Vulnity Security

Vulnity Security brings enterprise-grade threat detection to WordPress. It connects your site to Vulnity’s SIEM platform, correlates events, and alerts you before issues become incidents.

Features

• Real-time security event collection and forwarding to Vulnity SIEM.
• Dashboard widgets that highlight critical findings and remediation steps.
• Scheduled security scans for core files, plugins, and themes.
• Centralized logging compatible with major SOC workflows.

Integration Requirements

To receive alerts, configure an API token and endpoint URL provided by your Vulnity SIEM account. Detailed configuration instructions are displayed after activating the plugin under Vulnity > Settings.

External Services

This plugin connects to Vulnity’s external API hosted on Supabase Edge Functions (domain: euxnoekqasvzwfcbybkg.supabase.co, base URL https://euxnoekqasvzwfcbybkg.supabase.co/functions/v1) to power SIEM alerts, inventory sync, and mitigation updates.

• What the service is and what it is used for:
  • Vulnity SIEM API for pairing/unpairing, heartbeat checks, sending alerts, testing connectivity, syncing inventory, and receiving mitigation policies.
• Endpoints used:
  • /pair-plugin, /unpair-plugin (pairing and disconnecting the site).
  • /heartbeat (periodic health check).
  • /connection-test (manual connection test).
  • /scan-site-info (inventory sync).
  • /generic-alert, /brute-force-alert, /file-security-alert, /manage-user, /user-management-alert, /permission-change-alert, /file-editor-alert, /plugin-change-alert, /theme-change-alert, /core-update-alert, /suspicious-query-alert, /scanner-detected-alert (security alerts).
  • /mitigation-config, /mitigation-update (mitigation policy sync and block/unblock updates).
• What data is sent and when:
  • Pairing/unpairing: site ID, pair code, plugin/WordPress/PHP versions, and timestamp when pairing or disconnecting occurs.
  • Heartbeat: site ID, URLs, site metadata (name, language, timezone, theme), and runtime info (plugin/WordPress/PHP versions, latency) on a scheduled interval.
  • Alerts: site ID, alert type/severity, timestamps, and event details (such as IP address, user/action metadata, or file change context) whenever a security event is detected.
  • Inventory sync: site inventory details (installed plugins/themes/core metadata) when inventory sync runs.
  • Mitigation: site ID, block/unblock actions, IP address, reason, duration, and rule metadata when mitigation rules are synced or enforcement actions occur.
• Why the data is sent:
  • To associate the site with your Vulnity account, deliver security alerts to the SIEM, validate connectivity, synchronize inventory and mitigation policies, and keep firewall enforcement consistent.
• Policies: See the Vulnity Terms of Service and Privacy Policy for details on how data is handled.

License

This plugin is licensed under the GNU General Public License v2.0 or later. You are free to redistribute and/or modify it under the terms of the GPL as published by the Free Software Foundation. The complete license text is included in the bundled license.txt file and is also available online at https://www.gnu.org/licenses/gpl-2.0.html.