{"id":281612,"date":"2026-02-23T08:53:51","date_gmt":"2026-02-23T08:53:51","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/shadowscan-security-link\/"},"modified":"2026-04-01T11:55:22","modified_gmt":"2026-04-01T11:55:22","slug":"shadowscan-security-link","status":"publish","type":"plugin","link":"https:\/\/km.wordpress.org\/plugins\/shadowscan-security-link\/","author":23434755,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.1.1","stable_tag":"1.1.1","tested":"6.9.4","requires":"6.0","requires_php":"7.4","requires_plugins":null,"header_name":"ShadowScan Security Link","header_author":"ShadowScan","header_description":"Connects a WordPress site to the ShadowScan portal, sends heartbeats, and executes security commands.","assets_banners_color":"3e4b7e","last_updated":"2026-04-01 11:55:22","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/shadowscan.com.au\/portal","header_author_uri":"https:\/\/shadowscan.com.au","rating":0,"author_block_rating":0,"active_installs":0,"downloads":275,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.11":{"tag":"1.0.11","author":"shadowscan","date":"2026-02-23 08:53:32"},"1.0.12":{"tag":"1.0.12","author":"shadowscan","date":"2026-03-03 04:24:21"},"1.1.0":{"tag":"1.1.0","author":"shadowscan","date":"2026-03-20 05:31:27"},"1.1.1":{"tag":"1.1.1","author":"shadowscan","date":"2026-04-01 11:55:22"}},"upgrade_notice":{"1.1.0":"<p>Improves setup clarity and subscription status visibility, including clearer trial and billing messaging in WordPress admin.<\/p>","1.0.12":"<p>Improves portal sync reliability, command execution consistency, and safer diagnostics\/report handling.<\/p>","1.0.11":"<p>Improves update reliability and release consistency.<\/p>","1.0.10":"<p>Improves privacy controls and account-protection behavior.<\/p>","1.0.9":"<p>Improves recovery handling and connection-status visibility.<\/p>","1.0.8":"<p>Improves release packaging and service disclosures for WordPress.org compliance.<\/p>","1.0.7":"<p>Improves release workflow stability and diagnostics tooling.<\/p>","1.0.6":"<p>Improves release pipeline and runtime resilience.<\/p>","1.0.5":"<p>Same changes as 1.0.6 (superseded by tag v1.0.6).<\/p>","1.0.4":"<p>Adds Admin Access Guard with emergency bypass and improved policy verification.<\/p>","1.0.3":"<p>Adds PHP 7.4 compatibility for MFA and improves offboarding\/diagnostics handling.<\/p>","1.0.2":"<p>Adds emergency containment, targeted integrity scans, and server controls with new admin visibility.<\/p>","0.3.6":"<p>Adds connection health tools and safer retry handling for heartbeats.<\/p>","0.3.5":"<p>Adds self-check diagnostics and improves legacy install reliability.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3467414,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3467414,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3467414,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3467414,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.11","1.0.12","1.1.0","1.1.1"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3467414,"resolution":"1","location":"assets","locale":""}},"screenshots":{"1":"ShadowScan setup dashboard in WordPress admin.","2":"Connection health and support report panel."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[5603,600],"plugin_category":[54],"plugin_contributors":[256429],"plugin_business_model":[],"class_list":["post-281612","plugin","type-plugin","status-publish","hentry","plugin_tags-monitoring","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-shadowscan","plugin_committers-shadowscan"],"banners":{"banner":"https:\/\/ps.w.org\/shadowscan-security-link\/assets\/banner-772x250.png?rev=3467414","banner_2x":"https:\/\/ps.w.org\/shadowscan-security-link\/assets\/banner-1544x500.png?rev=3467414","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/shadowscan-security-link\/assets\/icon-128x128.png?rev=3467414","icon_2x":"https:\/\/ps.w.org\/shadowscan-security-link\/assets\/icon-256x256.png?rev=3467414","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/shadowscan-security-link\/assets\/screenshot-1.png?rev=3467414","caption":"ShadowScan setup dashboard in WordPress admin."}],"raw_content":"<!--section=description-->\n<p>ShadowScan Security Link pairs your site to the ShadowScan portal and keeps it in sync with heartbeat status, Guard Layer signals, login abuse detection, and security commands.<\/p>\n\n<p>ShadowScan does not install, activate, or configure third-party security tools. If another security plugin is present, the connector only records its presence as metadata.<\/p>\n\n<h3>External services<\/h3>\n\n<p>This plugin connects to external services to sync status, process security workflows, and support optional diagnostics.<\/p>\n\n<ul>\n<li>Service: ShadowScan API (hosted at Supabase Edge Functions)<\/li>\n<li>URL: https:\/\/foemwjtosslaiynduiyt.supabase.co\/functions\/v1\/<\/li>\n<li>Used for: site pairing, heartbeat sync, command polling, command-result upload, subscription\/policy sync, and support contact submissions.<\/li>\n<li>Data sent and when: site URL, WordPress version, PHP version, connector version, Guard Layer\/control status, heartbeat timestamps, and command execution metadata whenever the connector syncs with ShadowScan; contact form fields only when an admin submits support contact.<\/li>\n<li>Terms: https:\/\/shadowscan.com.au\/terms<\/li>\n<li><p>Privacy: https:\/\/shadowscan.com.au\/privacy<\/p><\/li>\n<li><p>Service: Have I Been Pwned Passwords API<\/p><\/li>\n<li>URL: https:\/\/api.pwnedpasswords.com<\/li>\n<li>Used for: optional breached-password checks in password policy enforcement.<\/li>\n<li>Data sent and when: k-anonymity password hash prefix (first 5 SHA-1 characters, no raw passwords) only when a password is checked by the policy flow.<\/li>\n<li>Terms: https:\/\/haveibeenpwned.com\/TermsOfUse<\/li>\n<li><p>Privacy: https:\/\/haveibeenpwned.com\/Privacy<\/p><\/li>\n<li><p>Service: Sentry<\/p><\/li>\n<li>URL: https:\/\/sentry.io<\/li>\n<li>Used for: optional error and fatal-event telemetry to assist troubleshooting.<\/li>\n<li>Data sent and when: error event metadata (such as exception messages, stack traces, and runtime context) only after an admin explicitly enables Sentry telemetry in plugin settings and a Sentry DSN is configured; the optional MU diagnostics helper can send early-startup fatal errors only while both Sentry telemetry and remote diagnostics are enabled.<\/li>\n<li>Terms: https:\/\/sentry.io\/terms\/<\/li>\n<li>Privacy: https:\/\/sentry.io\/privacy\/<\/li>\n<\/ul>\n\n<h3>Third-Party Libraries<\/h3>\n\n<p>This plugin bundles:\n* pragmarx\/google2fa (MIT License)\n* bacon\/bacon-qr-code (BSD-2-Clause; Copyright (c) 2017-present, Ben Scholzen \u201cDASPRiD\u201d)<\/p>\n\n<h3>Hooks<\/h3>\n\n<p>shadowscan_log\nFires when the plugin emits an internal log message. You can hook this in a must\u2011use plugin or theme if you want to capture logs.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin ZIP in WordPress: Plugins \u2192 Add New \u2192 Upload Plugin.<\/li>\n<li>Activate \"ShadowScan Security Link\".<\/li>\n<li>Open ShadowScan in WP Admin and follow the setup steps.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20plugin%20require%20a%20shadowscan%20account%3F\"><h3>Does this plugin require a ShadowScan account?<\/h3><\/dt>\n<dd><p>Yes. You need a ShadowScan account to generate a pairing code and connect the site.<\/p><\/dd>\n<dt id=\"does%20deactivating%20the%20plugin%20disconnect%20the%20site%20from%20shadowscan%3F\"><h3>Does deactivating the plugin disconnect the site from ShadowScan?<\/h3><\/dt>\n<dd><p>By default, no. Deactivation pauses scheduled connector activity, but disconnect is only performed from explicit disconnect\/uninstall actions.<\/p><\/dd>\n<dt id=\"what%20data%20is%20sent%20to%20shadowscan%3F\"><h3>What data is sent to ShadowScan?<\/h3><\/dt>\n<dd><p>The connector sends basic environment details (site URL, WordPress\/PHP versions, plugin version) and heartbeat status so we can monitor connection health.<\/p><\/dd>\n<dt id=\"does%20it%20send%20administrator%20credentials%3F\"><h3>Does it send administrator credentials?<\/h3><\/dt>\n<dd><p>No. Credentials are never sent by the plugin.<\/p><\/dd>\n<dt id=\"does%20remote%20diagnostics%20install%20anything%20on%20the%20site%3F\"><h3>Does remote diagnostics install anything on the site?<\/h3><\/dt>\n<dd><p>Only after an admin explicitly enables Sentry telemetry and remote diagnostics, ShadowScan can install a temporary must-use helper from the portal to capture early startup errors for troubleshooting. It can be removed from the portal or automatically when telemetry\/remote diagnostics are disabled.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.1.1<\/h4>\n\n<ul>\n<li>Improves onboarding copy to more accurately reflect available plan options during setup.<\/li>\n<li>Improves in-plugin messaging so status and connection labels match your active plan type.<\/li>\n<li>Improves trial and quick-action wording to better reflect self-serve options across all plans.<\/li>\n<\/ul>\n\n<h4>1.1.0<\/h4>\n\n<ul>\n<li>Improves subscription visibility so trial, billing, and active protection states are easier to understand in WordPress admin.<\/li>\n<li>Improves setup guidance and status messaging so getting started with ShadowScan feels clearer and more reassuring.<\/li>\n<\/ul>\n\n<h4>1.0.12<\/h4>\n\n<ul>\n<li>Improves portal connection reliability and policy syncing consistency.<\/li>\n<li>Improves command delivery and signature compatibility so queued actions complete more reliably.<\/li>\n<li>Improves connector diagnostics and status reporting, including admin geo and plugin auto-update signals.<\/li>\n<li>Improves evidence export handling and clears stale connector errors after successful syncs.<\/li>\n<\/ul>\n\n<h4>1.0.11<\/h4>\n\n<ul>\n<li>Improves plugin package reliability for smoother updates.<\/li>\n<li>Improves quality checks so releases are more consistent.<\/li>\n<li>Improves release process stability to reduce update issues.<\/li>\n<\/ul>\n\n<h4>1.0.10<\/h4>\n\n<ul>\n<li>Improves privacy controls for diagnostics and telemetry settings.<\/li>\n<li>Improves account protection flows during profile and sign-in updates.<\/li>\n<li>Improves compatibility by updating bundled dependencies.<\/li>\n<\/ul>\n\n<h4>1.0.9<\/h4>\n\n<ul>\n<li>Improves connection recovery behavior when the portal temporarily rejects requests.<\/li>\n<li>Improves admin status reporting so connection state is easier to understand.<\/li>\n<\/ul>\n\n<h4>1.0.8<\/h4>\n\n<ul>\n<li>Strip non-production vendor scripts\/tests from release ZIP for WordPress.org compliance.<\/li>\n<li>Keep release guard clean after POT generation.<\/li>\n<li>Document external password breach check service.<\/li>\n<\/ul>\n\n<h4>1.0.7<\/h4>\n\n<ul>\n<li>Improve release workflow stability and dependency locking.<\/li>\n<li>Add MU helper diagnostics commands and admin visibility.<\/li>\n<li>Harden logging and input sanitization for compliance.<\/li>\n<\/ul>\n\n<h4>1.0.6<\/h4>\n\n<ul>\n<li>Improve release pipeline and runtime resilience.<\/li>\n<li>Strengthen API reliability, event delivery, and enforcement handling.<\/li>\n<li>Tighten sanitization and filesystem safety checks.<\/li>\n<\/ul>\n\n<h4>1.0.5<\/h4>\n\n<ul>\n<li>Same changes as 1.0.6 (superseded by tag v1.0.6).<\/li>\n<\/ul>\n\n<h4>1.0.4<\/h4>\n\n<ul>\n<li>Adds Admin Access Guard with location-based protection for wp-login\/wp-admin, including observe\/enforce modes and emergency bypass.<\/li>\n<li>Improves plugin safety and recovery behavior (fail-open access, clearer status visibility, safer handling during billing pauses).<\/li>\n<li>Refines plugin UI and diagnostics to make protection coverage, controls, and troubleshooting easier to understand and use.<\/li>\n<\/ul>\n\n<h4>1.0.3<\/h4>\n\n<ul>\n<li>Adds PHP 7.4 compatibility for MFA using Google2FA and Bacon QR.<\/li>\n<li>Improves admin UI clarity and offboarding\/diagnostics handling.<\/li>\n<\/ul>\n\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Adds emergency containment, targeted integrity scans, and server controls.<\/li>\n<li>Adds operational controls for htaccess, enumeration protections, and security headers.<\/li>\n<li>Refines third-party security plugin detection and updates tooling\/docs.<\/li>\n<\/ul>","raw_excerpt":"Connects your WordPress site to the ShadowScan portal for heartbeats, guard signals, and security commands.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/281612","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=281612"}],"author":[{"embeddable":true,"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/shadowscan"}],"wp:attachment":[{"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=281612"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=281612"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=281612"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=281612"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=281612"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=281612"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}