Lite Scan Default

Start a free WordPress Lite Scan

Add a one-time read-only SFTP credential and optional FTP log. The free Lite Scan performs focused incident triage; paid Full Scan and Cleanup are separate paths.

Preview a sample report

Scan Flow

What you send and what you get back

Lite scan is public by default

The free Lite Scan is read-only triage for high-risk WordPress paths, core integrity signals, suspicious PHP patterns, and optional FTP log analysis.

Paid paths are separate

Paid Full Scan broadens inspection. Paid Cleanup or Expert Help supports remediation after findings are confirmed.

Receive a bearer report link

Anyone with the bearer status URL can view the result, so keep it with the incident owner.

Scope

Scan limitations

The free Lite Scan does not clean malware and does not confirm that a WordPress site is clean across its complete environment.

No WordPress database scan, including wp_options content

No rogue admin user or malicious cron hook inspection

No complete plugin/theme integrity coverage

No every-file server traversal in Lite mode

No external blacklist status check

No server process or memory-level compromise analysis

Review findings before deleting files. Cleanup is paid or expert-assisted and should be handled carefully, ideally from a clean backup.

Read-only

No writes on the target.

Encrypted

Credentials are purged after terminal scan states.

Optional context

FTP logs may be stored with the request.

Free read-only Lite Scan

Anonymous Scan Request

SFTP credentials are encrypted for scan execution and purged when the scan completes, fails, is cancelled, or is recovered as stale.

Scan Mode

Lite is free and focused. Full Scan is paid and intended for broader file coverage.

Free Lite Scan

Default

Quick read-only triage for high-risk WordPress files/paths, core integrity signals, suspicious PHP patterns, and optional FTP log analysis.

Paid Full Scan

Paid Plan

Broader inspection for paid plans when focused Lite coverage is not enough.

How access works

SiteVault connects to your server over SFTP only for the scan run.

The scan is read-only. SiteVault does not write, edit, or delete files on your server.

Create temporary read-only access where your host allows it, then remove it after the scan.

The SSH host key fingerprint is required so the scanner does not connect to an unexpected server.

Credentials are used for scan execution and then removed after completion, failure, cancellation, or stale scan recovery.

The PDF and result URLs are bearer links. Treat them as sensitive and share them only with the incident owner.

Preview a sample report

Connection Details

Read-only access to the target root path on a public SFTP host. Only ports 22 and 65002 are allowed.

Use temporary read-only SFTP access for this scan.

Create a one-time SFTP user for the WordPress root when your host allows it, then remove or disable it after the scan.

Open temporary SFTP setup guide

Domain

SFTP Host

SFTP Port

SFTP Username

SFTP Password

SSH Host Key Fingerprint

Required. Paste the approved SSH host key fingerprint for this SFTP server. The scan will reject unknown or changed host keys.

How to find and verify the fingerprint

Target Root Path

Scan Context

Optional signals for correlation and anomaly detection.

Expected Admin Countries

Enter ISO country codes where your admins normally access SFTP, for example RS, DE.

FTP Transfer Log

Optional xferlog-style upload for anomaly correlation. Uploaded log content may be stored with this scan request.

After Submit

Bearer result URL

A bearer status link is returned immediately. Anyone with it can view the scan result.

Background execution

The scan starts asynchronously so the request flow stays fast and predictable.

Human Verification

Required before a public scan request can be created.

Read-only request. Credentials are encrypted for execution and purged after completion, failure, cancellation, or stale scan recovery.