Function Map

Compare the functions that separate a security plugin from a security platform.

Arximus gives serious WordPress operators a complete function stack: Edge Firewall protection before WordPress, local enforcement inside WordPress, cloud intelligence, vulnerability-aware policy, malware and integrity detection, verified offsite backups, restore drills, incident timelines, audit, and proof reports.

View security platform View backup recovery

Function comparison

Most tools list features. Arximus connects the full security lifecycle.

When you compare WordPress security products, do not only ask whether they have a firewall, scanner, or backup feature. Ask whether those functions work together when the site is under attack.

Arximus is built to connect prevention, detection, containment, recovery, verification, audit, and proof into one operating model.

One serious platform

No weak tiers. No downgraded protection. Add capacity as you grow.

Every paying Arximus customer gets the same serious platform. Growth is handled through protected site units, shared storage blocks, and optional Edge Firewall capacity instead of weak and strong security packages.

Security lifecycle

The Arximus function model follows the way real incidents happen.

The platform is designed to reduce exposure before attacks, detect compromise signals during attacks, contain damage, recover safely, verify restore points, audit what happened, and prove the outcome.

01

Prevent

Edge Firewall, local firewall, login protection, rate limits, virtual patching, hardening, and origin lockdown reduce attack opportunity.

02

Detect

Cloud intelligence, malware detection, file integrity, database integrity, cron monitoring, and anomaly signals identify suspicious activity.

03

Contain

Containment playbooks tighten policy, force logout, revoke risky access, freeze destructive actions, and preserve evidence.

04

Recover

Encrypted offsite backups, restore planning, last-known-clean guidance, and staged restore execution support controlled recovery.

05

Verify

Signed manifests, hash checks, decryption checks, database verification, file inventory checks, and restore drills confirm readiness.

06

Audit

Tamper-evident logs, cloud checkpoints, policy history, operator records, and backup manifests preserve accountability.

07

Prove

Proof reports show what was protected, blocked, changed, verified, restored, and reviewed.

Security functions

Functions that protect WordPress before traffic reaches the site and inside the site.

Arximus combines perimeter protection with WordPress-aware endpoint enforcement so you do not have to choose between edge strength and local context.

Edge Firewall

Filter malicious traffic before WordPress loads. Block exploit attempts, abusive bots, brute-force pressure, protocol anomalies, malicious scanners, and high-risk request patterns at the edge.

Local WordPress agent

Enforce policy inside WordPress with local context across login, XML-RPC, REST API, admin actions, uploads, comments, files, database signals, and recovery state.

Cloud threat intelligence

Use cloud-managed intelligence for IP reputation, bot reputation, attack campaigns, suspicious request scoring, malware intelligence, and emergency policies.

Vulnerability intelligence

Track WordPress core, plugin, theme, WooCommerce, REST route, AJAX action, upload handler, and public exposure risk so the platform understands what is vulnerable and reachable.

Virtual patching

Deploy signed managed policies to shield vulnerable routes, parameters, forms, upload handlers, plugins, themes, and attack campaigns while permanent fixes are tested or scheduled.

Managed policy

Apply versioned, signed, explainable security policy across edge and local enforcement. Policies can support rollback, emergency changes, and customer-specific exceptions.

Bot defense

Score suspicious clients using reputation, behavior, timing, challenge results, endpoint activity, credential attack patterns, and WordPress-specific signals.

Login protection

Reduce brute-force, credential stuffing, password reset abuse, registration abuse, XML-RPC login abuse, suspicious admin sessions, and high-risk administrator behavior.

Rate limiting

Apply local and edge-side rate limits to login, XML-RPC, REST API, admin AJAX, comments, forms, uploads, and endpoint abuse.

REST, AJAX, and webhook protection

Classify exposed routes, protect unauthenticated endpoints, reduce user enumeration, monitor webhook abuse, and control high-volume automated traffic.

Upload and malware defense

Inspect uploads, detect suspicious file types, identify webshell indicators, use malware signatures, quarantine risky files, and connect findings to incident timelines.

File integrity monitoring

Watch for new executable files, modified PHP files, suspicious paths, plugin changes, theme changes, permission risks, and file activity near attack events.

Database integrity monitoring

Detect suspicious changes in options, users, user metadata, cron state, active plugins, site URLs, application passwords, injected content, and persistence points.

Privileged action control

Protect dangerous actions such as disabling security, creating administrators, editing code, changing site URLs, deleting backups, or starting production restores.

Origin bypass detection

Detect traffic that reaches the origin without passing through Arximus Edge, verify signed edge headers, rotate origin secrets, and guide origin lockdown.

Incident timeline

Connect Edge Firewall events, local endpoint events, login anomalies, file changes, database changes, malware findings, backup state, and containment actions into one timeline.

Containment playbooks

Activate controlled response steps such as strict policy, forced logout, application password revocation, backup deletion freeze, forensic backup, and alert escalation.

False-positive governance

Support explainable decisions, temporary exceptions, scoped allow rules, expiration, risk scoring, and policy sync so customers can resolve false positives without weakening the whole site.

Backup and recovery functions

Functions that turn backup files into verified recovery.

Arximus treats recovery as part of security. The goal is not only to create backups. The goal is to know whether those backups can restore the site when it matters.

Encrypted offsite backups

Compress and encrypt backup chunks locally before upload. Arximus stores encrypted chunks, signed manifests, hashes, retention metadata, and verification state.

Chunked backup engine

Handle large WordPress sites with chunked jobs, resumable execution, locks, progress records, timeout recovery, and duplicate job protection.

Signed backup manifests

Record database state, file inventory, chunk hashes, encryption mode, environment details, retention class, verification status, and restore metadata.

Backup verification

Verify manifests, chunks, hashes, decryption, database dump structure, table counts, file inventory, and restore drill results.

Restore planner

Plan a restore before execution with backup selection, integrity checks, impact summary, pre-restore safety backup, and staged execution.

Restore drills

Test backups in isolated environments, block unsafe outbound behavior, run smoke checks, capture errors, and generate restore drill reports.

Restore readiness score

Score whether each site is ready to recover based on last successful backup, verification level, restore drill status, storage health, key status, and retention coverage.

Last-known-clean guidance

Use incident timing, file changes, database anomalies, malware findings, scan history, and backup verification to identify the safest restore point.

Storage governance

Use shared storage pools, warning thresholds, controlled auto-expand, retention visibility, immutable snapshots, and recovery risk alerts.

Ransomware resilience

Protect recovery points with immutable retention, deletion delay, dual approval for destructive actions, suspicious deletion detection, and backup freeze during active incidents.

Key governance

Support managed, customer-held, and hybrid key modes with key rotation, recovery checks, access audit, and restore readiness impact.

Disaster recovery kit

Support controlled recovery when WordPress itself is damaged through signed authorization, backup download, manifest verification, decryption, and restore execution.

Platform and operations functions

Functions that help teams operate security across one site or a growing fleet.

Security becomes an operations problem when you protect multiple WordPress sites. Arximus is designed to make risk, coverage, recovery, storage, policy, and alerts visible in one command layer.

Fleet

Fleet command

See protected site state, policy version, backup health, restore readiness, incidents, storage use, alerts, and operational risk across every site.

Pricing

Protected site units

Add protected sites as you grow. Each protected site keeps its own policy, event history, backup policy, restore state, and operational status.

Storage

Shared storage blocks

Scale storage by organization-wide capacity instead of trapping each site in a separate package.

Entitlements

Signed entitlement manifests

The plugin receives signed capability and quota data. It does not need to know prices, packages, or billing logic.

Alerts

Alert routing

Route critical events such as attack spikes, admin anomalies, backup failures, storage pressure, restore activity, and origin bypass warnings.

Audit

Tamper-evident audit

Use local hash chains, cloud checkpoints, operator logs, policy history, backup manifests, restore records, and signed proof reports.

Reports

Proof reports

Generate reports for security posture, backup verification, restore drills, incidents, audit integrity, and Edge Firewall effectiveness.

Trust

WordPress.org-compatible model

The local plugin provides real local functionality and receives signed structured cloud data. Arximus Cloud does not send executable plugin code.

How to compare

Use this checklist when comparing Arximus to plugin-only or cloud-only tools.

A serious WordPress security platform should not only block traffic. It should protect the full path from attack prevention to verified recovery and audit-ready proof.

Plugin-only tools

Ask what happens before WordPress loads.

If every hostile request reaches PHP before it can be stopped, the platform is missing pre-origin defense. Arximus adds Edge Firewall protection before the origin.

Cloud-only tools

Ask what happens inside WordPress.

If the cloud cannot see WordPress roles, routes, files, database changes, plugin state, and restore state, the platform is missing endpoint context. Arximus adds local enforcement.

Backup-only tools

Ask whether recovery is proven.

A backup file is not a recovery guarantee. Arximus connects encryption, manifests, verification, restore drills, last-known-clean logic, storage governance, and proof reports.

Function outcome

Arximus is built to give operators command, not scattered alerts.

Edge protection, local enforcement, cloud intelligence, managed policy, malware detection, verified backups, restore drills, incident timelines, storage governance, fleet command, audit, and proof work together as one platform.

Next step

Review the full platform or request a briefing.

Use this function map as a comparison guide. Then review the security platform, backup recovery model, architecture, pricing, or request a briefing for your WordPress environment.

Request a briefing View architecture