{"id":308717,"date":"2026-05-19T14:34:05","date_gmt":"2026-05-19T14:34:05","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/shieldguard\/"},"modified":"2026-05-19T14:31:27","modified_gmt":"2026-05-19T14:31:27","slug":"gogasys-malware-scanner","status":"publish","type":"plugin","link":"https:\/\/cn.wordpress.org\/plugins\/gogasys-malware-scanner\/","author":23493708,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.6","stable_tag":"1.0.6","tested":"6.9.4","requires":"5.6","requires_php":"7.4","requires_plugins":null,"header_name":"Gogasys Malware Scanner","header_author":"Gogasys IT Solutions","header_description":"A production-ready, OOP-based WordPress security plugin featuring WAF, malware scanning, IP\/country blocking, security headers, and a full admin dashboard.","assets_banners_color":"","last_updated":"2026-05-19 14:31:27","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/gogasysitsolutions.com\/gogasys-malware-scanner","header_author_uri":"https:\/\/gogasysitsolutions.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":41,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.6":{"tag":"1.0.6","author":"gogasysitsolutions","date":"2026-05-19 14:31:27"}},"upgrade_notice":[],"ratings":[],"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.6"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"The Gogasys Security Dashboard providing a high-level security overview.","2":"Firewall configuration panel with advanced security toggles.","3":"Detailed incident logs showing blocked threats."}},"plugin_section":[],"plugin_tags":[],"plugin_category":[],"plugin_contributors":[263541],"plugin_business_model":[],"class_list":["post-308717","plugin","type-plugin","status-publish","hentry","plugin_contributors-gogasysitsolutions","plugin_committers-gogasysitsolutions"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/gogasys-malware-scanner.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"<!--section=description-->\n<p>Gogasys Malware Scanner is a comprehensive security solution for WordPress, built from the ground up to be lightweight, secure, and fully compliant with WordPress coding standards.<\/p>\n\n<p><strong>Key Features:<\/strong><\/p>\n\n<ul>\n<li><strong>Web Application Firewall (WAF):<\/strong> Real-time inspection of GET, POST, and FILES requests to block SQL injection, XSS, and more.<\/li>\n<li><strong>Malware Scanner:<\/strong> Detects malicious file patterns and monitors WordPress core file integrity using official checksums.<\/li>\n<li><strong>IP &amp; Country Blocking:<\/strong> Easily block specific IP addresses or entire countries using GeoIP detection.<\/li>\n<li><strong>Security Headers:<\/strong> One-click configuration for XSS Protection, CSP, HSTS, and more.<\/li>\n<li><strong>Scheduled Scans:<\/strong> Automated scanning powered by WP-Cron. <strong>Note: This feature is OFF by default and requires explicit user consent to enable.<\/strong><\/li>\n<li><strong>Incident Logging:<\/strong> Detailed logs of all blocked threats and suspicious activities.<\/li>\n<li><strong>Admin Notifications:<\/strong> Get notified via email immediately when threats are detected.<\/li>\n<\/ul>\n\n<h3>External services<\/h3>\n\n<p>Gogasys Malware Scanner connects to the following third-party services to provide core security features:<\/p>\n\n<ol>\n<li><p><strong>api.wordpress.org<\/strong>: Used by the Malware Scanner to fetch official WordPress core file checksums. This allows the plugin to verify the integrity of your WordPress installation and detect unauthorized file modifications.<\/p>\n\n<ul>\n<li><strong>Data Sent:<\/strong> WordPress version and site locale.<\/li>\n<li><strong>Service Provider:<\/strong> WordPress.org (Privacy Policy: <a href=\"https:\/\/wordpress.org\/about\/privacy\/\">https:\/\/wordpress.org\/about\/privacy\/<\/a>)<\/li>\n<\/ul><\/li>\n<li><p><strong>ip-api.com<\/strong>: Used for GeoIP-based country blocking. When the <em>Country Blocking (GeoIP)<\/em> feature is <strong>explicitly enabled<\/strong> by the site administrator, visitor IP addresses are sent to ip-api.com to determine the country of origin. <strong>This feature is disabled by default.<\/strong> No IP data is sent unless the administrator opts in. IP addresses are not stored by this plugin.<\/p>\n\n<ul>\n<li><strong>Data Sent:<\/strong> Visitor IP address (only when the GeoIP feature is enabled by the admin).<\/li>\n<li><strong>Service Provider:<\/strong> Artia International S.R.L. (Terms and Privacy: <a href=\"https:\/\/ip-api.com\/docs\/legal\">https:\/\/ip-api.com\/docs\/legal<\/a>)<\/li>\n<\/ul><\/li>\n<\/ol>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>gogasys-malware-scanner<\/code> folder to the <code>\/wp-content\/plugins\/<\/code> directory.<\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress.<\/li>\n<li>Navigate to the 'Gogasys Security' menu in your dashboard to configure settings.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20plugin%20include%20a%20firewall%3F\"><h3>Does this plugin include a firewall?<\/h3><\/dt>\n<dd><p>Yes, it includes a real-time Web Application Firewall (WAF) that inspects every request.<\/p><\/dd>\n<dt id=\"how%20does%20the%20malware%20scanner%20work%3F\"><h3>How does the malware scanner work?<\/h3><\/dt>\n<dd><p>It compares your WordPress core files against official checksums and scans the <code>wp-content<\/code> directory for known malicious PHP patterns.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.6<\/h4>\n\n<ul>\n<li>Security: Gated all ip-api.com GeoIP lookups behind an explicit admin opt-in toggle (<code>gogasys_ms_enable_geoip<\/code>). The plugin no longer contacts external services without administrator consent, complying with WordPress.org Plugin Directory Guidelines.<\/li>\n<li>Privacy: Added <code>wp_add_privacy_policy_content()<\/code> integration so site owners can include GeoIP data-handling details in their Privacy Policy.<\/li>\n<li>Path Handling: Replaced hardcoded <code>WP_CONTENT_DIR<\/code> with <code>wp_upload_dir()<\/code> for the quarantine directory, ensuring compatibility with non-standard WordPress installs.<\/li>\n<li>Security: Replaced the disallowed <code>define('DISALLOW_UNFILTERED_HTML', true)<\/code> with a <code>map_meta_cap<\/code> filter, which is the WordPress-approved pattern for restricting the <code>unfiltered_html<\/code> capability.<\/li>\n<li>Bug Fix (Critical): Fixed fatal PHP error in quarantine action \u2014 <code>GOGASYS_MS_QUARANTINE_DIR<\/code> constant reference replaced with the correct <code>gogasys_ms_quarantine_dir()<\/code> function call throughout <code>class-scanner.php<\/code>.<\/li>\n<li>Bug Fix: Fixed admin asset enqueue logic \u2014 CSS\/JS now loads on all plugin subpages (Firewall, Scanner, Logs, IP Blocker, Headers, Notifications), not only the main dashboard.<\/li>\n<li>Compliance: Removed <code>Network: true<\/code> from plugin header (plugin does not require network activation).<\/li>\n<li>Compliance: Updated <code>Author<\/code> header field to a proper display name per WordPress Plugin Directory guidelines.<\/li>\n<li>Compliance: Updated <code>Plugin URI<\/code> to a clean URL without <code>.html<\/code> extension.<\/li>\n<li>Settings API: Registered <code>gogasys_ms_enable_geoip<\/code>, <code>gogasys_ms_blocked_countries<\/code>, and <code>gogasys_ms_block_attack_countries<\/code> via <code>register_setting()<\/code> for proper sanitization.<\/li>\n<li>Added <code>gogasys_ms_sanitize_country_array()<\/code> sanitize callback for country code option storage.<\/li>\n<li>UI: Added a prominent opt-in notice to the IP &amp; Country Management settings page explaining that ip-api.com is an external service.<\/li>\n<li>Uninstall: Added all <code>gogasys_ms_header_*<\/code> options, <code>gogasys_ms_attack_countries<\/code>, and removed duplicate entries from uninstall cleanup list \u2014 ensures no orphaned data remains after plugin deletion.<\/li>\n<\/ul>\n\n<h4>1.0.5<\/h4>\n\n<ul>\n<li>Fix: Resolved PHP syntax error by renaming invalid namespace (<code>Gogasys Malware Scanner<\/code>) to <code>GogasysMalwareScanner<\/code> across all files to comply with WordPress.org coding standards.<\/li>\n<\/ul>\n\n<h4>1.0.4<\/h4>\n\n<ul>\n<li>Renamed plugin to Gogasys Malware Scanner for compliance with directory guidelines.<\/li>\n<li>Fully refactored codebase to synchronize namespaces, constants, and options with the new identity.<\/li>\n<\/ul>\n\n<h4>1.0.3<\/h4>\n\n<ul>\n<li>Resolved granular Plugin Check security warnings for unescaped DB parameters.<\/li>\n<li>Optimized database queries with unified suppressions.<\/li>\n<\/ul>\n\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Finalized database compliance by using literal SQL fragments for ordering.<\/li>\n<li>Improved cache invalidation on data updates.<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Improved database query compliance for WordPress.org submission.<\/li>\n<li>Implemented full object caching for database results.<\/li>\n<li>Prefixed all global variables in admin views.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<\/ul>","raw_excerpt":"Gogasys Malware Scanner is a production-ready WordPress security plugin featuring WAF, malware scanning, IP blocking, and security headers in a full d &hellip;","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/308717","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=308717"}],"author":[{"embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/gogasysitsolutions"}],"wp:attachment":[{"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=308717"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=308717"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=308717"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=308717"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=308717"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=308717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}