> \u2014 Verifies every WordPress core file against the official checksum manifest for your exact version and locale (from api.wordpress.org). Reports modified core files, missing core files, and unknown files hiding inside <code>wp-admin\/<\/code> or <code>wp-includes\/<\/code>. No prior snapshot is required, so it works even on an already-compromised site.<\/p><\/li>\n<li><p><strong>File Baseline<\/strong> \u2014 Fingerprints your plugins, themes, mu-plugins and uploads with SHA-256 and stores the inventory. Re-check at any time to see exactly which files were added, modified or removed since the snapshot. This covers the code that has no official manifest.<\/p><\/li>\n<\/ul>\n\n<h4>Privacy<\/h4>\n\n<p>The plugin performs all scanning locally on your server. It does not collect analytics, does not phone home, and stores nothing about your site on any remote server. See <strong>External services<\/strong> below for the single, optional outbound request used by Core Integrity.<\/p>\n\n<h4>Premium add-on<\/h4>\n\n<p>An optional premium add-on (a <strong>separate<\/strong> plugin, distributed and licensed at storearmory.com, not hosted on WordPress.org) adds response and monitoring features such as scheduled scans, real-time file-change watching, reversible quarantine, outbound-connection auditing and forensic evidence bundles. The free plugin does not require it and is not time-limited.<\/p>\n\n<h3>External services<\/h3>\n\n<p>This plugin connects to one external service, and only when you explicitly click <strong>Verify core files<\/strong> on the Core Integrity screen:<\/p>\n\n<ul>\n<li><strong>WordPress.org Checksum API<\/strong> (<code>https:\/\/api.wordpress.org\/core\/checksums\/1.0\/<\/code>)\n\n<ul>\n<li><strong>What it is used for:<\/strong> to download the official MD5 checksum manifest for your installed WordPress version, so core files can be compared against the known-good originals.<\/li>\n<li><strong>What data is sent:<\/strong> only your WordPress version number and site locale (as URL query parameters). No personal data, site content, file contents or identifiers are transmitted.<\/li>\n<li><strong>When:<\/strong> only on demand, when you run a core verification. It is never contacted automatically.<\/li>\n<li>WordPress.org terms: https:\/\/wordpress.org\/about\/privacy\/ \u2014 Privacy policy: https:\/\/wordpress.org\/about\/privacy\/<\/li>\n<\/ul><\/li>\n<\/ul>\n\n<p>No other external services are contacted. The optional premium add-on (a separate plugin) is what communicates with storearmory.com for licensing; this free plugin does not.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>forvault-security<\/code> folder to <code>\/wp-content\/plugins\/<\/code>, or install it from the Plugins screen in your WordPress dashboard.<\/li>\n<li>Activate the plugin through the <strong>Plugins<\/strong> menu in WordPress.<\/li>\n<li>Open <strong>Forvault Security<\/strong> in the admin sidebar.<\/li>\n<li>Run a <strong>Malware Scan<\/strong> and <strong>Core Integrity<\/strong> check, and take a <strong>File Baseline<\/strong> while the site is clean so you can detect future changes.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"will%20this%20plugin%20modify%20or%20delete%20any%20of%20my%20files%3F\"><h3>Will this plugin modify or delete any of my files?<\/h3><\/dt>\n<dd><p>No. Every feature is strictly read-only. The scanner reads file contents to analyze them but never edits, moves, deletes or executes them. The baseline only stores hashes.<\/p><\/dd>\n<dt id=\"are%20the%20malware%20findings%20definitive%3F\"><h3>Are the malware findings definitive?<\/h3><\/dt>\n<dd><p>No. The Malware Scan uses scored heuristics, the same approach as tools like php-malware-finder or a YARA pass. A high score means a file deserves review, not that it is certainly malicious. Always inspect a flagged file before taking action.<\/p><\/dd>\n<dt id=\"does%20it%20run%20scans%20automatically%20in%20the%20background%3F\"><h3>Does it run scans automatically in the background?<\/h3><\/dt>\n<dd><p>No. The free plugin only scans when you click a button, and it does no work on public page loads. Scheduled\/automatic scanning is offered by the separate premium add-on.<\/p><\/dd>\n<dt id=\"what%20wordpress%20versions%20can%20core%20integrity%20verify%3F\"><h3>What WordPress versions can Core Integrity verify?<\/h3><\/dt>\n<dd><p>Any version published on WordPress.org. The check downloads the official manifest for your exact version and locale at the moment you run it.<\/p><\/dd>\n<dt id=\"do%20i%20need%20the%20premium%20add-on%3F\"><h3>Do I need the premium add-on?<\/h3><\/dt>\n<dd><p>No. All three scanners are complete and free. The premium add-on is optional and adds response\/monitoring tooling.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release: Malware Scan (heuristic web-shell detection), Core Integrity (official checksum verification) and File Baseline (SHA-256 change detection).<\/li>\n<\/ul>","raw_excerpt":"Forensic, read-only malware and integrity scanner: heuristic web-shell detection, core-checksum verification, and a file-change baseline.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/tg.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/330834","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tg.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/tg.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/tg.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=330834"}],"author":[{"embeddable":true,"href":"https:\/\/tg.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/abocchetti"}],"wp:attachment":[{"href":"https:\/\/tg.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=330834"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/tg.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=330834"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/tg.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=330834"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/tg.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=330834"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/tg.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=330834"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/tg.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=330834"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}