Available Now: Server Edition is ready for deployment on VPS and dedicated servers

The Problem

WordPress security tools detect threats, scan for malware, and block known attack patterns. But every one of these tools runs at the application layer, the same environment an attacker controls once they gain code execution.

When an attacker exploits a plugin vulnerability, compromises admin credentials, or injects malicious code through a supply chain attack, they can:

  • Disable security plugins
  • Modify core WordPress files
  • Inject persistent backdoors
  • Alter configuration files
  • Cover their tracks

Detection tools can only alert you after the damage is done. The Server Edition prevents the damage from happening.

The Solution

The Server Edition uses Linux kernel-level file immutability to make WordPress files unmodifiable. Once files are hardened:

Unmodifiable by Any Process

No process can modify protected files, not even root. The kernel blocks all modification attempts.

No Backdoor Injection

Attackers cannot inject backdoors or alter code. Files are locked at the kernel level.

Kernel Enforcement

Protection is enforced by the kernel, not by application-layer software that can be disabled.

Zero Overhead

Zero performance overhead. Immutability is a filesystem attribute, not a scanning process.

This is not detection. This is prevention at the lowest level of the operating system.

How It Works

1

One-Time Setup

System administrator installs the plugin and runs initial configuration.

2

Delegated Admin

WordPress admins manage hardening through a user-friendly interface. No SSH needed.

3

Harden & Unharden

Click to protect files. Unharden for updates, then re-harden. All operations require MFA.

4

Flexible Protection

Configure which paths to protect and which to exclude based on your needs.

Key Features

Kernel-Level Immutability

Protection enforced by the Linux kernel. Cannot be bypassed by application-layer attacks.

Delegated Administration

System admins set up once, then delegate day-to-day operations to WordPress administrators.

MFA-Protected Operations

Every hardening operation requires multi-factor authentication.

Comprehensive Audit Trail

Every action logged with timestamp, user, IP, and details. Export for compliance audits.

Flexible Inclusion/Exclusion

Protect what matters, allow what needs to change. Configure paths with precision.

Automatic Batching

Large sites with thousands of files handled automatically in intelligent batches.

What It Protects

Protected

  • WordPress core files (wp-admin/, wp-includes/)
  • Configuration files (wp-config.php, .htaccess)
  • Themes and plugins
  • Any file or directory within the WordPress installation

Not Affected

  • Database content (posts, pages, comments)
  • User uploads (excluded by default)
  • Cache files (excluded by default)

Normal content editing works exactly as before. Only file-level changes are controlled.

System Requirements

Server Environment

  • VPS, dedicated server, or cloud instance with root access
  • Ubuntu 20.04/22.04/24.04, Debian 11/12, CentOS 7/8/Stream, RHEL 8/9, or compatible

Filesystem

  • ext4, ext3, ext2, or XFS (covers 95%+ of Linux web servers)
  • NFS, CIFS, and network filesystems are not supported (see Hosting Edition)

WordPress

  • WordPress 5.8 or higher
  • PHP 7.4, 8.0, 8.1, 8.2, or 8.3
  • MySQL 5.7+ or MariaDB 10.3+

Access

  • Root or sudo access required for initial setup only
  • Day-to-day operations require only WordPress administrator access

When to Consider the Hosting Edition Instead

The Server Edition is designed for standalone servers where a single WordPress installation runs on local storage.

For shared hosting, multi-server configurations, NFS storage, managed hosting platforms, or container-based deployments, the Hosting Edition (coming 2026) is the better fit.

Compliance Ready

The Server Edition includes features designed for regulated environments:

SOC2 Type II

  • Logical access controls (MFA, role-based permissions)
  • Privileged access management (delegated administration)
  • Audit logging with export capabilities

PCI-DSS 4.0

  • File integrity verification
  • Alert on unauthorized modification attempts
  • Multi-factor authentication for privileged access

HIPAA

  • Access controls for systems containing ePHI
  • Login monitoring (MFA attempts logged)
  • Audit trail of privileged actions

ISO 27001

  • User access management
  • Privileged access rights controls
  • Logging and monitoring

Get Started

Learn more about kernel-level file protection for WordPress. Read the white paper for the complete technical and business case.

View White Paper Get Server Edition