VistoShield WordPress Plugin
The lightweight open-source WordPress agent that connects your site to the VistoShield cloud dashboard. One plugin, 14 security modules, managed from an EU-hosted cloud platform.
Overview
The VistoShield plugin is a single, lightweight WordPress agent (~150 KB) that connects your site to the VistoShield cloud dashboard hosted in the EU. All 14 security modules are built into this one plugin and managed centrally from the cloud dashboard at app.vistoshield.com.
Key capabilities include:
- Single plugin with 14 built-in security modules — no extra plugins to install
- Cloud dashboard with security score, threat stats, and per-module management
- Local WordPress admin dashboard with module status cards and quick stats
- Real-time live traffic view with filtering and stats
- Enable or disable any module from the cloud dashboard
- Setup wizard for connecting to the cloud dashboard with your API key
- Global settings: notification email, history retention, weekly reports, white-label branding
Installation & Activation
- Install from wordpress.org (Plugins → Add New → search “VistoShield”) or upload the ZIP file via Plugins → Add New → Upload Plugin
- Click Activate next to VistoShield
- The setup wizard launches automatically on first activation to connect your site to the cloud dashboard
Unified Dashboard
VistoShield provides two dashboard views for managing your site security:
WordPress Admin Dashboard
The local Overview tab in your WordPress admin provides a quick snapshot of your security posture:
- Module cards — Each active module displays a card with its status and up to 3 key statistics
- Security score — An overall score based on active protections, configuration, and recent threat activity
- Threats blocked — Aggregated count of blocked requests across all modules
- Inactive modules — Modules not yet enabled show an “Enable” button directly from the dashboard
Cloud Dashboard
The cloud dashboard at app.vistoshield.com gives you full control over all your connected sites from a single interface:
- Manage multiple WordPress sites from one place
- Enable or disable modules across sites
- View aggregated security reports and analytics
- Configure module settings and policies
- Access extended history, advanced analytics, and PDF reports (Pro and Max plans)
Live Traffic View
A real-time request feed showing every visitor to your WordPress site. Available from VistoShield → Live Traffic.
| Feature | Free | Pro | Max |
|---|---|---|---|
| Request history | Last 100 requests | Last 5,000+ requests | Last 5,000+ requests |
| Stats | Requests today, blocked, bots, unique IPs | ||
| Filters | All, Humans, Bots, Blocked | ||
Each request row shows: HTTP method, URI, IP address, response status code, visitor type (human/bot), and which module blocked it (if applicable).
Module Manager
All 14 security modules are built into the VistoShield plugin and can be enabled or disabled from the cloud dashboard. The Modules tab shows:
- Status — Enabled or Disabled for each module
- Module description — What each module protects against
- Action buttons — Open settings (if enabled) or Enable (if disabled)
The 14 modules included are: Firewall & WAF, Security Scanner, Bot Detector, Login Guard, Activity Log, Password Policy, API Security, Vulnerability Patcher, Incident Response, CDN Connector, DNS Monitor, and the Core dashboard itself.
Setup Wizard
A guided onboarding wizard that runs on first activation to connect your site to the VistoShield cloud dashboard:
- Welcome — Introduction to VistoShield and the cloud-connected architecture
- Cloud Connection — Enter your API key from the cloud dashboard at app.vistoshield.com to link your site
- Module Selection — Choose which security modules to enable for this site
- Quick Settings — Configure essential options for the enabled modules
- Dashboard Tour — Guided walkthrough of both the local and cloud dashboards
Settings
Global settings available from VistoShield → Settings:
| Setting | Free | Pro | Max |
|---|---|---|---|
| Notification email | Any email address | ||
| Event history retention | 3 days | 14 days | 30 days |
| Weekly security report | Toggle on/off | ||
| White-label branding | — | — | Custom name, logo, accent color, URL |
Max plan only: White-label branding settings — custom name, logo, accent color, and URL. All VistoShield UI references are replaced with your brand.
License & Plans
VistoShield offers three plans to fit different needs. Manage your subscription from the cloud dashboard or enter your license key locally from VistoShield → License.
| Plan | Price | Coverage |
|---|---|---|
| Free | Free forever | Up to 3 sites — 5 active modules, 5 monitor-only, 4 locked |
| Pro | $89/site/year | Per site — all 14 modules upgraded to Pro (extended history, premium signatures, PDF reports, priority support) |
| Max | $169/site/year | Per site — all Pro features + white-label branding |
The License tab shows current status, active plan, expiry date, and license holder information.
Dashboard Cards System
Each of the 14 modules contributes a card to the unified dashboard via the vistoshield_dashboard_cards filter. Each card displays:
- Module name and icon
- Active/inactive status
- Up to 3 statistics (e.g., threats blocked, scans completed, active rules)
This provides a single-glance overview of your entire security posture directly in the WordPress admin.
FAQ
Is VistoShield really just one plugin?
Yes. VistoShield is a single WordPress plugin that contains all 14 security modules. You enable or disable modules from the cloud dashboard or the local module manager — there are no separate plugins to install.
What happens without a license?
The Free plan includes 5 active modules, 5 monitor-only, and 4 locked. Upgrading to Pro unlocks extended capabilities across every module: longer history retention, premium bot signatures, PDF reports, and priority support.
Do I need an internet connection?
The plugin requires HTTPS connectivity to communicate with the VistoShield cloud dashboard. Core protections like the firewall and login guard continue to work locally even if the connection is temporarily interrupted.