Providing SSH Access
Why SSH Is Needed
The deep server scan needs to read files directly on your server to detect malware hidden inside PHP code, database entries, and upload directories. SSH (Secure Shell) provides a secure, encrypted connection to your server for this purpose.
We only use SSH to read files during scans. We do not modify any files unless you request a cleanup.
What You'll Need
To add SSH credentials in WP Vanguard, you'll provide:
- Host: Your server's IP address or hostname
- Port: Usually 22 (default SSH port)
- Username: Your SSH username
- Authentication: Either an SSH private key or password
Cloudways
- Log into your Cloudways dashboard
- Go to Servers and select your server
- Click Master Credentials tab
- Copy the Public IP, Username, and Password
- The SSH port is 22
- In WP Vanguard, enter these credentials when adding your site
The WordPress path on Cloudways is typically:
/home/master/applications/{app-folder}/public_html/
You can find the exact path under Application > Application Settings.
cPanel / WHM
Using Password Authentication
- Log into cPanel
- Your SSH host is your server's IP or domain
- Your username is your cPanel username
- Your password is your cPanel password
- Port is 22
Using SSH Keys (Recommended)
- In cPanel, go to Security > SSH Access > Manage SSH Keys
- Click Generate a New Key
- Set a key name and passphrase
- Click Generate Key
- Go back to Manage SSH Keys and click Manage next to your private key
- Click View/Download to download the private key
- Paste the private key content in WP Vanguard when adding your site
The WordPress path on cPanel is typically:
/home/{username}/public_html/
DigitalOcean Droplets
- When creating a Droplet, add your SSH key or use the password emailed to you
- Your host is the Droplet's IP address
- Your username is root (or a sudo user you've created)
- Port is 22
If you set up a sudo user (recommended):
ssh root@your-droplet-ip
adduser wpvanguard
usermod -aG sudo wpvanguard
The WordPress path depends on your setup but is commonly:
/var/www/html/ or /var/www/your-domain/
Other Hosting Providers
The general steps are the same for any hosting provider:
- Find your server's IP address or hostname
- Get your SSH username and password (or generate an SSH key pair)
- Confirm the SSH port (almost always 22)
- Find the path to your WordPress installation
If your host doesn't provide SSH access, you won't be able to use the deep scan. The free surface scanner is still available and doesn't require SSH.
Troubleshooting
Connection refused: Confirm SSH is enabled on your server and port 22 is open in your firewall.
Authentication failed: Double-check your username and password. If using a key, make sure you're pasting the private key (not the public key).
Permission denied: Your SSH user needs read access to the WordPress files. On shared hosting, this is usually your cPanel user.
Check Your WordPress Site Security
Free scan, no login required. Find vulnerabilities before attackers do.
Scan Your Site Free