WP AutoShield®: One-Click WordPress Security from cPFence: Page 20 - Enhance Control Panel

WP AutoShield®: One-Click WordPress Security from cPFence

cPFence

This won’t cut it for other web servers (Apache, NGINX, LSWS), which require different implementation methods. That’s where things get complex.

Kosta

cPFence all this with the security headers should be developed from Enhance under Security tab.
And the routine LS cashe clearing should be developed by Enhance too, somewhere under server settings tab.
Nice work anyway

leonardo

cPFence Daily LiteSpeed cache clearing:
Automatically clears LiteSpeed cache daily to prevent layout issues from stale CSS or JS.
(This feature is off by default; set autoshield_clear_litespeed_cache in WebUI → System Settings to “on”.)

Is there any other way to do this without using WebUI?

cPFence

leonardo

This new feature lets you schedule daily LiteSpeed cache clearing automatically. Just set autoshield_clear_litespeed_cache to on through the config file or the WebUI and you're good to go.

If you'd rather clear it manually for specific websites or servers, head to:

WebUI > Tools & Utilities > WP-AutoShield Bulk Tools > Clear LiteSpeed Cache

From there, you can target a single site, a specific server, or even the entire cluster in one go.

If you prefer using the CLI, you can run:

cpfence --bulk-clear-litespeed-cache

cPFence

Version 3.3.61 (10th June 2025)

Added

New! Integrity Auto-Repair: The new self-healing shield for WordPress - Read More Here
The Integrity Check module now supports auto-repair of infected or modified WordPress core files.
When Auto File Action is enabled, cPFence will:
- Auto quarantine suspicious files
- Restore the original clean core files instantly
- Prevent downtime caused by core file tampering
  This makes your WordPress installations virtually bulletproof.
  Highly recommended: Turn this feature on via:
  
  WebUI → Threat & Malware Detection → Integrity Auto-Repair On

Improved

Added PHP 5.6 compatibility in WP-AutoShield module for legacy WordPress installations

Fixed

Resolved a WebUI issue related to displaying WordPress website IDs correctly

deydod

Hi cPFence

I've enabled auto-repair function and decided to test it out. I've renamed a file from wp-includes folder to another name. Now the wordpress is crashed and. Its been 10 min and site is still not available.
Maybe I don't understand the functionality fully, but isn't it supposed to:
1) delete the odd file
2) download the original file from trusted host.

Also does the feature detects the wp version and download the required file for that version?

8Dweb

cPFence go Joomla... 😉

cPFence

deydod

Hi,

The integrity check runs once every 24 hours by default, but you can change that to hourly by running:

cpfence --set-check-frequency hourly

If you want to trigger a manual scan right away, use:

/opt/cpfence/app/cpfagent

And yes, it detects the correct WordPress version automatically and covers supported core files , including root files and subdirectories like wp-admin and wp-includes, as well as key files commonly used in hacks like index.php, load.php and others.

Kosta

cPFence integrity check once 24h yes, but if some core file gets infected with bad code - it will be immediately quarantined and replaced with clean one correct?

cPFence

Kosta

Any infection will be immediately quarantined by the malware real-time protection, but this module doesn’t do file replacement.

Some bad actors use clean-looking code (like a standard redirect) to perform malicious actions. These might bypass malware detection, and that’s where the checksum integrity check steps in. It adds another layer of defense to help keep your WordPress site bulletproof.

Kosta

cPFence
Would we get notifications when WP core files gets infected or modified when Auto repair module is enabled?

The Integrity Check module now supports auto-repair of infected or modified WordPress core files.
When Auto File Action is enabled,

cPFence

Kosta

Yes, you’ll get an instant email with a detailed log file attached, and the original file will be saved in the quarantine folder for manual review. If Slack notifications are enabled, you’ll also receive an alert on your phone.

We highly recommend enabling integrity auto-repair — it’s nearly impossible for any hacker to bypass checksum verification. Even a single character change from the original WordPress core files will be flagged.

webdig

cPFence

Hi, and thank you very much for the great work on WP-AutoShield and CPfence.

I understand the difficulty in applying security headers across different web server types. However, I noticed that some WordPress plugins, like Headers Security Advanced & HSTS WP, apply these headers via PHP (using the header() function and checking headers_sent()).

This method works regardless of the web server used (Nginx, Apache, LiteSpeed, etc.).

Would it be possible to implement something similar in a more general way, so it could apply to all sites? It wouldn’t require server-specific logic and would still offer an additional layer of security at the PHP level.

Once again, thank you for your continued improvements — WP-AutoShield is already an excellent tool!

cPFence

webdig

You are welcome and thank you for the suggestion and feedback.

Adding security headers via PHP is indeed simple when you're working with a specific script or app, takes just a few lines. But doing this automatically across all sites is tricky. You’d need to detect what app or framework each site is using, understand how it handles headers, and inject the right logic without breaking anything. That’s not really feasible for a general server-wide solution.

deydod

Hi @cPFence
I had Integrity Auto-Repair ON for a day and I believe I've found a small bug. Integrity checks recover 2 plugins - Hello Dolly and Akismet. Since I don't want those to be recovered is there a way to skip that?

cPFence

deydod

Please update to version 3.3.63 released today, this behavior has been improved and should no longer occur.

« Previous Page