Description
Forvault Security is a read-only, on-demand forensic scanner for WordPress. It is built for confirming whether a site is clean (or proving what changed after an incident) without touching your files. Every scan runs only when you click a button — there is no background processing on front-end page loads, no automatic file edits, and scanned code is never executed.
The plugin is fully functional on its own. There are no locked features and no trial timers.
What it does
-
Malware Scan — Heuristically inspects every PHP file for web-shell and backdoor indicators: encoded payloads passed to
eval, request input invoked as a function, OS command execution, known shell-family marker strings, packed/obfuscated blobs, executable PHP insidewp-content/uploads/, and more. Each suspicious file is scored and reported with the exact path and line numbers. Comments and docblocks are stripped before matching, and strong vs. supporting signals are separated to reduce false positives. Findings are advisory heuristics — review each flagged file. -
Core Integrity — Verifies every WordPress core file against the official checksum manifest for your exact version and locale (from api.wordpress.org). Reports modified core files, missing core files, and unknown files hiding inside
wp-admin/orwp-includes/. No prior snapshot is required, so it works even on an already-compromised site. -
File Baseline — Fingerprints your plugins, themes, mu-plugins and uploads with SHA-256 and stores the inventory. Re-check at any time to see exactly which files were added, modified or removed since the snapshot. This covers the code that has no official manifest.
Privacy
The plugin performs all scanning locally on your server. It does not collect analytics, does not phone home, and stores nothing about your site on any remote server. See External services below for the single, optional outbound request used by Core Integrity.
Premium add-on
An optional premium add-on (a separate plugin, distributed and licensed at storearmory.com, not hosted on WordPress.org) adds response and monitoring features such as scheduled scans, real-time file-change watching, reversible quarantine, outbound-connection auditing and forensic evidence bundles. The free plugin does not require it and is not time-limited.
External services
This plugin connects to one external service, and only when you explicitly click Verify core files on the Core Integrity screen:
- WordPress.org Checksum API (
https://api.wordpress.org/core/checksums/1.0/)- What it is used for: to download the official MD5 checksum manifest for your installed WordPress version, so core files can be compared against the known-good originals.
- What data is sent: only your WordPress version number and site locale (as URL query parameters). No personal data, site content, file contents or identifiers are transmitted.
- When: only on demand, when you run a core verification. It is never contacted automatically.
- WordPress.org terms: https://wordpress.org/about/privacy/ — Privacy policy: https://wordpress.org/about/privacy/
No other external services are contacted. The optional premium add-on (a separate plugin) is what communicates with storearmory.com for licensing; this free plugin does not.
Screenshots




Installation
- Upload the
forvault-securityfolder to/wp-content/plugins/, or install it from the Plugins screen in your WordPress dashboard. - Activate the plugin through the Plugins menu in WordPress.
- Open Forvault Security in the admin sidebar.
- Run a Malware Scan and Core Integrity check, and take a File Baseline while the site is clean so you can detect future changes.
FAQ
-
Will this plugin modify or delete any of my files?
-
No. Every feature is strictly read-only. The scanner reads file contents to analyze them but never edits, moves, deletes or executes them. The baseline only stores hashes.
-
Are the malware findings definitive?
-
No. The Malware Scan uses scored heuristics, the same approach as tools like php-malware-finder or a YARA pass. A high score means a file deserves review, not that it is certainly malicious. Always inspect a flagged file before taking action.
-
Does it run scans automatically in the background?
-
No. The free plugin only scans when you click a button, and it does no work on public page loads. Scheduled/automatic scanning is offered by the separate premium add-on.
-
What WordPress versions can Core Integrity verify?
-
Any version published on WordPress.org. The check downloads the official manifest for your exact version and locale at the moment you run it.
-
No. All three scanners are complete and free. The premium add-on is optional and adds response/monitoring tooling.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“Forvault Security” is open source software. The following people have contributed to this plugin.
ContributorsTranslate “Forvault Security” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.0.0
- Initial release: Malware Scan (heuristic web-shell detection), Core Integrity (official checksum verification) and File Baseline (SHA-256 change detection).
