plugin-icon

Webfiable Info

By webfiable·
Connect your site to Webfiable (webfiable.com) to track config health and get security recommendations. Public early access (white march). Free.
endpoint
hardening
inventory
Rating
Add a review
Version
2.0.5
Active installations
20
Last updated
Nov 27, 2025
Webfiable Info

Improve your site’s security posture and configuration health with monitoring and recommendations.

Webfiable Info is the on-site companion for the Webfiable security service (https://webfiable.com). It securely gathers information about your site’s WordPress version, plugins, themes, and basic site metadata and registers your site with Webfiable so you can receive ongoing reports via email. You stay in control: consent is explicit, and the public endpoint is opt-in and verified on save.

During the white march period, there is no separate signup or billing – the plugin registers your site automatically from the settings screen and you can use the service for free. A subscription may be required in the future; we will notify administrators well in advance.

Features

  • One-click registration: Enter a report recipient email, grant consent, and enable the endpoint; Webfiable Info verifies the endpoint and registers the site automatically.
  • Opt-in endpoint: The public /webfiable endpoint is disabled by default and verified when enabled. If verification or registration fails, the plugin safely disables it.
  • Consent-aware behavior: Turning off consent simply saves your choice and disables the endpoint; you can re-enable later.
  • Lightweight by design: No heavy background jobs; the endpoint serves inventory on demand and runs in milliseconds.
  • Secure by default: Uses hybrid encryption (AES-256 + RSA-2048) to transport data.
  • Part of the Webfiable service: Currently in white march (early access) and free to use; a subscription may be required in the future. Learn more at https://webfiable.com.

Security Features

Webfiable Info is built with security at its core, ensuring that your website’s data is protected at every stage:

  • Hybrid Encryption: Combines AES and RSA. The inventory is encrypted with AES-256-CBC; the AES key is encrypted with RSA-2048.
  • Fresh IV per response: Each response uses a new IV so ciphertext is always unique.
  • Public endpoint, private content: The /webfiable endpoint can be accessed by anyone, but the payload is encrypted for Webfiable only.
  • Rate limiting: Basic per-IP rate limiting reduces abuse.

Why It Is Secure

  1. Strong transport: AES-256 for data, RSA-2048 for the key – only Webfiable can decrypt.
  2. Unique IVs: Each response is unique even for identical content.
  3. Minimal inventory: Only software inventory and basic metadata needed for analysis; no credentials or content are collected.

License

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.

Freeon Business plan
Get started
By installing, you agree to WordPress.com Terms of Service and Third-Party plugin Terms.
Tested up to
WordPress 6.8.3
This plugin is available for download for your site.
Download