FirePhage Security is now live in the official WordPress Plugin Directory.
You can install it directly from WordPress admin, or view it on WordPress.org here:
FirePhage Security on WordPress.org
This matters because FirePhage is not only an edge security platform. WordPress itself still needs visibility from the inside: file integrity, malware scanning, update exposure, login abuse signals, and basic health checks.
The plugin is the bridge between those two layers.
FirePhage protects from the edge. The plugin helps you see what is happening inside WordPress.
Why we built a WordPress plugin
Most WordPress security problems do not live neatly in one layer.
Some attacks should be stopped before WordPress ever loads:
- bot traffic
- login abuse
- scraping
- fake checkout activity
- DDoS pressure
- hostile request floods
That is the job of FirePhage at the edge.
But some signals only become visible from inside the WordPress install:
- unexpected file changes
- modified core files
- vulnerable update posture
- local malware indicators
- login lockout activity
- health checks from the actual WordPress environment
That is why the plugin exists.
It gives site owners and agencies a local WordPress security layer that can also connect back to FirePhage when you want dashboard visibility and alerts.
What the plugin does today
The first public release focuses on practical WordPress security visibility.
FirePhage Security includes:
- local WordPress health checks
- WordPress core checksum verification
- plugin and theme repository integrity checks
- background malware scanning
- malware findings with file paths and context
- brute-force/login protection
- XML-RPC protection controls
- update visibility for core, plugins, and themes
- optional email notifications
- optional FirePhage signature updates
- optional paid FirePhage dashboard connection
The goal is not to make WordPress admin more complicated.
The goal is to show the security signals that matter without forcing every site owner to become a forensic analyst.
Malware scanning and file integrity
The plugin includes a malware scanner built around file integrity first.
That is intentional.
A lot of noisy scanner logic creates false positives by looking for generic PHP behavior. WordPress plugins and themes are full of legitimate code that can look suspicious out of context.
FirePhage Security takes a stricter path:
- trust official WordPress checksums where available
- compare core, plugin, and theme files against known package references
- use a local baseline for custom files
- scan remaining files with FirePhage signature data
- surface findings in a way a site operator can actually review
This is designed to reduce noise while still catching meaningful changes and known malicious indicators.
Brute-force and login protection
The plugin also includes local brute-force protection.
That means WordPress can apply lightweight controls around repeated login attempts and XML-RPC abuse, while FirePhage can still handle the broader edge side when a site is protected by the platform.
This two-layer model matters.
Blocking bad traffic at the edge is better than letting WordPress process it. But local login visibility is still useful, especially when you are diagnosing what happened before a site was fully protected or when a site is not yet connected to FirePhage.
Optional FirePhage connection
The plugin can run locally without connecting to a paid FirePhage account.
That was important from the start.
A WordPress.org plugin should still be useful after installation, even before someone becomes a customer.
If you do connect it to FirePhage, the plugin can sync security reports into the FirePhage dashboard so the site’s edge data and WordPress data can live in one workflow.
That connected workflow is especially useful for:
- agencies managing multiple WordPress sites
- WooCommerce stores that need cleaner operational visibility
- teams that want edge protection and WordPress health in the same dashboard
- site owners who do not want to stitch together five disconnected tools
Optional signature updates
FirePhage Security ships with bundled signature data.
Site owners can also request an optional free FirePhage signature token to receive remote signature updates. That flow is explicit and opt-in.
The plugin does not silently connect a site to FirePhage.
If you want remote signature updates, you request them. If you want dashboard sync, you connect the plugin from your FirePhage site dashboard.
That keeps the plugin useful locally while still allowing stronger visibility when you choose to connect it.
How to install it
You can install the plugin from WordPress admin:
- Open Plugins
- Click Add New Plugin
- Search for FirePhage Security
- Install and activate the plugin
- Open the FirePhage Security page in WordPress admin
- Run the first health check and malware scan
You can also install it directly from WordPress.org:
Install FirePhage Security from the WordPress Plugin Directory
Who should install it
The plugin is built for WordPress and WooCommerce operators who want clearer security visibility.
It is especially useful if you manage:
- client WordPress sites
- WooCommerce stores
- sites that have been cleaned after malware
- sites with frequent plugin/theme changes
- sites that need both edge protection and internal WordPress monitoring
If your site is already behind FirePhage, the plugin gives you the WordPress-side view that edge logs cannot provide alone.
If your site is not behind FirePhage yet, the plugin is still a practical starting point for local malware scanning, integrity checks, login protection, and update visibility.
The bigger FirePhage direction
FirePhage is built around a simple idea:
WordPress security should be understandable enough to operate, not just technically present.
The edge platform handles hostile traffic before it reaches origin.
The WordPress plugin reports what is happening inside the application.
Together, those layers give agencies, store owners, and site operators a clearer picture of risk without forcing them to live inside raw logs.
This first WordPress.org release is the beginning of that workflow.
Install the plugin, run a scan, and connect it to FirePhage when you want the full dashboard view.