📰 MatrixSwarm Unveils Autonomous “WordPress Plugin Guard” Agent
MatrixSwarm has released a new perimeter agent built to protect one of the internet’s most-targeted surfaces: the WordPress plugin ecosystem. - The Problem Every compromised site usually starts the same way — a rogue plugin upload, a tampered file, a version mismatch left un-patched. Traditional malware scanners detect infection after the fact. The Plugin Guard agent flips that logic: it treats the plugin directory itself as a protected border.
How It Works
Once deployed, wordpress_plugin_guard builds a cryptographically signed baseline manifest of all approved plugins, recording every file’s SHA-256 hash. From there, it operates on a repeating 15-second interval:
1. Snapshot & Verify – compares live plugin hashes to the trusted baseline. 2. Detect & Alert – flags modifications, additions, or deletions in real time. 3. Enforce Policy – if Enforce mode is active, it quarantines the offending folder; if Block-New mode is armed, it deletes the untracked plugin outright. 4. Report Upstream – every event is signed and encrypted back through the Swarm’s Hive roles for alert routing, forensics, or dashboard display.Each decision is logged locally and broadcast via hive.alert, ensuring operators see the event before any attacker can exploit it.
Human-in-the-Loop Control
The Phoenix GUI ships with a new Plugin Guard panel, giving operators a live map of:
- Tracked & Clean plugins - Integrity Alerts - Untracked additions - Quarantined foldersFrom the panel, admins can approve, disapprove, quarantine, restore, or permanently delete a plugin with a single RPC call — all actions cryptographically verified by the swarm.
Built for Zero-Trust
Every packet moving through Plugin Guard is signed on send and verified on receive. Its directive enables packet signing both in and out, and the agent refuses to operate if certificates fail SPKI-pin validation. Even enforcement decisions are logged through the same signed-packet channel that the rest of MatrixSwarm’s infrastructure uses. Config at a Glance
{
"universal_id": "wordpress-plugin-guard-1",
"name": "wordpress_plugin_guard",
"tags": {
"packet_signing": {"in": True, "out": True}
},
"config": {
"ui": {
"agent_tree": {"emoji": "🧼"},
"panel": ["wordpress_plugin_guard.plugin_guard"]
},
"plugin_dir": "/var/www/html/wordpress/wp-content/plugins",
"quarantine_dir": "/opt/quarantine/wp_plugins",
"trusted_plugins_path": "/opt/swarm/guard/trusted_plugins.json",
"enforce": False,
"interval": 15,
"restart_php_after_quarantine": False,
"alert_to_role": "hive.alert",
#"report_to_role": "hive.forensics.data_feed",
"service-manager": [{
"role": [
"plugin.guard.snapshot@cmd_snapshot_plugins",
"plugin.guard.status@cmd_list_alert_status",
"plugin.guard.list_plugins@cmd_list_plugins",
"plugin.guard.snapshot_plugin@cmd_snapshot_plugin",
"plugin.guard.snapshot_untracked@cmd_snapshot_untracked",
"plugin.guard.disapprove_plugin@cmd_disapprove_plugin",
"plugin.guard.enforce@cmd_enforce",
"plugin.guard.restore_plugin@cmd_restore_plugin",
"plugin.guard.block@cmd_toggle_block",
"plugin.guard.quarantine@cmd_quarantine_plugin",
"plugin.guard.delete_quarantined@cmd_delete_quarantined_plugin"
],
"scope": ["parent", "any"],
"priority": {"default": 10}
}]
}
},
Why It Matters
Plugin Guard is the first agent in the Swarm to combine continuous file-integrity monitoring, autonomous enforcement, and GUI orchestration in a single directive. It can run in read-only observation for compliance, or in full enforcement to serve as a self-healing security perimeter for WordPress instances that rarely get hands-on maintenance. > “The best defense is to make compromise mechanically impossible,” says the release note. > **Plugin Guard does that for WordPress — quietly, automatically, and cryptographically.**
Comments 0
Category: agent spotlight
Tags: #wordpresssecurity, #matrixswarm, #mtls, #automation, #infosec, #fileintegrity, #devsecops, #cyberdefense, #opensource, #python
Author: matrixswarm
Views: 59
Added: October 4, 2025Updated: October 4, 2025
