Saltar al contenido
WordPress.org

Español (México)

  • Temas
  • Plugins
  • Noticias
    • Documentación
    • Foros
  • Acerca de
    • Learn WordPress
    • Documentación
    • WordPress.tv
    • Meetups
    • Equipo
    • Colabora
    • Educación
  • Consigue WordPress
Consigue WordPress
WordPress.org

Plugin Directory

VaultShift

  • Envía un plugin
  • Mis favoritos
  • Acceder
  • Envía un plugin
  • Mis favoritos
  • Acceder

VaultShift

Por Saju Gopal
Descargar
  • Detalles
  • Opiniones
  • Instalación
  • Desarrollo
Soporte

Descripción

VaultShift hardens your WordPress site with a unified security dashboard, real-time threat monitoring, and tools that run locally on your server. Every core module is included and works out of the box after you activate your Free or Cloud key from myapps.wontonee.com.

Optional VaultShift Cloud services (signature sync, IP reputation, cloud spam scoring) stay off by default until you enable them under Settings.

Malware & file integrity scanner

  • Full-site file scans in the background — no need to keep a browser tab open
  • Daily or weekly scheduled scans, plus on-demand manual scans
  • WordPress core checksum verification against the official release
  • Quarantine suspicious files instead of deleting immediately
  • Security score and scan history on the dashboard
  • Automatic scan triggers when attacks are detected

Web Application Firewall (WAF)

  • Runs as a must-use plugin before WordPress loads, blocking threats early
  • Learning, active, and paranoid modes
  • Built-in rule sets plus optional cloud rule updates (when Cloud is enabled)
  • Block and allow lists, rate limiting, and WAF event logging
  • Geo-blocking by country and optional VPN/proxy blocking

Login protection

  • Brute-force lockout after failed attempts
  • Optional custom login URL to hide wp-login.php
  • Google reCAPTCHA v3 when you add your own site keys
  • Two-factor authentication (TOTP) for administrator accounts

WordPress hardening

  • One-click checklist: disable file editor, limit REST user enumeration, security headers, and more
  • Sensible defaults with per-toggle control
  • WordPress Site Health tests for scan freshness, WAF status, and backup directory

Activity log

  • Tamper-evident log of logins, file changes, plugin updates, and security events
  • Filterable admin view and REST API access
  • Helps with audits and incident response

Spam protection

  • Honeypot, heuristics, and scoring for comments and registration
  • Optional cloud spam check when VaultShift Cloud is enabled
  • Integrations for common form plugins

Backup & restore

  • Create compressed backups of your database and wp-content
  • Scheduled or manual backups with retention controls
  • Restore from backup history with progress tracking

VaultShift Cloud (optional)

Enable Cloud services under Settings when you want enhanced protection backed by VaultShift servers:

  • Up-to-date malware signatures
  • IP reputation and VPN/proxy detection
  • Cloud-based spam scoring

Remote calls are opt-in only — nothing is sent until you turn Cloud on.

Free vs Cloud keys

VaultShift requires a cloud key to activate (Free or Cloud tier). Keys tie your site to myapps for plan validation. All local security features remain on your server; Cloud keys unlock optional remote services when you choose to enable them.

External services

This plugin may connect to external services when configured or when you opt in.

VaultShift Cloud

Optional malware signature updates, IP reputation checks, VPN/proxy detection, and cloud-based spam scoring when Cloud services is enabled under Settings.

Sends visitor IP addresses, comment metadata/content (when cloud spam check is enabled), and site identification data when those features run.

Service: VaultShift Cloud API at https://myapps.wontonee.com/v1
Terms of use: https://wontonee.com/terms/
Privacy policy: https://wontonee.com/privacy/

myapps cloud keys (VaultShift activation)

Used when you activate a Free or Cloud key during setup or under Settings.

Sends your cloud key and site domain to register and validate your plan.

Service: https://myapps.wontonee.com/api/vaultshift
Terms of use: https://wontonee.com/terms/
Privacy policy: https://wontonee.com/privacy/

Google reCAPTCHA

Used when you enter reCAPTCHA v3 site and secret keys under Login Protection.

Sends the visitor IP address and reCAPTCHA token to Google for verification when someone logs in or registers.

Terms of use: https://policies.google.com/terms
Privacy policy: https://policies.google.com/privacy

ipapi.co

Used for country-based geo-blocking when you configure blocked country codes under Firewall.

Sends the visitor IP address when determining country code.

Terms of use: https://ipapi.co/terms/
Privacy policy: https://ipapi.co/privacy/

WordPress.org API

Used during malware scans to verify WordPress core file checksums against the official release.

Sends WordPress version and locale.

Terms of use: https://wordpress.org/about/gpl/
Privacy policy: https://wordpress.org/about/privacy/

Capturas

Security dashboard with score, WAF status, activity feed, and recommendations
Security dashboard with score, WAF status, activity feed, and recommendations
Malware scanner — run scans and review findings
Malware scanner — run scans and review findings
Login protection — brute-force lockout, custom login URL, and reCAPTCHA
Login protection — brute-force lockout, custom login URL, and reCAPTCHA
Hardening checklist with one-click security toggles
Hardening checklist with one-click security toggles
Tamper-evident activity log of security events
Tamper-evident activity log of security events
Web Application Firewall modes, geo-blocking, and WAF log
Web Application Firewall modes, geo-blocking, and WAF log
Spam protection with local heuristics and optional cloud scoring
Spam protection with local heuristics and optional cloud scoring
Backup, restore, and backup history
Backup, restore, and backup history
Settings — cloud key, VaultShift Cloud, and threat response
Settings — cloud key, VaultShift Cloud, and threat response

Instalación

  1. Upload the plugin to /wp-content/plugins/vaultshift/ or install via Plugins → Add New → Upload Plugin.
  2. Activate VaultShift through the Plugins menu.
  3. Enter your Free or Cloud key from myapps.wontonee.com when prompted.
  4. Open VaultShift → Dashboard to review your security score and run your first scan.
  5. Optionally enable Cloud services under VaultShift → Settings if you use a Cloud key and want remote features.

Preguntas frecuentes

Does VaultShift send data to external servers?

Most processing runs locally on your server. Remote requests are opt-in: enable Cloud services under VaultShift → Settings only if you want optional VaultShift Cloud features. Geo-blocking uses ipapi.co when configured. reCAPTCHA uses Google when you add your own site keys. Cloud key activation sends your key and domain to myapps once during setup.

Where is the WAF loaded?

On activation, VaultShift installs a must-use plugin at wp-content/mu-plugins/vaultshift-waf.php. It loads before WordPress core so malicious requests can be blocked early.

Do I need a paid Cloud key?

No. A Free cloud key activates VaultShift and includes all local security modules. A Cloud key adds access to optional VaultShift Cloud services when you enable them in Settings.

Can I run scans on a schedule?

Yes. Choose daily, weekly, or manual-only under VaultShift → Scanner. Scans run in the background via Action Scheduler.

Reseñas

No hay reseñas para este plugin.

Colaboradores y desarrolladores

Este software es de código abierto. Las siguientes personas han contribuido a este plugin.

Colaboradores
  • Saju Gopal

Traduce “VaultShift” a tu idioma.

¿Interesado en el desarrollo?

Revisa el código, echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.

Registro de cambios

1.1.0

  • Cloud key activation: Free and Cloud plans require a myapps cloud key before using VaultShift admin.
  • Onboarding modal with Free vs Cloud plan comparison, blurred background overlay, and one-click activation.
  • Settings panel shows active cloud key status when registered.
  • myapps API integration for register, validate, remove, and plan info.

1.0.3

  • Plugin URI points to GitHub; cloud API and legal links use wontonee.com domains (removed vaultshift.io).

1.0.2

  • WordPress.org review compliance: removed feature gating, cloud opt-in only, enqueue fixes, path constants, readme external services disclosure.

1.0.1

  • Daily and weekly scheduled malware scans.
  • WordPress Site Health tests for scan freshness, WAF, and backup directory.
  • Backup restore from history, detailed restore progress, and improved queue handling.
  • Plugin Check and PHPCS compliance fixes.

1.0.0

  • Initial release: security modules and REST API.

Meta

  • Versión 1.1.0
  • Última actualización hace 3 semanas
  • Instalaciones activas Menos de 10
  • Versión de WordPress 5.8 o superior
  • Probado hasta 7.0.1
  • Versión de PHP 7.4 o superior
  • Idioma
    English (US)
  • Etiquetas:
    firewallloginmalwaresecurityspam
  • Vista avanzada

Valoraciones

Aún no se han enviado valoraciones.

Your review

Ver todas las valoraciones

Colaboradores

  • Saju Gopal

Soporte

¿Tienes algo que decir? ¿Necesitas ayuda?

Ver el foro de soporte

  • Acerca de
  • Noticias
  • Hosting
  • Privacidad
  • Escaparate
  • Temas
  • Plugins
  • Patrones
  • Aprender
  • Soporte
  • Desarrolladores
  • WordPress.tv ↗
  • Involúcrate
  • Eventos
  • Donar ↗
  • Five for the Future
  • WordPress.com ↗
  • Matt ↗
  • bbPress ↗
  • BuddyPress ↗
WordPress.org
WordPress.org

Español (México)

  • Visita nuestra cuenta de X (anteriormente Twitter)
  • Visita nuestra cuenta de Bluesky
  • Visita nuestra cuenta de Mastodon
  • Visita nuestra cuenta de Threads
  • Visita nuestra página de Facebook
  • Visita nuestra cuenta de Instagram
  • Visita nuestra cuenta de LinkedIn
  • Visita nuestra cuenta de TikTok
  • Visita nuestro canal de YouTube
  • Visita nuestra cuenta de Tumblr
El código es poesía.
The WordPress® trademark is the intellectual property of the WordPress Foundation.