How It Works
The Complete Flow
WP Vanguard works in a few simple steps. Here's everything from first visit to a clean site.
1. Free Surface Scan
Visit the homepage and enter your WordPress site URL. No account required. The surface scanner checks your site externally for:
- Known vulnerability signatures in visible headers
- Exposed sensitive files (debug logs, backups, config files)
- SSL/TLS configuration issues
- WordPress version detection
- Suspicious scripts in your page source
Results appear in about 30 seconds. This gives you a quick overview of your site's public-facing security posture.
2. Create an Account
If you want a deeper analysis, create a free account. Registration takes 30 seconds - just email and password.
3. Add Your Site
From your dashboard, add your WordPress site. You'll provide:
- Your site URL
- SSH credentials (host, port, username, key or password)
SSH access lets our scanner examine files directly on your server. This is how we detect malware that hides inside PHP files, database tables, and upload directories.
4. Run a Deep Scan
Trigger a deep server scan from your dashboard. The scanner runs a 20-step verification process via SSH, covering:
- All WordPress core files against official checksums
- Every installed plugin and theme for known malware patterns (48+ signatures)
- The uploads directory for PHP files (a common hiding spot)
- Database content for injected scripts and SEO spam
- Configuration files for suspicious modifications
- User accounts for unauthorized administrators
- Cron jobs for malicious scheduled tasks
You'll see real-time progress in your dashboard as each step completes. Your first deep scan is free. After that, each scan costs $1.
5. Review Your Report
When the scan completes, you'll receive an email notification and your dashboard will show a detailed report with:
- Total issues found, grouped by severity (critical, high, medium, low)
- An AI security assessment that prioritizes findings and explains the overall risk
- Specific files affected with file paths and modification details
- AI-powered explanations for each finding in plain language
- Tailored fix recommendations for your specific setup
You can view the report in your dashboard or download it as a PDF to share with your team or hosting provider.
6. Request Cleanup (If Needed)
If the scan finds malware, you can request a professional cleanup directly from the report. Our team will:
- Remove all detected malware
- Restore modified core files
- Delete unauthorized admin accounts
- Harden your wp-config.php and .htaccess
- Run a verification scan to confirm the site is clean
Your first cleanup is free. After that, each cleanup costs $49 and is completed within 24 hours.
7. Ongoing Monitoring
After your site is clean, WP Vanguard keeps watching it automatically — no action needed on your part:
- Uptime checked every 5 minutes
- SSL and domain expiry checked daily, alerts at 30/14/7 days
- Google blacklist checked daily, instant alert if flagged
- Performance score (PageSpeed mobile) checked weekly
- Deep scans run automatically every week by default
All of this shows on your dashboard and site detail page. See Site Monitoring for the full breakdown, including how to switch the deep-scan cadence to daily, monthly, or off per site from Site Settings. You can still trigger a manual deep scan anytime ($1 each); the schedule and the manual option live side by side.
Check Your WordPress Site Security
Free scan, no login required. Find vulnerabilities before attackers do.
Scan Your Site Free