WordPress Server Security for cPanel, WHM & Plesk

WordPress security that
scans your database.

A lightweight agent for hosting providers that finds rogue admins, wp_options injections, and SEO spam that Imunify360 and Wordfence can't see — because they don't scan the database. CleanShift does.

Open Source600KB agent · 1.2MB RAM · deploys in 60 seconds

Born from a real CVE-2024-28000 incident — built to find what file scanners miss.

Works with

🖥️

cPanel / WHM

Root or user-level

🛡️

Plesk

Admin extension

📝

WordPress

mu-plugin guard — no root needed

🐧

Any Linux VPS

CentOS · Alma · Ubuntu · CloudLinux

The scanning agent requires root SSH access. The WordPress Guard plugin works on any hosting — no root needed.

cleanshift — enterprise deployment
~ cleanshift-installer --license-key=CS_ENT_****
Validating license against cleanshift.osg.co.in...
License: Enterprise Tier ✓
~ cleanshift scan --server --scan-mode deep
Scanning 120 nodes across 3 data centres...
Found 2,847 database-level threats missed by Imunify360
Found 412 rogue wp_admin injections
~ cleanshift clean --server --mode auto
Running CVE-2024-28000 playbook...
✓ All threats remediated. 120/120 nodes clean.

What makes us different

Security that sees what others can't.

Database-Level Scanning

The industry scans files. We scan the database. Rogue admin accounts, wp_options injection payloads, SEO spam markers, persistence backdoors — we find what Imunify360 and Wordfence physically cannot detect.

wp_optionsrogue adminsSEO spampersistence markers
600KB

Agent footprint.
Competitor average: 80MB.

Real-Time Guard

A zero-config PHP mu-plugin blocks REST API abuse, unauthorized admin creation, and cron hijacking before anything hits disk.

Cross-Site Correlation

If one site is compromised, CleanShift instantly checks every other site on the server for the same IOCs. No manual work.

CVE Playbooks

Automated remediation procedures specific to each vulnerability. Not generic quarantine — surgical cleanup with 1-click rollback.

cPanel · WHM · Plesk

Deploy to 1,000 servers in minutes.

Your DevOps team will love the CLI. Your CFO will love the risk mitigation. And you'll finally sleep through the night.

99.99%
Uptime
< 1ms
Latency
1.2MB
RAM

New in v1.4

Detection capabilities that learn and evolve.

SEO Spam Detection

Detects gambling, pharma, and casino keyword injection in your WordPress database. Catches author burst attacks (50+ spam posts per day) and hidden redirect chains.

keyword scanburst detectionredirect traps

Dropper & Artifact Detection

Finds zero-byte PHP dropper stubs, compressed backdoor payloads (.gz/.zip in web dirs), and misleading extensions like .php.bak or .jpg.php.

0-byte dropperscompressed payloadsfake extensions

Verification Scanning

Post-remediation mode re-scans only previously-flagged locations. Confirms cleanup in seconds, not minutes. 10x faster than a full scan.

Community Intelligence

Crowd-sourced threat hashes from every CleanShift agent feed into your scanner. New malware patterns detected anywhere protect you everywhere.

IoC Contribution

Every scan automatically contributes discovered indicators back to the collective intelligence — making the entire network smarter.

Three steps

From vulnerable to protected in under 60 seconds.

Step 01

Install the Agent

A single authenticated command deploys the 600KB agent. No dependencies to wrangle, no Java, no heavy daemons.

Step 02

Deep Scan Everything

CleanShift scans files AND the database — finding rogue admins, wp_options injections, and persistence markers that legacy scanners miss completely.

Step 03

Auto-Remediate & Harden

CVE-specific playbooks surgically clean threats and harden configurations. Real-time guards activate to prevent re-infection. You get Telegram alerts.

How we compare

The competition doesn't scan the database.

FeatureCleanShiftImunify360Wordfence
Database scanning
Cross-site correlation
CVE-specific playbooks
SEO spam detection
Server-level view
WordPress depthDeepShallowDeep
Resource footprint600KBHeavyHeavy
Real-time guards
Starting price$0$12/mo$149/yr

Pricing

See the threats free. Pay to fix them.

Start scanning for $0. Upgrade when you're ready to unleash automated remediation. Every plan includes usage credits so you never get surprise bills.

Free

$0/forever

1 server included. See everything. Fix it when you're ready.

  • Full scan (file + database)
  • Vulnerability scanning
  • 30-day scan history
  • Telegram alerts
  • mu-plugin guard
Start Free

Pro

$5/mo

Up to 5 sites. $48/yr if billed annually.

  • Everything in Free
  • Auto-remediation
  • CVE playbooks
  • Real-time signatures
  • Telegram alerts
  • Share dashboard with your agency
  • $5/mo usage credits included
Get Pro
Most Popular

Server

$12/server/mo

Unlimited sites. $108/yr if billed annually.

  • Everything in Pro
  • Unlimited sites per server
  • Cross-site correlation
  • Fleet dashboard
  • Full API access
  • $10/mo usage credits included
Get Server Plan

Fleet

$8/server/mo

Min 5 servers. Volume pricing for hosts & MSPs.

  • Everything in Server
  • Volume discount (5+ servers)
  • Priority support
  • Custom playbooks
  • Dedicated onboarding
  • White-label available
Contact Sales via WhatsApp

Usage credits included on every paid plan. On-demand deep scans $0.50/scan. Emergency incident response $25/incident. Credits don't roll over.

FAQ

Common questions

Is CleanShift only for WordPress?

CleanShift is designed primarily for WordPress on shared hosting (cPanel/WHM, Plesk). The agent scans any WordPress installation it finds on the server. Non-WordPress CMS support is on the roadmap.

Does CleanShift remove malware or just detect it?

The free tier detects and reports threats with step-by-step manual fix instructions. Paid tiers (Pro, Server, Fleet) add one-click auto-remediation with rollback safety.

Why does the agent need root access?

Server-level scanning requires access to all user home directories and database credentials. The agent only reads during scanning — write operations happen only during explicit remediation on paid tiers. All source code is open source and auditable.

Will it slow down my server?

The agent uses ~1.2MB of RAM and scans run as low-priority background processes. No inbound ports are opened. There is zero impact on website load times.

Can I share access with my developer or agency?

Yes. Pro plans and above support sharing dashboard access. Site owners can pay for the plan and give their agency visibility into scan results and remediation.

What happens when a threat is detected?

You receive a detailed report showing exactly what was found, where, and how to fix it. On paid tiers, CleanShift can auto-remediate with timestamped backups and full rollback capability.

Built by people who manage real servers.

CleanShift is built by Kamyab Infotech — a team that runs hosting infrastructure, cleans malware from production servers, and manages WordPress at scale. This tool exists because we needed it ourselves.

Request Early Access

Not ready to deploy yet? Join the waitlist to get exclusive updates and priority access to new enterprise features.