Bearmor Security Docs
Complete guide to features, configuration, and best practices
Getting Started
Installation
Install via WordPress admin:
- Go to Plugins → Add New
- Search for "Bearmor Security"
- Click "Install Now" and then "Activate"
- Enter your license key in Bearmor → Settings → License
- Baseline scan runs automatically after 2 minutes
📌 Note: Baseline scan creates SHA-256 fingerprints of all files for integrity monitoring.
System Requirements
- WordPress 5.8+
- PHP 7.4+
- MySQL 5.6+
- Write permissions for quarantine directory
Quick Setup
Go to Bearmor → Security Hardening and click "Apply Recommended" to enable:
- Security headers (X-Frame, Content-Type, XSS)
- WordPress version hiding
- User enumeration blocking
- Generic login errors
- SSL enforcement
- Disable file editing
Malware Scanner
Scans WordPress core, plugins, and themes for malicious code using 60+ malware patterns.
What It Detects
- PHP backdoors (eval, base64_decode, shell_exec)
- Known malware signatures
- Code obfuscation techniques
- Suspicious file uploads
- Hidden iframes and redirects
Running a Scan
Manual: Navigate to Bearmor → Malware Scanner → Click "Run Malware Scan"
Automatic: Runs daily at 3:00 AM
Managing Threats
- Quarantine: Moves file to secure directory
- Mark False Positive: Whitelists legitimate code
- View Details: See matched code and line number
- Delete: Permanently remove threat
Smart Whitelist: Auto-whitelists 80+ trusted plugins (UpdraftPlus, Wordfence, WooCommerce, etc.)
File Integrity Monitor
Tracks every file change using SHA-256 checksums. Detects modified, new, and deleted files.
How It Works
- Baseline scan creates checksums of all files
- Daily integrity check compares current state to baseline
- Changes logged with timestamps
- Automatic baseline updates after plugin/theme updates
Rebuilding Baseline
Go to Bearmor → File Changes → Click "Run Baseline Scan"
⚠️ Important: Rebuild baseline after WordPress/plugin/theme updates to avoid false positives.
File Change Actions
- Mark Safe: Accept change and update baseline
- Quarantine: Move file to secure location
- Preview: View file contents
- Lock: Make file read-only
Login Protection
Brute-force protection with progressive IP blocking and anomaly detection.
Rate Limiting
| Failed Attempts | Lockout | Email Alert |
|---|---|---|
| 5 attempts | 5 minutes | No |
| 10 attempts | 30 minutes | No |
| 20+ attempts | 24 hours | Yes |
Anomaly Detection
Automatically flags unusual login patterns:
- New country (20-40 points)
- New IP address (15 points)
- Unusual hours (10-25 points)
- Unknown user agent (5 points)
High scores (50+) flagged in Login Anomalies
Login Tracking
View in Bearmor → Login Activity:
- IP address and country (via ip-api.com)
- Username attempted
- Success/failure status
- Timestamp and user agent
Two-Factor Authentication
Email-based 2FA with device memory (30 days).
How It Works
- User enters username and password
- 6-digit code sent to email
- Code expires in 10 minutes
- Enter code on login screen
- Optionally remember device for 30 days
Enabling 2FA
For your account: Go to Users → Your Profile → Enable 2FA checkbox
Enforce for all admins: Bearmor → Settings → Enable "Require 2FA for Administrators"
Lockout Recovery
If you're locked out of 2FA:
- Database access: Delete from
wp_usermetawheremeta_key='bearmor_2fa_enabled'for your user - File access: Add to
wp-config.php:define('BEARMOR_DISABLE_2FA', true); - After regaining access, you can re-enable 2FA in your profile
Activity Log
Complete audit trail of user actions and system events.
Tracked Events
| Authentication | Login, logout, failed attempts |
| Plugins | Install, activate, deactivate, delete, update |
| Themes | Install, activate, delete |
| Users | Create, delete, profile updates |
| Security | Quarantine, restore, IP block/unblock, firewall blocks |
| WordPress Core | Updates and version changes |
View in Bearmor → Activity Log with filters for date, user, and action type.
Security Hardening
One-click security improvements applied in 5 seconds.
Available Options
Security Headers
- X-Frame-Options (SAMEORIGIN)
- X-Content-Type-Options (nosniff)
- Referrer-Policy
- Permissions-Policy
- X-XSS-Protection
WordPress Hardening
- Hide WP version
- Block user enumeration (?author=1)
- Generic login errors
- Disable XML-RPC
- Force SSL
- Disable file editing
Go to Bearmor → Security Hardening → Click "Apply Recommended"
Deep Malware Scan
Database and uploads directory scanning for hidden threats.
Database Scanning
Scans all database tables for:
- Malicious JavaScript in posts/pages
- PHP backdoors in post metadata
- Injected code in options table
- Unauthorized admin accounts
- Suspicious iframes and redirects
Uploads Scanning
Checks /wp-content/uploads/ for:
- PHP files (shouldn't exist in uploads)
- Executable scripts disguised as images
- Hidden malware in file uploads
Run from Bearmor → Deep Scan (manual only, no automatic scheduling)
Smart Firewall
Real-time request filtering blocks attacks before they reach WordPress.
Protection Rules
| SQL Injection | UNION, SELECT, INSERT, DROP |
| XSS | <script>, javascript:, onerror= |
| Path Traversal | ../, ../../ |
| Command Injection | System commands |
Configuration
Configure in Bearmor → Settings → Firewall:
- Rate Limiting: Control login attempt thresholds
- Country Blocking: Block specific countries
- Honeypot: Deploy fake admin login traps
📌 Firewall Logs: View all blocked requests in Bearmor → Security Logs
24/7 Uptime Monitoring
External monitoring pings your site every 15 minutes from multiple EU servers.
How It Works
- Pings your site every 15 minutes
- Multiple monitoring servers across Europe
- Measures response time and HTTP status
- Detects downtime within 15 minutes
- Data syncs automatically to WordPress
Dashboard Widget Shows
- 7-day uptime percentage
- Average response time
- Current status
- Last check timestamp
- Downtime events with duration
Downtime Alerts
When downtime detected:
- Confirms with 2 additional checks
- Email sent to admin
- Event logged with start time
- Recovery email when site returns
📌 Note: Data syncs automatically via WordPress background processes. No manual setup required.
Vulnerability Scanner
Daily checks using WPVulnerability API for known security issues in your WordPress installation.
What It Checks
- WordPress Core vulnerabilities
- Plugin CVEs and security advisories
- Theme security issues
Automatic scan: Daily at 2:00 AM
Severity Levels
| Critical | Update immediately |
| High | Update within 24 hours |
| Medium | Update when convenient |
| Low | Monitor for updates |
Actions Available
- Direct link to update
- Auto-disable vulnerable plugins (optional)
- Whitelist accepted risks
- Email alerts for new vulnerabilities
View in Bearmor → Vulnerabilities
AI Security Analysis
OpenAI-powered analysis providing plain English summaries and actionable insights.
What Gets Analyzed
Reviews last 7 days of:
- Malware detections
- File changes
- Login attempts and anomalies
- Firewall blocks
- Vulnerabilities
- Activity log events
- Security hardening status
AI Summary Includes
- Overall security posture
- Critical issues flagged
- Prioritized recommendations
- Trend analysis
- Security score (used in total score calculation if PRO enabled)
- Color-coded risk level (Green/Yellow/Red/Gray)
Risk Levels
| Green | Secure - no significant threats |
| Yellow | Attention needed - issues found |
| Red | Critical - immediate action required |
| Gray | Insufficient data |
Runs once daily at random time. View in Dashboard → AI Analysis Widget
Privacy: No personal data sent. IPs anonymized, usernames replaced with identifiers.
Settings & Configuration
Firewall Settings (PRO)
Located in Bearmor → Settings → Firewall:
- Rate Limiting: Configure login attempt thresholds and lockout durations
- Country Blocking: Block login attempts from specific countries
- Honeypot: Enable fake admin login pages to trap bots
Scanning Settings
Located in Bearmor → Settings → Scanning:
- Rebuild Baseline: Recreate file integrity baseline after updates
- Auto-Quarantine Malware: Automatically move detected threats to quarantine (disabled by default)
- Scan Schedule: Configure file integrity monitoring frequency
Two-Factor Authentication
Located in Bearmor → Settings → 2FA:
- Enable 2FA: Require two-factor authentication for all administrator accounts
- Individual users can also enable/disable 2FA in their profile settings
Scan Exclusions
Exclude files/directories from scans in Settings → Exclusions
Already excluded by default:
/wp-content/uploads//wp-content/cache//node_modules/.min.jsfiles
License Management (PRO)
In Settings → License:
- Enter your PRO license key
- View activation status and expiry date
- Site registration happens automatically
Troubleshooting
Baseline Not Running
Solutions:
- Check WP Cron: Tools → Site Health
- Manual trigger: Bearmor → File Changes → Run Baseline
- Check error logs for PHP errors
- Verify write permissions
Firewall Blocking Legitimate Requests
Solutions:
- Check firewall logs in Dashboard widget
- Add URI to whitelist: Settings → Firewall
- Or whitelist your IP address
- Temporarily disable firewall if needed
Uptime Data Not Syncing (PRO)
Solutions:
- Verify PRO license is active
- Check WP Cron is working
- Wait 1 hour for initial sync
- Check error logs for API issues
High False Positives
Solutions:
- Verify file is safe (check plugin reputation)
- Mark as "False Positive" to whitelist
- Report persistent issues to support
Performance Issues
Solutions:
- Clear old activity logs: Settings → Data Management
- Temporarily disable daily scans
- Check server resources (CPU, memory)
- Optimize database tables
Need More Help?
Contact Bearmor support:
- Email: support@bearmor.eu
- Include WordPress version, PHP version, and error logs
- PRO users get priority support