Data Safety & Privacy

Data Safety & Privacy

Your Security Is Our Priority

We ask for sensitive information (SSH credentials, site URLs) to provide our scanning service. Here's exactly how we handle that data.

Credential Encryption

SSH credentials are encrypted at rest using AES-256 encryption. They are only decrypted at the moment a scan is initiated, used for the duration of the scan, and then the decrypted values are discarded from memory.

Your credentials are never:

  • Stored in plain text
  • Logged in any application logs
  • Shared with third parties
  • Accessible to support staff in decrypted form

What We Access

During a deep scan, our scanner connects to your server via SSH and reads:

  • WordPress core files (to verify integrity)
  • Plugin and theme files (to detect malware patterns)
  • The uploads directory (to find suspicious PHP files)
  • wp-config.php (to check security settings)
  • .htaccess files (to detect malicious redirects)
  • Database content (to find injected scripts)

We do not access:

  • Files outside your WordPress installation
  • Email accounts or mailboxes
  • Other websites on the same server
  • Your hosting control panel

During a cleanup (only when you explicitly request one), our team makes changes to remove malware and harden your site. Every change is documented in your cleanup report.

Data Retention

Scan results are stored in your account and available in your dashboard for as long as your account exists. You can download PDF reports at any time.

SSH credentials remain encrypted in our database until you delete your site from the dashboard. Deleting a site permanently removes the stored credentials.

Surface scan results (from the free public scanner) are retained to provide shareable report URLs. They contain no sensitive data - only the findings from the external scan.

Account Deletion

You can delete your account at any time from your profile settings. This permanently removes:

  • All stored SSH credentials
  • All scan reports and results
  • All site records
  • Your account information

Infrastructure

WP Vanguard runs on isolated infrastructure. The scanner service runs in its own container with no access to the main application database. SSH connections are established on-demand and terminated immediately after each scan.

Questions

If you have questions about how we handle your data, contact us at support@wpvanguard.com.

Check Your WordPress Site Security

Free scan, no login required. Find vulnerabilities before attackers do.

Scan Your Site Free