WordPress.org Compatibility

Built as legitimate serviceware, not a remote-code loader.

Arximus is designed around a public local plugin, documented SaaS communication, meaningful local functionality, consent-based cloud connection, and signed structured data instead of remote executable code.

View Local Foundation View privacy

Serviceware model

The plugin connects WordPress to a real external security and recovery service.

Arximus Cloud provides the managed security intelligence, policy, backup storage, restore verification, alerting, analytics, and optional Edge WAF service.

The local plugin provides real local functionality and enforces signed structured policy without downloading executable code from Arximus Cloud.

Clear boundaries

Cloud intelligence is not remote plugin code.

Arximus Cloud may send policies, decisions, scores, signatures, manifests, backup metadata, restore plans, and entitlements.

It must not send PHP, JavaScript, CSS, shell commands, plugins, themes, remote includes, executable handlers, or hidden premium add-ons.

Compatibility principles

Designed to reduce review risk and increase customer trust.

Arximus keeps local code transparent and SaaS functionality substantial.

Local

Meaningful local foundation

The plugin works locally for posture checks, basic hardening, generic firewall rules, login throttling, local logs, and backup readiness.

Cloud

Real SaaS value

The paid service provides managed policy, intelligence, offsite storage, restore verification, alerting, fleet command, and Edge WAF.

Consent

Explicit connection

Security telemetry and cloud service calls are tied to connection, setup, and documented configuration.

No loaders

No remote executable code

The plugin does not download or execute remote PHP, JS, CSS, shell commands, plugins, themes, or add-ons.

Documentation

Clear disclosure

The readme and site must explain what service is used, what data is sent, when, why, and how to disconnect.

Safety

Signed structured data

Remote policy and decisions are schema-validated, signed, scoped to the site, and rejected if invalid.

Trust outcome

Customers understand what runs locally and what comes from the cloud.

The separation is a product advantage, not just a compliance requirement.

Local code

Readable package

Executable code belongs in the plugin package.

Cloud service

Substantial service

Proprietary value lives in managed intelligence, storage, analytics, and recovery operations.

User control

Disconnect path

Customers can stop cloud communication and manage local data.

Security

Verification first

Unsigned, expired, malformed, or executable cloud payloads are rejected.

Transparent architecture

Compliance and serious security point in the same direction.

Arximus uses local enforcement and cloud intelligence without hiding executable logic outside the plugin.

Next step

Review the service boundary.

We can explain exactly what the plugin does locally and what Arximus Cloud provides as the managed service.

Request a briefing View platform