Aipatch Security Scanner
Aipatch Security Scanner is a modular security audit engine built for site owners, developers, and AI-powered agents who need deep visibility into WordPress security posture — without the bloat of all-in-one security suites. Why Aipatch Security Scanner? Most WordPress security plugins are either too simple to be useful or too heavy to be practical. Aipatch takes a different approach: Audit-first architecture. Every check is a standalone, testable module that returns structured findings with severity, confidence, evidence, and fingerprints. Built for automation. 23 MCP abilities expose the full audit, scanning, and remediation surface to external AI agents — making Aipatch the first WordPress security plugin designed for agentic workflows. Zero external dependencies. Everything runs locally. No accounts, no cloud services, no API keys required. Reversible by design. Every automated remediation stores rollback data so you can undo any change with one click. Core Capabilities 36-Point Security Audit Aipatch runs 36 automated checks across 8 categories — core, plugins, themes, users, configuration, server, access control, and malware surface: Outdated WordPress core, plugins, and themes Default admin username, excessive admin accounts, inactive admin users, user ID 1 exposure XML-RPC, file editor, debug mode, debug log, REST API exposure, directory listing PHP version, HTTPS, file permissions, security headers (X-Frame-Options, CSP, etc.) Database prefix, sensitive files, PHP execution in uploads, auto-update configuration Salt key strength, cron health, cookie security flags, CORS, application passwords Exposed backup files, phpinfo files, uploads directory indexing, default login URL Database credential security, file installation permissions Every finding includes a severity (critical / high / medium / low / info), confidence score, human-readable explanation, and actionable recommendation. Weighted Security Score (0–100) A logarithmic scoring engine computes an overall security score and per-area breakdown across six risk dimensions: software, access control, configuration, infrastructure, malware surface, and vulnerability exposure. Severity weights and confidence multipliers ensure the score reflects actual risk, not just issue count. Multi-Layer Malware File Scanner A three-layer file scanner (content 55%, context 25%, integrity 20%) with 27 detection signatures, Shannon entropy analysis, and malware family classification detects: Code execution patterns: eval(), assert(), create_function(), preg_replace /e System command functions: shell_exec, exec, passthru, backtick operators Obfuscation techniques: base64 encoding, hex encoding, str_rot13, gzinflate chains, chr() concatenation, variable variables, suspiciously long lines Network/exfiltration: cURL execution, fsockopen, remote file_get_contents Known backdoor signatures: c99, r57, WSO, b374k, weevely, FilesMan WordPress-specific threats: unauthorized admin creation, critical option injection, security function removal Scanning runs in batches via an async job system with configurable batch sizes — safe for shared hosting. Files are classified into 11 malware families (web shell, obfuscated loader, dropper, persistence backdoor, cloaked PHP, code injector, and more) with confidence scores and remediation hints. WordPress Core Integrity Verification Verifies every core file against official checksums from api.wordpress.org. Detects modified core files (checksum mismatch), missing core files, and unexpected files planted in wp-admin/ or wp-includes/. Core tampering findings are automatically escalated to critical severity with zero false-positive likelihood. File Integrity Baseline Build a known-good hash baseline of all PHP files in your installation. Diff against it at any time to detect modified, deleted, or newly added files. Origin detection distinguishes core, plugin, theme, and upload files. Vulnerability Intelligence A local knowledge base of known plugin, theme, and core vulnerabilities with a database-backed caching layer for fast lookups. Provider architecture allows extending with external feeds. One-Click Remediation with Rollback Apply fixes directly from findings — change WordPress options, delete suspicious files, rename files, patch file contents, or add .htaccess rules. Every automated action stores a full rollback payload so you can reverse any change. Manual remediations can be logged for audit trails. Six supported action types: wp_option, delete_file, rename_file, file_patch, htaccess_rule, manual. Hardening Module Five toggleable hardening rules with clear explanations and compatibility warnings: Disable XML-RPC — blocks external XML-RPC requests and removes X-Pingback header Hide WordPress Version — removes version leaks from source, RSS feeds, scripts, and styles Restrict REST API — limits sensitive endpoints to authenticated users Block Author Scanning — prevents user enumeration via author archives Login Brute-Force Protection — rate-limits login attempts per IP with configurable thresholds and lockout duration Persistent Findings Store All audit findings persist in a dedicated database table with automatic deduplication by fingerprint. Track findings over time — dismissed findings stay dismissed across scans; resolved findings reopen if the issue reappears. Security Event Logging Every scan, hardening change, remediation, and significant event is logged to a dedicated table. Logs are filterable by severity and exportable as CSV. WordPress Site Health Integration Adds 6 security tests to the built-in Site Health screen: file editor, debug mode, XML-RPC, admin username, SSL, and overall security score. Performance Diagnostics Built-in performance profiling to identify slow queries, high memory usage, and resource bottlenecks related to security operations. REST API 10 authenticated endpoints under the aipatch-security-scanner/v1 namespace for triggering scans, retrieving summaries, toggling hardening, exporting logs, and running performance diagnostics. MCP Surface for AI Agents (23 Abilities) Aipatch exposes 23 structured abilities via the WordPress Abilities API — making your site’s security surface fully accessible to external AI agents, coding assistants, and orchestration tools: By default, only aipatch/audit-site is enabled. You can enable additional abilities from Aipatch Security Scanner -> Settings -> MCP Abilities. Audit & Scanning aipatch/audit-site — Run a full 36-check security audit with scored findings aipatch/audit-suspicious — Quick heuristic scan for suspicious files aipatch/start-file-scan — Launch an async multi-layer malware scan job aipatch/process-file-scan-batch — Process next batch of files in a running scan aipatch/file-scan-progress — Check file scan progress aipatch/file-scan-results — Retrieve enriched scan results with family, reasons, layer scores aipatch/get-scan-summary — Comprehensive latest scan summary with classification breakdown aipatch/list-suspicious-files — List suspicious files from latest scan (no job_id needed) Integrity & Baseline aipatch/verify-core-integrity — Verify WP core files against official api.wordpress.org checksums aipatch/baseline-build — Build or refresh the known-good file hash baseline aipatch/baseline-diff — Compare current filesystem against stored baseline aipatch/baseline-stats — Baseline statistics by origin type aipatch/get-baseline-drift — Combined baseline drift + core integrity report Findings & Monitoring aipatch/list-findings — Query persistent findings with status/severity/category filters aipatch/findings-stats — Aggregate finding statistics aipatch/findings-diff — New and resolved findings since a point in time aipatch/get-file-finding-detail — Single finding with decoded metadata, layer scores, family aipatch/dismiss-finding — Dismiss a finding as accepted risk Remediation aipatch/apply-remediation — Apply a security fix with rollback support aipatch/rollback-remediation — Undo a previously applied fix aipatch/list-remediations — List remediation history with filters Jobs & Status aipatch/list-jobs — List scan/audit jobs with filters aipatch/get-async-job-status — Check async job status and retrieve results 20 abilities are read-only; only 3 (dismiss, apply-remediation, rollback) modify site state. All abilities include typed input/output schemas, permission checks (manage_options), and structured error responses. What Aipatch Does NOT Do It is NOT a firewall or WAF — it does not filter incoming traffic. It does NOT intercept frontend requests or affect page load performance. It does NOT phone home, require an account, or send data externally. It does NOT inject ads, upsells, or nag notices.
Top keywords
- aipatch32×2.78%
- security22×1.91%
- files16×1.39%
- file15×1.30%
- core12×1.04%
- findings12×1.04%
- wordpress11×0.95%
- scan9×0.78%
- abilities8×0.69%
- audit8×0.69%
- api7×0.61%
- baseline7×0.61%