Data Safety & Privacy
Your Security Is Our Priority
We ask for sensitive information (SSH credentials, site URLs) to provide our scanning service. Here's exactly how we handle that data.
Credential Encryption
SSH credentials are encrypted at rest using AES-256 encryption. They are only decrypted at the moment a scan is initiated, used for the duration of the scan, and then the decrypted values are discarded from memory.
Your credentials are never:
- Stored in plain text
- Logged in any application logs
- Shared with third parties
- Accessible to support staff in decrypted form
What We Access
During a deep scan, our scanner connects to your server via SSH and reads:
- WordPress core files (to verify integrity)
- Plugin and theme files (to detect malware patterns)
- The uploads directory (to find suspicious PHP files)
- wp-config.php (to check security settings)
- .htaccess files (to detect malicious redirects)
- Database content (to find injected scripts)
We do not access:
- Files outside your WordPress installation
- Email accounts or mailboxes
- Other websites on the same server
- Your hosting control panel
During a cleanup (only when you explicitly request one), our team makes changes to remove malware and harden your site. Every change is documented in your cleanup report.
Data Retention
Scan results are stored in your account and available in your dashboard for as long as your account exists. You can download PDF reports at any time.
SSH credentials remain encrypted in our database until you delete your site from the dashboard. Deleting a site permanently removes the stored credentials.
Surface scan results (from the free public scanner) are retained to provide shareable report URLs. They contain no sensitive data - only the findings from the external scan.
Account Deletion
You can delete your account at any time from your profile settings. This permanently removes:
- All stored SSH credentials
- All scan reports and results
- All site records
- Your account information
Infrastructure
WP Vanguard runs on isolated infrastructure. The scanner service runs in its own container with no access to the main application database. SSH connections are established on-demand and terminated immediately after each scan.
Questions
If you have questions about how we handle your data, contact us at support@wpvanguard.com.
Check Your WordPress Site Security
Free scan, no login required. Find vulnerabilities before attackers do.
Scan Your Site Free