Deep website security scanning, malware detection, auto-fix and trust badge verification for WordPress.
TrustedWeb Security Agent connects your WordPress site to the TrustedWeb platform for comprehensive security monitoring and automated fixes.
- Deep Malware Scanning — File integrity checks, malware signature detection, suspicious code patterns
- Database Security — Integrity checks, rogue admin detection, suspicious options monitoring
- WordPress Core Verification — Compare core files against official checksums
- Plugin & Theme Vulnerability Detection — Check installed plugins/themes against known CVE databases
- Malware Quarantine & Restore — Isolate infected files safely, restore when cleaned
- Auto-Fix — Automated security hardening (file permissions, security headers, .htaccess rules)
- WooCommerce Security — Payment skimmer detection, checkout integrity, gateway configuration audit
- Trust Badge Verification — Display verified security badges on your site
- Daily Automated Scans — Scheduled scans with email alerts
- Uptime Monitoring — 1-minute availability checks with downtime alerts
- WordPress 5.6+
- PHP 7.4+
- Active TrustedWeb account (free tier available)
- Download the latest release from Releases
- Go to Plugins > Add New > Upload Plugin
- Upload the ZIP file and activate
Search for "TrustedWeb Security Agent" in Plugins > Add New
cd wp-content/plugins/
git clone https://github.com/MeridianOSdev/trustedweb-agent.gitActivate from the WordPress Plugins page.
- Activate the plugin
- Go to TrustedWeb in the WordPress admin menu
- Click Connect to TrustedWeb — a secure token is generated automatically
- Copy the token and paste it into your TrustedWeb Dashboard
- Your site is now connected for deep scanning
This plugin only sends technical metadata to the TrustedWeb platform:
| Sent | NOT Sent |
|---|---|
| WordPress/PHP versions | Passwords or API keys |
| Plugin/theme names & versions | wp-config.php contents |
| File paths, sizes & MD5 hashes | Database contents |
| Security scan results | Customer/visitor data |
| Domain verification tokens | Payment information |
For full details, see our Privacy Policy.
Your WordPress Site TrustedWeb Platform
┌─────────────────────┐ ┌──────────────────────┐
│ TrustedWeb Agent │───metadata───▶│ Security Engine │
│ (this plugin) │ │ AI Fix Center │
│ │◀──commands────│ Threat Intelligence │
│ • File Scanner │ │ Vulnerability DB │
│ • DB Scanner │ │ Score Calculator │
│ • Core Integrity │ │ Report Generator │
│ • WooCommerce Scan │ │ Dashboard │
│ • Auto-Fixer │ └──────────────────────┘
│ • Quarantine │
└─────────────────────┘
The Agent runs on your server and communicates with the TrustedWeb platform via authenticated REST API. All premium features (AI Fix, reports, scoring, chatbot) run server-side on the TrustedWeb platform.
trustedweb-agent/
├── trustedweb-agent.php # Main plugin file
├── admin/
│ └── class-twa-admin.php # Admin UI and settings
├── includes/
│ ├── class-twa-file-scanner.php # File integrity scanning
│ ├── class-twa-db-scanner.php # Database security checks
│ ├── class-twa-core-integrity.php # WordPress core verification
│ ├── class-twa-auto-fixer.php # Automated security fixes
│ ├── class-twa-quarantine.php # Malware quarantine system
│ ├── class-twa-reporter.php # Scan result reporting
│ ├── class-twa-rest-api.php # REST API endpoints
│ ├── class-twa-token.php # Authentication tokens
│ └── class-twa-wc-collector.php # WooCommerce security data
├── assets/
│ ├── css/
│ └── js/
├── templates/
├── languages/
└── readme.txt
We welcome contributions! Please:
- Fork the repository
- Create a feature branch (
git checkout -b feature/my-feature) - Commit your changes
- Push to the branch
- Open a Pull Request
If you discover a security vulnerability, please report it privately to trusted@truth.email. Do not open a public issue.
This plugin is licensed under the GPL v2 or later.
Built with transparency by TrustedWeb — Scan, Fix & Grow Your Website.