Changelog

What's new

Every improvement, fix, and feature we have shipped, in order.

v0.10.0

May 15, 2026 Latest
New
  • WAF-aware WordPress detection — surface scanner now identifies Cloudflare, Sucuri, and other WAFs by name when a site is blocked, instead of reporting "Not a WordPress site"
  • Newsletter signups sync automatically to our mailing list with the Security tag
Improve
  • Weekly automatic deep scans are now the default for every account — adjust or disable per site from Site Settings if you want a different cadence
  • Submitted URLs are normalized to the root domain across every scan entry point so /wp-admin and trailing-slash variants no longer double-create scans
Fix
  • /scan no longer shows the Laravel 419 "Page Expired" screen on CSRF token expiry — visitors land back on the scan form with their submitted URL prefilled and a fresh session
  • GET requests to /scan redirect to the scan landing page instead of returning a 405 Method Not Allowed error
  • SQLite test suite runs cleanly again after gating a MySQL-only backfill migration that was blocking test-bench setup

v0.9.0

March 14, 2026
New
  • Uptime monitoring — checks every 5 minutes, email alerts on down/recovery with flap detection
  • Dedicated uptime history page — 24h/7d/30d uptime %, 45-day coloured bar, avg response time, and last 50 checks per site
  • Automatic scan scheduling — daily, weekly, or monthly recurring quick scans per site
  • Plugin vulnerability alerts — email when new CVEs affect plugins on your sites
  • Weekly security digest — Monday summary of uptime, last scan, and next scheduled scan
  • Two-way cleanup messaging — customers can send follow-up messages after cleanup completes; team can reply in a shared thread
  • Star rating and review collection — 5-star rating with optional comment at end of cleanup; one-time submission
  • Site settings page — consolidated view of uptime status, scan schedule, SSH credentials, and danger zone per site
  • Newsletter signup on blog posts — subscribe for weekly security tips without an account; one-click unsubscribe
  • Admin newsletter subscriber list with active/unsubscribed counts and CSV export
  • SSL expiry monitoring — daily check per site, email alerts at 30/14/7 days, status visible on dashboard and site detail
  • Domain expiry monitoring — daily WHOIS check per site, email alerts at 30/14 days
  • Blacklist monitoring — daily Google Safe Browsing check, instant alert email on first detection, badge on dashboard
  • Performance score tracking — weekly Google PageSpeed Insights (mobile) score per site, shown on dashboard and site detail
Improve
  • Notification preferences — manage which alerts you receive from your profile page
  • Homepage and pricing page updated to reflect full platform feature set
  • About, FAQ, roadmap, and changelog pages updated to match current capabilities

v0.8.0

March 14, 2026
New
  • Edit SSH Credentials — update host, port, username, password, or key for an existing site without deleting and re-adding it
Improve
  • Quick scans are now always free — no payment required
  • Deep scans are $1 per scan
  • SSH Test Connection now shows a specific reason on failure (wrong port, authentication failed, host unreachable, connection timed out) instead of a generic error

v0.7.0

March 2, 2026
New
  • Partner tier pricing with self-serve Stripe Checkout registration
  • Subscription management via Stripe webhooks (upgrades, downgrades, cancellation)
  • Customer portal link for partners to manage billing in Stripe
  • Demo site and scan report seeded automatically for new partner accounts
  • 20-step deep scan via SSH (malware signatures, core integrity, hidden backdoors, database injections)
  • AI-enriched scan explanations and remediation suggestions
  • PDF scan reports with executive summary
  • Product roadmap page
Fix
  • Security edge cases in partner subscription flow
  • Separate webhook secret for partner Stripe endpoint

v0.6.0

March 1, 2026
New
  • SSH "Test Connection" button on site creation and detail pages
  • Site delete button always visible regardless of site status
Fix
  • Queue worker now listens on both default and scan_jobs queues

v0.5.0

February 28, 2026
New
  • Media kit page with SVG logo variants and PNG exports
  • X/Twitter links in footer and OG image fallback on all public pages

v0.4.0

February 22, 2026
New
  • Partner API v1 for agencies and hosting providers
  • Partner portal with dashboard, usage stats, API key management
  • 5 partner tiers (Free, Starter, Growth, Scale, Enterprise)
  • Enterprise features: idempotency, IP whitelisting, HMAC webhooks
  • OpenAPI 3.0 specification

v0.3.0

February 15, 2026
New
  • Blog with 12 WordPress security articles
  • Documentation section with 9 pages
  • 4-source vulnerability database (Wordfence, Patchstack, WPScan, WPVulnerability.net)
  • 11-service blacklist monitoring
  • Screenshot capture during surface scans
  • Google Analytics with conversion tracking
  • Sitemap index and shareable scan report URLs
  • Free cleanup credit for new customers

v0.2.0

February 1, 2026
New
  • Free public surface scanner
  • Pay-per-use pricing ($0 surface, $1 deep, $49 cleanup)
  • Stripe payments via Laravel Cashier

v0.1.0

January 15, 2026
New
  • Initial Laravel 12 application with Docker Compose
  • Python scanner service (surface + deep scan via SSH)
  • User authentication and site management
  • Admin dashboard