Armory Security is the toolkit you reach for when a WordPress site is — or might be — compromised. It captures a SHA-256 integrity baseline, verifies core & plugin checksums, hunts web-shells and obfuscated PHP, and audits the attacker’s favourite hiding spots. Read-only and forensics-first: it tells you what happened before you change anything.
A complete incident-response workflow — not just another scanner that says “you might be infected”.
A SHA-256 inventory of every file, with diff on demand — see exactly what was added, changed or deleted since you were clean.
Verify WordPress core and plugin files against official checksums to pinpoint tampered code instantly.
Signature + heuristic engine that finds web-shells and obfuscated PHP — the eval/base64/POST patterns attackers hide in uploads.
Surface hidden administrator accounts an attacker quietly added to keep their foothold.
Audit malicious REST/AJAX routes, scheduled cron events, mu-plugins and drop-ins used for persistence.
Extract hardcoded command-and-control and outbound domains from suspicious files for your block-list and IOC matching.
See who is logged in, from which IP and device, with a live attack feed of inbound request signatures.
Apply runtime hardening, lock the site down and quarantine suspect files — deliberate, reversible actions you control.
Export a timestamped evidence bundle (ZIP/CSV) — a clean record of findings for your report or your host.
The detection funnel is free forever — baseline, checksums, web-shell hunting, ghost-admin and persistence audits. Premium turns Armory from “what happened?” into “handle it”: continuous monitoring, real-time alerts and court-ready proof.
No agents, no cloud upload of your files. Everything runs inside your WordPress.
Upload the plugin and activate. The detection funnel works immediately — no key required.
Capture a SHA-256 baseline, verify checksums and run the web-shell, ghost-admin and persistence sweeps.
Quarantine, harden and export a timestamped evidence bundle. Upgrade to premium for monitoring and alerts.
The full forensic scanner is free forever. Add Premium response & monitoring for $49/year — upgrade in place from WP Admin any time.
Secure checkout via Stripe · cancel anytime
Compromised right now and need hands-on help? Ask about specialist incident response →
Armory captures evidence and tells you what happened before you touch anything. Hardening, quarantine and lockdown are explicit, deliberate actions you choose to take — never automatic surprises.
Your files are never uploaded to a third party. Analysis happens inside your WordPress.
Timestamped, exportable findings you can hand to your host or your report.
Complements firewalls like Wordfence — it proves and recovers, not just blocks.
The full detection funnel is free. Upgrade for response & monitoring when you’re ready.
Yes — the core forensic scanner is free: the SHA-256 integrity baseline, core/plugin checksum verification, web-shell and obfuscated-PHP hunting, ghost-admin detection and the rest of the detection funnel. Premium adds live response, monitoring and proof features.
No. Armory is forensics-first and read-only by default: it tells you exactly what happened before you change anything. Hardening, quarantine and lockdown are explicit, opt-in actions you trigger yourself.
Yes. Armory is built for the moment a site is — or might be — compromised, complementing a firewall/WAF rather than replacing it. It focuses on proving what changed and recovering evidence, not on blocking traffic.
Premium unlocks the response and monitoring side: scheduled baselines, real-time admin-account and session monitoring, a live attack feed, one-click hardening, quarantine, indicator-of-compromise matching and timestamped evidence bundles.
Premium is $49/year for one site, billed securely through Stripe — cancel anytime. After checkout you get your license key by email instantly; activate it from inside WP Admin under Armory Security → License & Plan.
Capture a clean baseline, know the moment anything changes, and prove what happened. Start free, upgrade to Premium for $49/year when you want monitoring and response.
Get Premium — $49/yr