WordPress Plugin

The Atomic Edge Security plugin for WordPress provides a seamless connection between your WordPress site and your Atomic Edge dashboard. While you can manage everything from the web dashboard, the plugin brings powerful security features directly into your WordPress admin—plus exclusive features like Two-Factor Authentication and malware scanning that run locally on your server.

Why Install the Plugin?

Installing the WordPress plugin unlocks a more integrated experience:

Feature Dashboard Only With Plugin
WAF Protection ✓ Configure & monitor ✓ View logs in WordPress
Analytics ✓ Full dashboard ✓ Quick stats in WordPress
IP Whitelist/Blacklist ✓ Manage from dashboard ✓ Manage from WordPress
Geographic Blocking ✓ Configure rules ✓ Configure from WordPress
CDN Settings ✓ Enable/configure ✓ Enable with one click
Adaptive Defense ✓ Configure & monitor ✓ View status & threats
Two-Factor Authentication ✗ Not available Plugin Exclusive
Malware Scanner ✗ Not available Plugin Exclusive
Vulnerability Scanner ✗ Not available Plugin Exclusive
2FA Enforcement Policies ✗ Not available Plugin Exclusive

Key Features

🔐 Two-Factor Authentication (2FA)

Protect your WordPress login with industry-standard TOTP authentication:

  • Works with any authenticator app: Google Authenticator, Authy, 1Password, Microsoft Authenticator
  • Backup recovery codes: Never get locked out of your site
  • Role-based enforcement: Require 2FA for administrators, editors, or any user role
  • Configurable grace periods: Give users time to set up 2FA before enforcement
  • Full audit logging: Track all 2FA events for security compliance

💡 Note: 2FA works independently and does not require an Atomic Edge account. You can use it even without connecting to the dashboard!

🔍 Malware Scanner

Scan your entire WordPress installation for threats:

  • File integrity checks: Detect unauthorized modifications to WordPress core
  • Signature-based detection: Find known malware patterns in PHP files
  • Quick vs. thorough modes: Fast PHP-only scans or comprehensive full-site scans
  • Resumable scanning: Large sites can be scanned in chunks without timing out

🛡️ Vulnerability Scanner

Keep your site safe from known security issues:

  • WordPress core vulnerabilities: Check if your version has known CVEs
  • Plugin vulnerabilities: Identify insecure plugins with available patches
  • Theme vulnerabilities: Find security issues in your active theme
  • One-click info: Links to vulnerability databases for remediation steps

Requires connection to Atomic Edge for vulnerability data.

📊 Security Dashboard

Monitor your site’s security at a glance:

  • Connection status: Verify your Atomic Edge connection is active
  • Traffic overview: See requests, blocked threats, and visitor counts
  • Quick actions: Jump to common security tasks
  • WAF log viewer: See what attacks are being blocked in real-time

🌍 Access Control

Manage IP and geographic access directly from WordPress:

  • IP Whitelist: Allow trusted IPs to bypass security checks
  • IP Blacklist: Block malicious IPs immediately
  • Geographic Blocking: Restrict access by country
  • CIDR Support: Block or allow entire IP ranges

☁️ CDN Integration

Enable Atomic Edge CDN directly from WordPress:

  • One-click enable: Turn on CDN for static assets
  • Automatic URL rewriting: CSS, JS, and images served from edge servers
  • No configuration needed: Works automatically once enabled

🧠 Adaptive Defense

Monitor AI-powered threat detection directly from WordPress:

  • Real-time status: See if Adaptive Defense is enabled and its current mode
  • Threat overview: View recent high-threat detections and blocked IPs
  • Quick stats: Active blocks, threats detected, and AI analysis budget
  • Auto-block history: Review IPs that were automatically blocked

💡 Note: Adaptive Defense configuration (sensitivity, thresholds, auto-block settings) is managed from the Atomic Edge dashboard. The plugin provides monitoring and status visibility.

Requires Pro or Enterprise plan. See Adaptive Defense for full configuration details.

Installation

From WordPress.org (Recommended)

  1. Go to Plugins → Add New in your WordPress admin
  2. Search for "Atomic Edge Security"
  3. Click Install Now, then Activate

Manual Installation

  1. Download from wordpress.org/plugins/atomic-edge-security
  2. Upload the atomic-edge-security folder to /wp-content/plugins/
  3. Activate through Plugins menu

Connecting to Atomic Edge

Step 1: Generate an API Key

  1. Log in to your Atomic Edge dashboard
  2. Go to your site’s Edit page
  3. Click the API button in the header
  4. Click Generate API Key
  5. Copy the key immediately—it’s only shown once!

⚠️ Important: Store your API key securely. If you lose it, you’ll need to generate a new one (which revokes the old key).

Step 2: Configure the Plugin

  1. In WordPress, go to Atomic Edge → Settings
  2. Paste your API key into the API Key field
  3. Click Save Changes
  4. You should see a green "Connected" status

Step 3: Verify the Connection

  1. Go to Atomic Edge → Dashboard
  2. You should see your site information and current status
  3. Check that WAF status, analytics, and features are displaying correctly

Setting Up Two-Factor Authentication

2FA is a standalone feature that works even without an Atomic Edge connection.

Enable 2FA for Your Account

  1. Go to Users → Your Profile in WordPress
  2. Scroll to the Atomic Edge 2FA section
  3. Click Enable Two-Factor Authentication
  4. Scan the QR code with your authenticator app
  5. Enter the 6-digit code to verify
  6. Save your backup codes in a secure location

Enforce 2FA for Users (Admin Feature)

  1. Go to Atomic Edge → 2FA Policy
  2. Enable Require 2FA for selected roles
  3. Select which roles must use 2FA (Administrator, Editor, etc.)
  4. Set a grace period (e.g., 7 days) for users to set up 2FA
  5. Click Save Policy

Users will see reminders and must enable 2FA before the grace period expires.

Running Security Scans

Malware Scan

  1. Go to Atomic Edge → Malware Scanner
  2. Choose Quick Scan (PHP files only) or Thorough Scan (all files)
  3. Click Start Scan
  4. Review results for any suspicious files
  5. Investigate flagged files before taking action

💡 Tip: Quick scans are usually sufficient for routine checks. Run thorough scans after suspected compromises.

Vulnerability Scan

  1. Go to Atomic Edge → Vulnerability Scanner
  2. Click Run Scan
  3. Review results for WordPress core, plugins, and themes
  4. Update any components with known vulnerabilities

Best Practices

Connection Health

  • Check connection regularly: Verify the green "Connected" status
  • Regenerate API key: If you suspect it’s compromised, regenerate immediately
  • Keep plugin updated: Security fixes are released regularly

Two-Factor Authentication

  • Enable for all administrators: Admin accounts are high-value targets
  • Test backup codes: Verify they work before you need them
  • Use hardware keys for critical sites: TOTP is good, but hardware keys are better

Security Scanning

  • Schedule regular scans: Weekly malware scans catch issues early
  • Update immediately: When vulnerability scans find issues, patch promptly
  • Monitor WAF logs: Look for patterns in blocked attacks

Adaptive Defense

  • Start in Monitor mode: Let Adaptive Defense learn your traffic patterns for a week before enabling Auto-Enforce
  • Review detections regularly: Check the threats tab for false positives
  • Honor your whitelist: Ensure trusted IPs (office, VPN, monitoring) are whitelisted to prevent accidental blocking
  • Adjust sensitivity: If you see too many false positives, lower sensitivity; if attacks slip through, raise it

Troubleshooting

"Connection Failed" Error

  1. Verify your API key is entered correctly (no extra spaces)
  2. Check that your site is active in the Atomic Edge dashboard
  3. Ensure your server can reach api.atomicedge.io (port 443)
  4. Try regenerating the API key

2FA Not Working

  1. Clock sync: Ensure your server and phone times are synchronized
  2. Try backup codes: If TOTP codes fail, use a backup code
  3. Clear browser cache: Stale sessions can cause issues
  4. Check PHP extensions: Ensure OpenSSL is installed

Scans Timing Out

  1. Use Quick Scan instead of Thorough Scan
  2. The scanner is resumable—let it continue where it left off
  3. Check server timeout settings (max_execution_time)
  4. Consider running scans via WP-CLI: wp atomicedge scan malware --quick

Adaptive Defense Not Showing

  1. Check your plan: Adaptive Defense requires Pro or Enterprise plan
  2. Enable in dashboard: Adaptive Defense must be enabled in the Atomic Edge dashboard first
  3. Verify connection: Ensure the plugin is connected and showing "Connected" status
  4. Check site activity: Adaptive Defense needs traffic data to analyze—new sites may not have enough data yet

Adaptive Defense Blocking Legitimate Traffic

  1. Add to whitelist: Add the IP to your global whitelist in the Access Control tab
  2. Lower sensitivity: Consider using Medium or Low sensitivity
  3. Check thresholds: In Custom mode, raise the auto-block threshold (e.g., 90 → 95)
  4. Review in dashboard: Check the specific threat detection to understand why it was flagged

WP-CLI Commands

For advanced users, the plugin includes WP-CLI commands:

# Run malware scan
wp atomicedge scan malware --quick

# Run vulnerability scan  
wp atomicedge scan vulnerabilities

# Check connection status
wp atomicedge status

Plugin Requirements

Requirement Minimum
PHP 7.4+
WordPress 5.8+
OpenSSL Required for 2FA
Atomic Edge Account Required for WAF/CDN features

Getting Help

Frequently Asked Questions