WebTotem Security – is a security plugin for WordPress that monitors websites and prevents website attacks with the help of special internal and external utilities.
1) Antivirus looks for shells, viruses, obfuscations, or file changes.
2) Firewall checks client requests to the server preventing SQL injections, XSS, or DDOS attacks.
1) Deface scanner shows the substitution of pages by hackers on the website.
2) SSL module shows the expiration date of the website SSL certificate.
3) Port scanner detects open ports on the web server that can be exploited by intruders.
4) Reputation module shows blacklist entries.
5) Accessibility module tracks the website availability and page response time.
6) Technology module detects the technology stack and its versions.
7) Server Resources module shows RAM/CPU load data and server disc usage.
It is required to have an account on WebTotem to use the extension.
Installing the WebTotem security plugin is very simple. Detailed description of the process with screenshots is available here , however below we give a short instruction.
To install WebTotem Security:
- Go to the “Plugins” page and then select “Add New”,
- Search for our plugin using the name “WebTotem Security”,
- Once you have installed the plugin, you need to activate it. Go to the “Installed Plugins” page and click on the “Activate” button,
- Go to the WebTotem and Generate an API-key on the “API-keys” page,
- Use the API-key to activate plugin in the WordPress admin panel on the “WebTotem Security” page.
Visit the Support Forum to ask questions, report bugs or suggest new features.
More information on the WebTotem Security plugin can be found in our Help Center.
Why can’t I activate WordPress plugin with API-Keys?
It is required to copy API-Key immediately after it has been generated. Since we don’t store API-Keys with authentic namings for the sake of security issues. If you did not copy it from generation window, we recommend you to delete it, generate a new one again and copy it with original naming.
Why doesn’t firewall block the attacks?
After installation the firewall is undergoing training for two weeks, analyzing the operation of the system and all requests. Upon completion of the training, the firewall will start to block attacks. If after two weeks after installation the firewall does not block attacks, then contact support.
Does GDN send my data to other WebTotem clients?
Thanks for the question. You don’t have to worry about your personal data. GDN option shares data collected between your websites and does not share it with other WebTotem clients.
How does antivirus work?
Our antivirus scans every 6 hours and scans automatically each time the filesystem changes. In other words, if you upload a new file to your website our antivirus scans it immediately. There is also an option to start manual scanning by clicking the rescan button in the right top of the module. Manual scanning shows the same results if no changes to filesystem has occured since the last automatic scanning.
How do I delete an infected file?
It is impossible to completely delete a file marked as infected by an antivirus using our service. This can be a vital file for your website. You can quarantine this file. To do this, select the site you need in your personal account. Go to the antivirus module, click the “SHOW MORE” button, configure the filter for infected files and click the “trash bin” icon next to the file name.
Contributors & Developers
“WebTotem Security” is open source software. The following people have contributed to this plugin.Contributors
- Fixed a bug related to using the function str_contains
- Internal improvements
- Fixed session errors
- Internal improvements
- Fixed styles issue
- Fixed multisite page view
- Added multisite support
- All settings have been moved to the settings page
- Internal improvements
- Change title for request counter on WAF blocks
- Fixed adding domains
- Fixed adding IDN domains
- Fixed page reload issue
- Fixed a problem with viewing AV logs
- Added URL white list
- Fixed the issue of time zone
- Added port ignore list
- Added the ability to send IP addresses by list
- Added notifications settings
- Fixed the issue of reinstalling agents
- Fixed styles
- Added antivirus last scan time
- Fixed an issue with API key authorization
- Fixed the issue of deleting agent files
- Fixed redirects issue
- Fixed the authorization issue
- Changed the translation algorithm
- Added ru-Ru language
- Fixed logout bug
- Fixed waf training period
- Changed display of data
- Fixed file filter by status
- Updated agents statuses
- Fixed styles dark mode
- Logic changed, agents are removed when logout
- Updated plugin information
- Updated screenshots
- Fixed the issue of deactivating the plugin
- Fixed the issue of adding a file to the quarantine
- Added analytics system
- Added Firewall advanced options allow/deny list
- Fixed conflict with some plugins
- Fixed session errors in the “site health” section
- Added antivirus permission changed filter
- Added download antivirus log
- Added antivirus rescan
- Fixed plugin deactivation bug
- Fixed the issue of adding sites with www
- Added report page
- Limit login attempt option
- Added file quarantine
- Added Server resources module
- Added settings page
- Fixed data display error
- Added dark mode
- Added attacks map view
- Disable waf in admin page