S4E: Effortless & Continuous Cybersecurity

S4E: Effortless & Continuous Cybersecurity is a powerful WordPress plugin that seamlessly integrates with the S4E scan API to provide comprehensive security scanning capabilities for your website. This plugin offers a user-friendly interface to trigger various types of security scans and view detailed reports.

Key Features

• User-friendly interface with light/dark theme support
• Multiple scan types:
  • Full Scan
  • Light Scan
  • Single Scan
  • Crawler Scan
• Real-time scan progress tracking
• Detailed scan reports
• Secure API integration
• Responsive design

How to Use

Step 1: Create an S4E Account 1. Visit S4E Signup and create a free account 2. Verify your email address 3. Login to your S4E dashboard

Step 2: Get Your API Token 1. In your S4E dashboard, navigate to API Token page 2. Generate a new API token 3. Copy the token (you’ll need this for the plugin)

Step 3: Install and Configure the Plugin 1. Install and activate the plugin in WordPress 2. The plugin will automatically create a new “S4E Security” menu item in your WordPress admin sidebar

Step 4: Access the Plugin 1. In your WordPress admin area, navigate to “S4E Security” in the sidebar menu 2. You’ll see a login form where you can enter your S4E API token 3. Enter your S4E API token in the login field 4. Click “Login” – you’ll be redirected to your profile dashboard

Step 5: Add Your Asset for Auto-Verification 1. In the Profile tab, you will see your WordPress site’s domain automatically detected. 2. To enable auto-verification, add this asset to your S4E account by clicking “Add Asset”. 3. After adding the asset, you will see a popup to choose a verification method. Both security.txt and HTML file methods are available for verification. 4. When you choose a verification method, a file will be automatically created in the root of your domain (e.g., wordpress.net/security.txt or wordpress.net/s4e-ft6PdLzawaNM.html). 5. Click the “Verify Asset” button to complete verification. For successful verification, the security.txt file must be accessible at your base domain (e.g., wordpress.net/security.txt). 6. Your asset will be verified automatically once the file is detected.

Step 6: Start Your First Scan 1. Go to the “Reports” tab 2. Click “Start a new scan” 3. Choose your scan type: – Full Scan: Comprehensive security analysis (recommended for first scan) – Light Scan: Quick security check – Single Scan: Redirects to S4E web interface for advanced scanning – Crawler: Maps your website structure 4. Click “Start Scan”

Step 7: View Results 1. Scan progress will be displayed in real-time with status updates. 2. Once every scan is completed, detailed reports will be available in the Reports tab. 3. Click on any report to view vulnerability details and remediation recommendations in the S4E web interface.

Demo Credentials: For review purposes, you can contact S4E support at support@s4e.io for a demo token.

Requirements

• WordPress 5.8 or higher
• PHP 7.4 or higher
• Active S4E account and API credentials

External Services

This plugin connects to external services to provide security scanning capabilities. The following external services are used:

S4E API (https://api.s4e.io/api)

What the service is and what it is used for: The S4E API is a comprehensive security scanning service that provides vulnerability assessment and reporting capabilities for websites and web applications.

What data is sent and when: – API Token: Sent with every request for authentication – User Information: Sent when retrieving user profile and package information – Asset Information: Sent when adding, checking ownership, or retrieving details about domains/URLs to be scanned – Scan Parameters: Sent when initiating various types of security scans (Full Scan, Light Scan, Single Scan, Crawler Scan) – Scan History Requests: Sent when retrieving scan history and reports – Activity Logs: Sent when retrieving scan activity and progress information

Service Provider Information: – Service Provider: S4E (Security 4 Everyone) – Terms of Service: https://s4e.io/terms-of-use – Privacy Policy: https://s4e.io/privacy-policy

S4E SRS Service (https://srs.s4e.io)

What the service is and what it is used for: The S4E SRS (security.txt Reporting Service) is used to generate security.txt files for domains, providing contact information for security researchers and vulnerability disclosure.

What data is sent and when: – Domain Information: Sent when generating security.txt files for vulnerability disclosure

Service Provider Information: – Service Provider: S4E (Security 4 Everyone) – Terms of Service: https://s4e.io/terms-of-use – Privacy Policy: https://s4e.io/privacy-policy

Additional Information

For more information about S4E and its services, please visit S4E.io.