Title: Vulnity Security
Author: manuelgalan
Published: <strong>2026-01-28</strong>
Last modified: 2026-05-25

---

Search plugins

![](https://ps.w.org/vulnity/assets/banner-772x250.png?rev=3448566)

![](https://ps.w.org/vulnity/assets/icon-256x256.png?rev=3497049)

# Vulnity Security

 By [manuelgalan](https://profiles.wordpress.org/manuelgalan/)

[Download](https://downloads.wordpress.org/plugin/vulnity.1.3.3.zip)

 * [Details](https://tt.wordpress.org/plugins/vulnity/#description)
 * [Reviews](https://tt.wordpress.org/plugins/vulnity/#reviews)
 *  [Installation](https://tt.wordpress.org/plugins/vulnity/#installation)
 * [Development](https://tt.wordpress.org/plugins/vulnity/#developers)

 [Support](https://wordpress.org/support/plugin/vulnity/)

## Description

Vulnity Security brings enterprise-grade threat detection to WordPress. It connects
your site to Vulnity’s SIEM platform, correlates events, and alerts you before issues
become incidents.

#### Features

 * Real-time security event collection and forwarding to Vulnity SIEM.
 * Dashboard widgets that highlight critical findings and remediation steps.
 * Scheduled security scans for core files, plugins, and themes.
 * Centralized logging compatible with major SOC workflows.

#### Integration Requirements

To receive alerts, configure an API token and endpoint URL provided by your Vulnity
SIEM account. Detailed configuration instructions are displayed after activating
the plugin under **Vulnity > Settings**.

WordPress Multisite is not supported in Vulnity Security 1.3.3. Network activation
and subsite activation are blocked to avoid mixing configuration, firewall storage,
cron jobs, or uninstall cleanup between subsites.

Vulnity Security 1.3.3 requires WordPress 6.2 or newer. Older WordPress versions
are blocked fail-safe so the plugin stays inactive instead of registering security,
firewall, cron, REST, or SIEM behavior on an unsupported runtime.

#### External Services

This plugin connects to Vulnity’s external API hosted on Supabase Edge Functions(
domain: `euxnoekqasvzwfcbybkg.supabase.co`, base URL `https://euxnoekqasvzwfcbybkg.
supabase.co/functions/v1`) to power SIEM alerts, inventory sync, and mitigation 
updates.

 * **What the service is and what it is used for:**
    - Vulnity SIEM API for pairing/unpairing, heartbeat checks, sending alerts, 
      testing connectivity, syncing inventory, and receiving mitigation policies.
 * **Endpoints used:**
    - `/pair-plugin`, `/unpair-plugin` (pairing and disconnecting the site).
    - `/heartbeat` (periodic health check).
    - `/connection-test` (manual connection test).
    - `/scan-site-info` (inventory sync).
    - `/generic-alert`, `/brute-force-alert`, `/file-security-alert`, `/manage-user`,`/
      user-management-alert`, `/permission-change-alert`, `/file-editor-alert`, `/
      plugin-change-alert`, `/theme-change-alert`, `/core-update-alert`, `/suspicious-
      query-alert`, `/scanner-detected-alert` (security alerts).
    - `/mitigation-config`, `/mitigation-update` (mitigation policy sync and block/
      unblock updates).
 * **What data is sent and when:**
    - Pairing/unpairing: site ID, pair code, plugin/WordPress/PHP versions, and 
      timestamp when pairing or disconnecting occurs.
    - Heartbeat: site ID, URLs, site metadata (name, language, timezone, theme),
      and runtime info (plugin/WordPress/PHP versions, latency) on a scheduled interval.
    - Alerts: site ID, alert type/severity, timestamps, and event details (such 
      as IP address, user/action metadata, or file change context) whenever a security
      event is detected.
    - Inventory sync: site inventory details (installed plugins/themes/core metadata)
      when inventory sync runs.
    - Mitigation: site ID, block/unblock actions, IP address, reason, duration, 
      and rule metadata when mitigation rules are synced or enforcement actions 
      occur.
 * **Why the data is sent:**
    - To associate the site with your Vulnity account, deliver security alerts to
      the SIEM, validate connectivity, synchronize inventory and mitigation policies,
      and keep firewall enforcement consistent.
 * **Policies:** See the Vulnity [Terms of Service](https://vulnity.io/terms) and
   [Privacy Policy](https://vulnity.io/privacy) for details on how data is handled.

### License

This plugin is licensed under the GNU General Public License v2.0 or later. You 
are free to redistribute and/or modify it under the terms of the GPL as published
by the Free Software Foundation. The complete license text is included in the bundled`
license.txt` file and is also available online at https://www.gnu.org/licenses/gpl-
2.0.html.

## Screenshots

 * [[
 * Dashboard overview with real-time threat summary.
 * [[
 * Alert detail screen showing remediation steps.
 * [[
 * Settings page for configuring API credentials and scan schedules.
 * [[
 * [[
 * [[

## Installation

 1. Upload the plugin files to the `/wp-content/plugins/vulnity` directory or install
    from the WordPress plugin repository.
 2. Activate the plugin through the **Plugins** screen in WordPress.
 3. Navigate to **Vulnity > Settings**, enter your Vulnity SIEM credentials, and save.
 4. (Optional) Enable scheduled scans on the **Monitoring** tab to receive weekly reports.

## FAQ

### Do I need a Vulnity SIEM subscription?

Yes. The plugin requires an active Vulnity SIEM account to collect and analyze events.

### Will the plugin slow down my site?

No. Event collection runs asynchronously and offloads processing to the Vulnity 
cloud platform.

### Can I disable certain alerts?

Absolutely. Use the **Alert Policies** section within the plugin settings to mute
or reclassify events.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“Vulnity Security” is open source software. The following people have contributed
to this plugin.

Contributors

 *   [ manuelgalan ](https://profiles.wordpress.org/manuelgalan/)

[Translate “Vulnity Security” into your language.](https://translate.wordpress.org/projects/wp-plugins/vulnity)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/vulnity/), check out
the [SVN repository](https://plugins.svn.wordpress.org/vulnity/), or subscribe to
the [development log](https://plugins.trac.wordpress.org/log/vulnity/) by [RSS](https://plugins.trac.wordpress.org/log/vulnity/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.3.2

 * Added WP-CLI bulk pairing support for agency and VPS environments.
 * Added safe dry-run validation before connecting a site from the command line.
 * Added pairing-key support so new WordPress installs can connect to Vulnity without
   copying per-site pair codes manually.

#### 1.3.1

 * Version bump to 1.3.1.
 * WordPress Multisite activation is blocked explicitly in 1.3.1 to avoid unsafe
   cross-blog configuration, storage, cron, or uninstall behavior.
 * Minimum supported WordPress version is now 6.2; older versions are blocked fail-
   safe during activation/runtime.

#### 1.2.3

 * Fixed firewall bootstrap blocking wp-login.php, wp-cron.php, admin-ajax.php, 
   and xmlrpc.php for blocked IPs — admins can now recover access.
 * Fixed firewall bootstrap returning HTML instead of JSON for REST API requests
   from blocked IPs.
 * Fixed uninstall leaving broken .htaccess when file is read-only — now creates
   safe stub to prevent HTTP 500.
 * Fixed early IP blocking (plugins_loaded:0) intercepting AJAX and REST requests,
   breaking admin panel functionality.
 * Reduced SIEM alert timeout from 10s to 3s to prevent page hangs during attacks.
 * Reduced inventory sync timeout from 30s to 8s to prevent random slow page loads
   via pseudo-cron.
 * Improved file detection in Protect Common Paths — now handles query strings, 
   trailing slashes, and dotted directory names correctly.
 * Added PHP execution blocking rule for uploads directory in generated Nginx configuration
   snippet.
 * Expanded REST API public route whitelist: added WooCommerce v3, UpdraftPlus, 
   BackWPup, Elementor, Forminator, FluentForms, SureCart, MailPoet, and block editor
   endpoints.
 * Added `Options -Indexes` to Protect Common Paths .htaccess rules as defense-in-
   depth measure.
 * Updated Stable tag from 1.2.2 to 1.2.3.

#### 1.2.2

 * Fixed anti-collapse dedup system blocking subsequent auto-update state toggle
   events due to identical hash.
 * Fixed wrong authentication headers for `/real-time-alerts` endpoint (now uses
   HMAC-SHA256 signature instead of token).
 * Fixed missing `remediation` field in auto-update state events sent to the SIEM.
 * Fixed `version_old` not captured in auto-update events; now recorded via `upgrader_pre_install`
   hook before files are replaced.
 * Fixed auto-update trigger running on disable; updates now only fire for newly
   enabled component types.
 * Fixed auto-update event detection using `instanceof WP_Automatic_Updater` instead
   of `wp_doing_cron()` for broader compatibility.
 * Fixed single-file plugin slug resolving to `.` (e.g. hello-dolly) in update event
   payloads.
 * Added `triggered_by` field to update events: `siem_manual`, `siem_auto_update`,
   or `wp_auto_updater`.
 * Auto-update toggles in the admin panel are now read-only; changes must be made
   from the SIEM.
 * Replaced `parse_url()` with `wp_parse_url()` for WordPress coding standards compliance.

#### 1.2.1

 * Plugin Check compatibility improvements for filesystem and nonce-related warnings.
 * Runtime validation improvements for scanner detection, file editor monitoring,
   and firewall state serialization.

#### 1.2.0

 * Fixed login URL rename validation against existing pages/posts and reserved WordPress
   routes.
 * Fixed uninstall cron cleanup to use `wp_unschedule_hook()` for complete removal.
 * Fixed heartbeat, mitigation sync, and alert buffer crons not cancelled on plugin
   disconnect.

#### 1.1.9

 * Send whitelist IPs (user public IP + localhost) to the SIEM during pairing so
   the whitelist persists after synchronization.

#### 1.1.8

 * Fixed Nginx warning notice appearing repeatedly on every admin page load; it 
   now displays only once.
 * Improved notice format: each protected path is shown on its own line for better
   readability.
 * Added link to solution documentation for Nginx .htaccess compatibility.

#### 1.1.7

 * Fixed deactivation not clearing all cron jobs (4 missing hooks, plus events re-
   scheduled by late-firing alert hooks).
 * Added `final_deactivation_cleanup` at priority 9999 to ensure complete cron and.
   htaccess cleanup after all hooks fire.
 * Replaced `wp_clear_scheduled_hook` with `wp_unschedule_hook` to clear single 
   events with arguments.
 * Added native PHP fallback for .htaccess marker removal when WP_Filesystem is 
   unavailable.
 * Fixed Plugin Check error: replaced direct `is_writable()` with `vulnity_path_is_writable()`
   and `WP_Filesystem_Direct`.

#### 1.1.5

 * Fix uninstall multisite cleanup query when `sitemeta` table is not available 
   to prevent SQL warnings in debug.log.

#### 1.1.4

 * Ensure uninstall removes Vulnity firewall/log folders recursively so no plugin-
   owned folders are left behind.

#### 1.1.3

 * Ensure uninstall removes Vulnity firewall/log folders even when permissions are
   restrictive by attempting safe chmod before cleanup.

#### 1.1.2

 * Added a dedicated Vulnity log with line-based rotation and safe fallbacks when
   uploads are not writable.
 * Added admin warning when firewall storage cannot be written, with clear remediation
   guidance.
 * Expanded uninstall cleanup to remove Vulnity log files and firewall artifacts
   across fallback paths.

#### 1.1.1

 * Fixed deactivation cleanup so Vulnity hardening marker blocks are removed fully
   from `.htaccess` without modifying user-defined rules.
 * Improved deactivation safety in shared hosting environments with conservative,
   marker-only rollback behavior.

#### 1.1.0

 * Improved admin UI consistency across Dashboard, Synchronization, Mitigation, 
   Hardening, and Setup screens.
 * Hardened plugin lifecycle behavior for shared hosting compatibility and safer
   deactivation/uninstall flows.
 * Added conservative server integration safeguards to reduce side effects in Apache/
   Nginx environments.

#### 1.0.5

 * Version bump to 1.0.5.

#### 1.0.4

 * Version bump to 1.0.4.

#### 1.0.3

 * Standardized admin asset enqueues and AJAX URL localization for compliant loading.
 * Hardened nonce and capability checks across alerts and admin handlers.
 * Improved path resolution using WordPress APIs for non-default installs.
 * Documented external Supabase services used for alerts and mitigation updates.

#### 1.0.2

 * Initial release.

## Meta

 *  Version **1.3.3**
 *  Last updated **2 көн ago**
 *  Active installations **30+**
 *  WordPress version ** 6.2 or higher **
 *  Tested up to **6.9.4**
 *  PHP version ** 7.4 or higher **
 *  Language
 * [English (US)](https://wordpress.org/plugins/vulnity/)
 * Tags
 * [intrusion detection](https://tt.wordpress.org/plugins/tags/intrusion-detection/)
   [monitoring](https://tt.wordpress.org/plugins/tags/monitoring/)[security](https://tt.wordpress.org/plugins/tags/security/)
 *  [Advanced View](https://tt.wordpress.org/plugins/vulnity/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/vulnity/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/vulnity/reviews/)

## Contributors

 *   [ manuelgalan ](https://profiles.wordpress.org/manuelgalan/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/vulnity/)