Sera Sentinel: Security Configuration Guide

Sera Sentinel provides enterprise-grade security for WordPress with a Web Application Firewall, brute force protection, malware scanning, and AI-powered threat analysis. It requires Sera Core.

Initial Setup

After activating Sentinel, run the Security Wizard from Sera > Sentinel > Setup:

Scan your site — Sentinel performs an initial security audit
Apply hardening — One-click security hardening recommendations
Configure firewall — Set WAF rules based on your site type
Set up alerts — Configure notification preferences

Web Application Firewall (WAF)

The WAF inspects all incoming HTTP requests and blocks malicious traffic:

Rule Sets

OWASP Core Rules — Protection against SQL injection, XSS, and common attack vectors
WordPress-Specific Rules — Blocks known WordPress exploits and vulnerability patterns
Custom Rules — Create your own firewall rules based on IP, URL pattern, user agent, or request body

Configuration

Go to Sera > Sentinel > Firewall:

Protection Level — Low (minimal blocking), Medium (recommended), High (aggressive)
Learning Mode — Monitor traffic without blocking for a configurable period
Whitelist — URLs, IPs, or user agents that should bypass the firewall

Brute Force Protection

Sentinel monitors login attempts and blocks brute force attacks:

Max login attempts — Number of failed attempts before lockout (default: 5)
Lockout duration — How long an IP is blocked after exceeding attempts (default: 30 minutes)
Progressive lockout — Lockout duration increases with repeated violations
CAPTCHA integration — Add CAPTCHA to the login form after failed attempts
Custom login URL — Change /wp-login.php to a custom URL to prevent automated attacks

Malware Scanning

The malware scanner checks your WordPress installation for:

Modified core files — Compares WordPress core files against official checksums
Known malware signatures — Database of known malware patterns
Suspicious code patterns — Heuristic detection of obfuscated code, eval() calls, and base64-encoded payloads
File integrity — Monitors file changes and alerts on unexpected modifications

Diff Viewer

When Sentinel detects a modified file, the diff viewer shows:

Side-by-side comparison of the original and modified file
Highlighted changes with line numbers
One-click restore to the original version

Scheduled Scans

Configure automatic malware scans:

Frequency — Daily, weekly, or custom
Scope — Full site, WordPress core only, plugins only, themes only
Alerts — Email notification when malware is detected

IP Management

Blocking

Manual block — Block specific IPs or IP ranges
Auto-block — Automatically block IPs that trigger firewall rules
Temporary blocks — Set expiration times for blocked IPs

GeoIP Country Blocking

Block traffic from entire countries:

Go to Sentinel > GeoIP
Select countries to block
Optionally whitelist specific IPs within blocked countries

Security Hardening

One-click security toggles:

Disable XML-RPC
Disable file editing in WordPress admin
Hide WordPress version
Disable directory browsing
Secure wp-config.php permissions
Disable PHP execution in uploads directory
Remove unnecessary HTTP headers

Two-Factor Authentication

Enable 2FA for WordPress admin accounts:

TOTP — Time-based one-time passwords (Google Authenticator, Authy)
Email codes — One-time codes sent to the user's email
Backup codes — Emergency access codes

AI-Powered Threat Analysis

When connected to Sera Core's AI Engine, Sentinel can:

Analyze attack patterns and predict future threats
Classify blocked requests by threat type and severity
Generate security reports with actionable recommendations
Correlate security events across multiple spoke plugins

Security Audit Log

Every security event is logged with:

Timestamp
Event type (login attempt, firewall block, file change, etc.)
Source IP and geolocation
Action taken (blocked, allowed, flagged)
User involved (if applicable)