WebTotem Security


WebTotem: Enhance Your WordPress Website Security

WebTotem the Ultimate WordPress Security Plugin for Comprehensive Protection
In today’s digital landscape, safeguarding your WordPress website against a myriad of threats is paramount. WebTotem emerges as a formidable security solution, offering a suite of powerful features designed to protect your website from the ground up. With antivirus scans, firewall protection, SSL certificate monitoring, and port analysis, WebTotem ensures your web space is meticulously guarded. Pushing the envelope further, it incorporates CVE vulnerability scanning to preemptively identify and mitigate potential risks, fortifying your website’s defense mechanism.
WebTotem transforms your website into an impenetrable fortress by integrating additional layers of security such as activity logs, two-factor authentication (2FA), brute force attack prevention, and CAPTCHA functionalities. This not only guarantees uninterrupted operation but also establishes a reliable security framework for your website.

Core Features:

  • Antivirus Protection: Conducts thorough scans of your files for malicious software, hidden shells, and dubious modifications, marking the first step towards a secure website. It’s an intuitive solution for maintaining your site’s integrity.
  • Firewall Defense: Offers real-time safeguarding against SQL injections, XSS, and DOS attacks, ensuring your data remains secure from unwelcome intrusions.
  • SSL Module: Administers continuous monitoring and management of your site’s SSL certificates, protecting data transmission round the clock.
  • Port Scanner: Employs meticulous analysis to identify open ports, blocking unauthorized access and neutralizing potential threats.
  • Open Path Scanner: Proactively searches and reviews accessible paths to files and directories, closing off avenues for attacks.
  • Reputation Module: Vigilantly monitors and alerts you about any blacklisting issues, safeguarding your site’s online reputation and visibility.
  • Accessibility Module: Keeps a close watch on site availability and page response times, ensuring optimal performance and a seamless user experience.
  • Technology Scanner: Accurately identifies your site’s technology stack and its versions, aiding in keeping your systems up-to-date.

Highlight Features:

  • Vulnerability Scanner: A cornerstone feature that scans for known vulnerabilities within the Common Vulnerabilities and Exposures (CVE) database, enabling swift remediation to boost your site’s security.
  • Server Resource Module: Provides crucial insights into RAM and CPU usage, along with disk space analytics, facilitating efficient resource utilization for enhanced site performance.
  • Activity Log: An essential tool for monitoring site changes and activities, offering a comprehensive event timeline for enhanced security oversight and swift incident response.

Enhanced Security Measures:

  • Two-Factor Authentication (2FA): Elevates security by requiring a second form of verification, seamlessly integrated within your CMS to protect administrative access.
  • CAPTCHA Integration: A versatile tool against spam bots and automated attacks, offering customizable CAPTCHA deployment to safeguard your forms from unwarranted submissions.
  • Brute-Force Protection: Actively combats password guessing attempts, employing proactive measures to prevent unauthorized access to your accounts.
  • Security Level Assessment (Scoring): Offers a detailed security evaluation based on an innovative methodology, pinpointing improvement areas with strategic recommendations to fortify your website’s security stance.
  • Vulnerability Remediation Advice: Goes beyond detection by providing actionable, detailed guidance for addressing vulnerabilities, enhancing your website’s resilience against threats.

WebTotem stands as a comprehensive security plugin, expertly crafted to enhance your WordPress site’s defenses. By adopting WebTotem, you not only protect your site from current threats but also strengthen its overall security architecture, ensuring a safe and robust online presence.

Imagens de tela

  • Dashboard – Shows statistics for all modules.
  • Firewall – Shows firewall activity, attacks map.
  • Antivirus – Shows antivirus and quarantine logs.
  • Settings – Offers multiple settings to configure the functionality of the plugin.
  • Reports – Offers multiple tools to create reports.


Installing the WebTotem security plugin is very simple. Detailed description of the process with screenshots is available here , however below we give a short instruction.

To install WebTotem Security:

  1. Go to the “Plugins” page and then select “Add New”,
  2. Search for our plugin using the name “WebTotem Security”,
  3. Once you have installed the plugin, you need to activate it. Go to the “Installed Plugins” page and click on the “Activate” button,
  4. Go to the WebTotem and Generate an API-key on the “API-keys” page,
  5. Use the API-key to activate plugin in the WordPress admin panel on the “WebTotem Security” page.

Visit the Support Forum to ask questions, report bugs or suggest new features.


More information on the WebTotem Security plugin can be found in our Help Center.


Why can’t I activate WordPress plugin with API-Keys?
It is required to copy API-Key immediately after it has been generated. Since we don’t store API-Keys with authentic namings for the sake of security issues. If you did not copy it from generation window, we recommend you to delete it, generate a new one again and copy it with original naming.


Why doesn’t firewall block the attacks?
After installation the firewall is undergoing training for two weeks, analyzing the operation of the system and all requests. Upon completion of the training, the firewall will start to block attacks. If after two weeks after installation the firewall does not block attacks, then contact support.

Does GDN send my data to other WebTotem clients?
Thanks for the question. You don’t have to worry about your personal data. GDN option shares data collected between your websites and does not share it with other WebTotem clients.


How does antivirus work?
Our antivirus scans every 6 hours and scans automatically each time the filesystem changes. In other words, if you upload a new file to your website our antivirus scans it immediately. There is also an option to start manual scanning by clicking the rescan button in the right top of the module. Manual scanning shows the same results if no changes to filesystem has occured since the last automatic scanning.

How do I delete an infected file?
It is impossible to completely delete a file marked as infected by an antivirus using our service. This can be a vital file for your website. You can quarantine this file. To do this, select the site you need in your personal account. Go to the antivirus module, click the “SHOW MORE” button, configure the filter for infected files and click the “trash bin” icon next to the file name.


14 de Janeiro, 2023
Este plugin era malisimo, pero ha mejorado bastante Continúa teniendo problemas, es lento para mi gusto Pero me gusta, funciona
22 de Dezembro, 2021
I have two websites that run through Cloudflare/Ezoic and while support has been very nice coming back almost daily to try to resolve my issue. It appears that they simply can’t install their software on my websites. It’s shame. I got it to install on another website no problem but after over a month and many emails it appears there is no hope. They’ve logged on to my website more than twenty times to solve the issue and after a month there is still no way to resolve it. Had hope for this but I can see now this might not be the solution. I would rework your install process because obviously it’s not as good as other plugins which don’t require this much work around to try to get it to work. If they ever resolve my issues I will update the score to reflect that but right now I do not recommend.
14 de Novembro, 2021
WebTotem Security is an easy to use antivirus and firewall tool that is connected to the cloud to prevent hacking and attacks on a website. WebTotem support staff is fast and very nice. I have been using WebTotem for about six months now, and the WebTotem team has been very helpful in assisting me with any issues that I have had.
16 de Abril, 2021 1 reply
I purchased this plugin and really wanted to like it. Unfortunately it’s not been anywhere near as good as promised, and am now removing it from all my sites. The plugin shows lots of promise but missing some really key features – such as the ability to whitelist yourself. Have to contact customer support to do that. It’s also missing key features to make WordPress specifically more secure – and is a more generic kind of solution. All that said, the customer support team is superb. There’s lots of scope to grow. Hopefully the product matures into what it should be capable of being, as it could be a terrific addition to securing WordPress websites.
19 de Março, 2021
mon site qui était plein de virus il a été complètement nettoyer et protège ce plugin et super! si facile et puissant! je le recommande à tout propriétaire de site Web
6 de Março, 2021
I use it on all my sites very good protection which uses very few resources very easy to use you activate and it works by itself in addition we can protect any site that uses php or wp without plugin the plugin allows to see the dashboard in WordPress and it is easier to install the WAF and formidably efficient the one that security is a concern I recommend him to try
Leia todas as 12 avaliações

Contribuidores e desenvolvedores

“WebTotem Security” é um software com código aberto. As seguintes pessoas contribuíram para este plugin.


“WebTotem Security” foi traduzido para 1 localidade. Obrigado aos tradutores por suas contribuições.

Traduzir “WebTotem Security” para o seu idioma.

Interessado no desenvolvimento?

Navegue pelo código, dê uma olhada no repositório SVN ou assine o registro de desenvolvimento via RSS.

Registro de alterações


  • Added Plugin Checks for CVEs
  • Added anti-user enumeration
  • Internal improvements


  • Fixed the issue that occurred when adding a site.
  • Internal improvements


  • Fixed login attempts issue
  • Internal improvements


  • Feedback user issue has been fixed
  • Internal improvements


  • The api-key entry page has been fixed
  • Internal improvements


  • Added forceCheck buttons
  • Fixed AV data request
  • Internal improvements


  • Fixed some errors WP scan
  • Added user feedback popup


  • The Open Path Scanner module has been added
  • The Port Scanner and SSL modules have been changed
  • Availability and deface modules have been removed


  • The logic has been changed, now when the plugin is removed, the AV and WAF agents are not deleted
  • Fixed styles for mobile devices


  • Fixed an issue with blocking custom administrator roles
  • WP scan improvements


  • Fixed some errors in multisite
  • Internal improvements


  • Added the Confidential files section on the WP scan page
  • Added support for different domains in multisite mode
  • Added the rescan button to the WP scan page
  • Fixed errors caused by the absence of the wtotem_audit_logs table in the database
  • Changed the maximum value to 10000 for the DOS limits parameter
  • Internal improvements


  • Added the setting blocking countries
  • Added WP scan page: Log of user actions. Logs on found links, scripts and iframes


  • Added pop-up notification
  • Added 2FA to all users
  • Fixed an error saving settings without installed agents


  • Fixed the cause of php warnings
  • Fixed conflict with Google Authenticator
  • Fixed errors in styles
  • Internal improvements


  • Added firewall log report
  • Added login attempts
  • Added password reset attempts
  • Added Determining the environment by the API-key


  • Fixed ajax error


  • Added Two-factor authorization
  • Added reCAPTCHA for authorization
  • Added the option to Hide the WP version
  • Added API Data Caching
  • Fixed a bug when switching to a multisite


  • Fixed the problem of reinstalling agents when updating.


  • Fixed a bug when upgrading from older versions.


  • Fixed issues with switching to a multisite


  • Session data storage has been changed


  • Fixed an issue related to using the function str_contains


  • Internal improvements


  • Fixed session errors


  • Internal improvements


  • Fixed styles issue


  • Fixed multisite page view


  • Added multisite support
  • All settings have been moved to the settings page
  • Internal improvements


  • Change title for request counter on WAF blocks
  • Fixed adding domains


  • Fixed adding IDN domains


  • Fixed page reload issue


  • Fixed a problem with viewing AV logs


  • Added URL white list
  • Fixed the issue of time zone


  • Added port ignore list
  • Added the ability to send IP addresses by list
  • Added notifications settings


  • Fixed the issue of reinstalling agents


  • Fixed styles


  • Added antivirus last scan time


  • Fixed an issue with API key authorization


  • Fixed the issue of deleting agent files


  • Fixed redirects issue


  • Fixed the authorization issue


  • Changed the translation algorithm
  • Added ru-Ru language


  • Fixed logout bug


  • Fixed waf training period


  • Changed display of data


  • Fixed file filter by status
  • Updated agents statuses


  • Fixed styles dark mode
  • Logic changed, agents are removed when logout


  • Updated plugin information
  • Updated screenshots


  • Fixed the issue of deactivating the plugin


  • Fixed the issue of adding a file to the quarantine


  • Added analytics system


  • Added Firewall advanced options allow/deny list


  • Fixed conflict with some plugins
  • Fixed session errors in the “site health” section


  • Added antivirus permission changed filter
  • Added download antivirus log
  • Added antivirus rescan
  • Fixed plugin deactivation bug
  • Fixed the issue of adding sites with www


  • Added report page
  • Limit login attempt option
  • Added file quarantine
  • Added Server resources module


  • Added settings page
  • Fixed data display error
  • Added dark mode
  • Added attacks map view


  • Disable waf in admin page