Forvault Security
Forvault Security is a read-only, on-demand forensic scanner for WordPress. It is built for confirming whether a site is clean (or proving what changed after an incident) without touching your files. Every scan runs only when you click a button — there is no background processing on front-end page loads, no automatic file edits, and scanned code is never executed.
The plugin is fully functional on its own. There are no locked features and no trial timers.
What it does
-
Malware Scan — Heuristically inspects every PHP file for web-shell and backdoor indicators: encoded payloads passed to
eval, request input invoked as a function, OS command execution, known shell-family marker strings, packed/obfuscated blobs, executable PHP insidewp-content/uploads/, and more. Each suspicious file is scored and reported with the exact path and line numbers. Comments and docblocks are stripped before matching, and strong vs. supporting signals are separated to reduce false positives. Findings are advisory heuristics — review each flagged file. -
Core Integrity — Verifies every WordPress core file against the official checksum manifest for your exact version and locale (from api.wordpress.org). Reports modified core files, missing core files, and unknown files hiding inside
wp-admin/orwp-includes/. No prior snapshot is required, so it works even on an already-compromised site. -
File Baseline — Fingerprints your plugins, themes, mu-plugins and uploads with SHA-256 and stores the inventory. Re-check at any time to see exactly which files were added, modified or removed since the snapshot. This covers the code that has no official manifest.
Privacy
The plugin performs all scanning locally on your server. It does not collect analytics, does not phone home, and stores nothing about your site on any remote server. See External services below for the single, optional outbound request used by Core Integrity.
Premium add-on
An optional premium add-on (a separate plugin, distributed and licensed at storearmory.com, not hosted on WordPress.org) adds response and monitoring features such as scheduled scans, real-time file-change watching, reversible quarantine, outbound-connection auditing and forensic evidence bundles. The free plugin does not require it and is not time-limited.
External services
This plugin connects to one external service, and only when you explicitly click Verify core files on the Core Integrity screen:
- WordPress.org Checksum API (
https://api.wordpress.org/core/checksums/1.0/)- What it is used for: to download the official MD5 checksum manifest for your installed WordPress version, so core files can be compared against the known-good originals.
- What data is sent: only your WordPress version number and site locale (as URL query parameters). No personal data, site content, file contents or identifiers are transmitted.
- When: only on demand, when you run a core verification. It is never contacted automatically.
- WordPress.org terms: https://wordpress.org/about/privacy/ — Privacy policy: https://wordpress.org/about/privacy/
No other external services are contacted. The optional premium add-on (a separate plugin) is what communicates with storearmory.com for licensing; this free plugin does not.
