๐Ÿ›ก๏ธTrustedWeb
Free scan โ†’

Changelog

Updated Apr 4, 2026

Changelog

Track updates to the TrustedWeb platform, scanner engine, agent plugin, and dashboard.

v1.0.0 โ€” April 4, 2026 (Initial Release)

TrustedWeb Scanner (Server)

  • External scan engine with 6 modules: SSL/HTTPS, Security Headers, CMS Detection, Plugin/Theme Enumeration, Blacklist/Reputation, Trust Score
  • 33 malware signatures (10 basic + 15 advanced + 8 developer tier)
  • Server-side analyzer โ€” all intelligence runs on our server, not in the plugin
  • 4-tier badge system: Scanned (grey), Secure (blue), Verified (gold), Platinum (purple)
  • SVG badge generator with embed script (badge.js)
  • Email reports โ€” HTML security summary sent after each scan
  • Agent REST API โ€” 7 endpoints for agent communication

TrustedWeb Agent (WordPress Plugin)

  • Thin client architecture โ€” collects data, sends to server, executes commands
  • File inventory collector โ€” hashes, sizes, permissions (no file contents sent)
  • Database summary collector โ€” table list, admin users, suspicious options, cron jobs
  • 12 auto-fix types: disable XML-RPC, fix permissions, security headers, block PHP in uploads, remove readme.html, hide WP version, disable file editing, force HTTPS, quarantine malware, demote rogue admins, update plugins, remove PHP in uploads
  • Quarantine system โ€” backup + remove malware files with restore capability
  • WordPress core integrity โ€” checksum verification + restore from official source
  • Daily cron scan โ€” automatic data collection and server reporting

WooCommerce Deep Scan (Add-on)

  • 16 file scan patterns: credit card skimmers, fake Stripe/PayPal redirects, checkout JS injection, obfuscated scripts, payment gateway hook tampering, cURL data exfiltration
  • 6 database patterns: script/eval/base64/iframe in wp_options, woocommerce_sessions, postmeta
  • 9 known vulnerable WC plugins with CVE tracking
  • Payment gateway analysis โ€” flag unknown gateways, detect test/sandbox mode in production
  • WC upload directory monitoring โ€” detect PHP files in woocommerce_uploads

Customer Dashboard (cp.trustedweb.site)

  • Custom auth pages: Login, Register, Forgot Password, Reset Password โ€” dark SaaS theme
  • Dashboard overview: stats, sites, badge level, plan info
  • Site management: add/remove domains, trigger scans, view agent status
  • Badge management: preview badges, get embed code per site
  • API keys (Developer/Agency): auto-generated REST API keys
  • Account settings: name, email, password
  • Billing: plan info, add-on purchasing

Security Infrastructure

  • Nginx rate limiting: wp-login (3r/min), REST API (30r/s), general (10r/s)
  • PHP Firewall: auto-ban IP (100 req/min โ†’ 10min, 500 โ†’ 1h, 1000 โ†’ 24h), error flood detection (10 errors/5min โ†’ 30min ban)
  • 4 failover nodes: 1โ€“4.trustedweb.site (API-only, health check, HTTPS)
  • API security: author enumeration blocking, REST user endpoint hiding, version removal, XML-RPC disabled
  • Domain verification: plan-based domain limits, add-on domain counting
  • Sensitive file blocking: .env, .git, wp-config.php, readme.html, xmlrpc.php, .sql, .bak, .log

Plans and Add-ons

  • 5 plans: Free, Basic ($9/mo), Advanced ($29/mo), Developer ($99/mo), Agency ($199/mo)
  • Yearly pricing: 24โ€“28% discount
  • Add-ons: WC Deep Scan ($5/site/mo), Extra Domain ($3/site/mo), Malware Cleanup ($19 one-time), Platinum Badge ($2/site/mo), Domain Packs (+10 for $19, +50 for $69)

Future updates will be listed here as they are released.