Title: WebKernelAI Security
Author: Aamir Sahil
Published: <strong>May 3, 2026</strong>
Last modified: July 1, 2026

---

Search plugins

![](https://ps.w.org/webkernelai-security/assets/banner-772x250.png?rev=3570274)

![](https://ps.w.org/webkernelai-security/assets/icon-256x256.png?rev=3521382)

# WebKernelAI Security

 By [Aamir Sahil](https://profiles.wordpress.org/aamirsahil/)

[Download](https://downloads.wordpress.org/plugin/webkernelai-security.1.0.4.zip)

 * [Details](https://ido.wordpress.org/plugins/webkernelai-security/#description)
 * [Reviews](https://ido.wordpress.org/plugins/webkernelai-security/#reviews)
 *  [Installation](https://ido.wordpress.org/plugins/webkernelai-security/#installation)
 * [Development](https://ido.wordpress.org/plugins/webkernelai-security/#developers)

 [Support](https://wordpress.org/support/plugin/webkernelai-security/)

## Description

[WebKernelAI](https://webkernelai.com) is a Technical SEO and Website Security platform.
The WebKernelAI Security plugin securely connects WordPress websites with the WebKernelAI
dashboard for SEO synchronization, security policy management, integrity monitoring,
Web Application Firewall (WAF), and advanced site controls.

Official Website:
 https://webkernelai.com

Security Plugin:
 https://webkernelai.com/plugins/security/

Documentation:
 https://webkernelai.com/docs/security/

WebKernelAI helps developers, businesses, and production websites improve:

 * Technical SEO
 * Website Security
 * Web Application Firewall (WAF) rule filters
 * Crawl Intelligence
 * JavaScript Vulnerability Detection
 * Website Malware Detection
 * Security Header Analysis
 * SEO Metadata Management
 * Content Security Policy (CSP) Management

### Core Features

 * secure token-authenticated REST API endpoints
 * signed request validation using HMAC and Ed25519 asymmetric cryptography
 * WAF Rule Engine for SQL Injection (SQLi), Cross-Site Scripting (XSS), and Local
   File Inclusion (LFI)
 * dynamic security telemetry monitoring & database event logs
 * brute force login lockout protections with auto-reset on successful auth
 * custom login URL slug masking with hybrid cookie & query parameter bypass
 * anonymous user enumeration blocks on user REST endpoints (403 Forbidden)
 * file integrity inventory generation with weighted overview security scoring (
   0-100)
 * centralized SEO metadata synchronization
 * canonical URL synchronization
 * OpenGraph metadata synchronization
 * robots.txt management and subdirectory-safe dynamic XML sitemap generation
 * llms.txt controls
 * advanced Content Security Policy (CSP) management
 * security header management
 * production lock profile support
 * security policy rollback history
 * read-only security overview endpoint
 * integration with WebKernelAI Technical SEO Audit and security analysis tools

### Official WebKernelAI Platform

WebKernelAI provides integrated Technical SEO and Website Security tools for WordPress
websites and modern web applications.

Platform capabilities include:

 * Technical SEO Audit
 * Web Application Firewall (WAF)
 * Crawl Intelligence
 * JavaScript Vulnerability Scanner
 * Website Malware Scanner
 * Security Header Analysis
 * SEO Metadata Synchronization
 * Content Security Policy Management
 * Website Security Monitoring

Official platform:
 https://webkernelai.com

### Security Architecture

WebKernelAI Security includes multiple protection layers:

 * HMAC and Ed25519 request signature verification
 * WAF engine with customizable security rule drops
 * login custom slug protection with 404 response blocks
 * brute force lockout thresholds
 * REST API endpoint restrictions (anonymous user list blocks)
 * nonce replay protection
 * timestamp freshness validation
 * trusted-origin enforcement
 * endpoint-level permission controls
 * rate limiting protections
 * production lock profile
 * rollback-safe policy management

The plugin is designed for secure production environments and centralized security
operations.

### File Integrity Monitoring

The plugin supports secure integrity inventory generation for supported scan modes.

Supported integrity metadata includes:

 * file path
 * SHA-256/MD5 hash
 * file size
 * modification timestamp
 * computed security score indicators (0-100)

Raw file contents are not transmitted during standard integrity operations.

### SEO & Technical Controls

The plugin supports centralized Technical SEO management from the WebKernelAI dashboard.

Supported controls include:

 * meta title synchronization
 * meta description synchronization
 * canonical URL synchronization
 * OpenGraph metadata synchronization
 * robots directives
 * robots.txt management
 * llms.txt management
 * dynamic XML sitemap generation
 * archive indexing controls

### External Services

This plugin connects to WebKernelAI cloud services.

Official platform:
 https://webkernelai.com

Data may be transmitted to:

 * https://webkernelai.com
 * your configured WebKernelAI dashboard/backend endpoint

Data transmitted may include:

 * authenticated API requests
 * integrity inventory metadata
 * SEO synchronization payloads
 * security policy payloads
 * selected configuration settings

Data is transmitted:

 * when connecting a website to WebKernelAI
 * when administrators trigger dashboard operations
 * during scan, synchronization, or policy deployment operations

Terms of Service:
 https://webkernelai.com/terms

Privacy Policy:
 https://webkernelai.com/privacy

## Screenshots

[[

[[

[[

## Installation

 1. Upload the plugin folder to `/wp-content/plugins/`
 2. Activate the plugin through WordPress admin
 3. Open **Settings  WebKernelAI Security**
 4. Generate a secure site token
 5. Connect your website with the WebKernelAI dashboard

## FAQ

### Does the plugin send file contents to WebKernelAI?

No. The plugin sends integrity metadata and hashes only for supported scan modes.

### Can I disable CSP or security headers?

Yes. Security headers and CSP policies can be managed through the WebKernelAI dashboard.

### Can I manually customize CSP rules?

Yes. Advanced CSP editing and enforcement controls are supported.

### Does the plugin support replay attack protection?

Yes. Signed requests include nonce replay protection and timestamp freshness validation.

### Can I roll back security policy changes?

Yes. Security policy versioning supports rollback to previous configurations.

### Does the plugin support Technical SEO workflows?

Yes. The plugin integrates directly with WebKernelAI Technical SEO Audit and metadata
synchronization systems.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“WebKernelAI Security” is open source software. The following people have contributed
to this plugin.

Contributors

 *   [ Aamir Sahil ](https://profiles.wordpress.org/aamirsahil/)

[Translate “WebKernelAI Security” into your language.](https://translate.wordpress.org/projects/wp-plugins/webkernelai-security)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/webkernelai-security/),
check out the [SVN repository](https://plugins.svn.wordpress.org/webkernelai-security/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/webkernelai-security/)
by [RSS](https://plugins.trac.wordpress.org/log/webkernelai-security/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.0.4

 * Added Web Application Firewall (WAF) filter rules (XSS, SQLi, LFI)
 * Added Ed25519 cryptographic signature verification
 * Added Custom Login URL Slug redirect & hybrid cookie/query bypass
 * Added dynamic XML sitemaps (images, video, news) with subdirectory-safe routing
 * Added Redirects Manager (regex, wildcards, 410) & Robots visual compiler
 * Added Schema JSON-LD builder injection engine
 * Added anonymous /wp/v2/users REST API block (403 Forbidden)
 * Added brute-force lockout automatic transient reset on successful login
 * Added integrity scanning overview security scoring (0-100)

#### 1.0.3

 * Added REST route `GET /webkernelai/v1/security-overview`
 * Added improved active theme update detection compatibility

#### 1.0.2

 * Added advanced security mode with HMAC request validation
 * Added nonce replay protection
 * Added trusted-origin validation
 * Added endpoint rate limiting
 * Added production lock profile support
 * Added policy rollback history
 * Added advanced CSP management support

#### 1.0.1

 * Added WordPress.org compliance improvements
 * Added unique option keys
 * Added legacy option migration support

#### 1.0.0

 * Initial public release

## Meta

 *  Version **1.0.4**
 *  Last updated **20 hours ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 6.2 or higher **
 *  Tested up to **7.0**
 *  PHP version ** 7.4 or higher **
 *  Language
 * [English (US)](https://wordpress.org/plugins/webkernelai-security/)
 * Tags
 * [csp](https://ido.wordpress.org/plugins/tags/csp/)[malware scanner](https://ido.wordpress.org/plugins/tags/malware-scanner/)
   [security](https://ido.wordpress.org/plugins/tags/security/)[technical seo](https://ido.wordpress.org/plugins/tags/technical-seo/)
   [wordpress security](https://ido.wordpress.org/plugins/tags/wordpress-security/)
 *  [Advanced View](https://ido.wordpress.org/plugins/webkernelai-security/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/webkernelai-security/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/webkernelai-security/reviews/)

## Contributors

 *   [ Aamir Sahil ](https://profiles.wordpress.org/aamirsahil/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/webkernelai-security/)