AI scaled up
the attack.
We scaled up
the defense.
Attackers now weaponize AI to mass-produce malware, webshells, and casino-spam campaigns at machine speed. TopSyde Sentinel is the AI-driven security layer that answers in kind — scanning every site, every day, and removing threats automatically. It sits on top of your firewall, CDN, and Wordfence, and catches what they miss.
No plugin to install. No extra cost. Protection starts the moment a site joins your fleet.
Live global defense feed · illustrative of real detections
Threats blocked
across the protected fleet
Spam injections purged
casino · pharma · black-hat SEO
Automated scans run
every site, every day, on autopilot
Core files restored
verified against official checksums
Malware quarantined
files moved, never deleted
Backdoors neutralized
webshells · hidden admins · REST keys
The threat changed
The attackers automated.
Now your defense has too.
Malware used to be hand-built and rare. Today it's mass-produced — AI writes the payloads, spins up the spam campaigns, and probes thousands of sites a minute looking for one weak door. A once-a-month manual check can't keep that pace. Sentinel runs at the same speed the attackers do.
Read the deep dive: how AI is reshaping WordPress malwareYou cleaned it. It came back.
The cleanup removed the visible malware but missed the persistence vector — a hidden admin or a REST app-password quietly let them back in.
Google flagged you for content you never posted.
Cloaked casino and pharma spam was injected into your pages and database — invisible to you, fully visible to the crawler that tanked your rankings.
A plugin says you're infected but can't fix it.
It found a symptom from inside the compromised site and stopped there. Removal needs outside access to the real filesystem — which is exactly where Sentinel works.
The last line, not the only line
On top of everything you already trust
Sentinel doesn't replace your firewall, your CDN, or Wordfence — it stands behind them. Those tools stop a flood of attacks at the perimeter. Sentinel handles the one that slips through: it inspects the real filesystem and database from the outside and removes the threat that's already inside.
Defense in depth, with the deepest layer finally automated — and included in your hosting at no extra cost.
Why it works
Four things a security plugin can't do
Outside-in protection
A plugin guards your site from inside the very site it's protecting — so when the site falls, the guard falls with it. Sentinel watches from outside over SSH, anchored on the one source of truth attackers can't fake: official WordPress core checksums.
AI eyes on everything
Deterministic rules catch the known threats instantly. An AI layer judges everything ambiguous — posts, plugins, files, options — so Sentinel catches novel, AI-generated attacks a signature list has never seen, without drowning you in false positives.
It actually removes it
Most tools email you an alert and wish you luck. Sentinel quarantines malware, restores tampered core, deletes rogue admins, revokes backdoor keys, and strips injected spam — automatically. Every action is reversible.
Whole-fleet visibility
One dashboard across every site and every provider. Live compromise badges, scan history, per-site drill-down, and an AI assistant that can recommend and run remediation on your command.
Everything we catch
A catalog of real, shipping detections
Not a marketing wish-list. Every signature below is live in production today, scoring findings by severity and category across the entire fleet.
Backdoors & webshells
- Obfuscated code execution — eval(base64_decode()), gzinflate, str_rot13
- Code execution from request input — eval / assert fed by $_POST / $_GET
- Known webshell fingerprints — WSO, FilesMan, b374k, c99, r57, IndoXploit
- Browser-based file-manager backdoors (Tiny File Manager & lookalikes)
- Unauthenticated upload shells writing attacker-chosen filenames
- Hex-obfuscated C2 URLs and packed payload arrays
Stealth persistence
- Hidden admin accounts — cloaked from the Users list, deletion-protected
- Header-less must-use plugins injecting spam on every request
- Timestomped files — backdoors with a faked-old modified date
- Application-password REST backdoors that survive password resets
- Malware staging directories left behind as empty husks
- The real answer to “the spam keeps coming back”
Core, plugin & theme integrity
- WordPress core verified against official checksums, tampered files restored
- Plugin manifest diff vs wordpress.org — catches shells hiding in real plugins
- Mandatory custom-theme scan with timestomp anchoring
- Known-bad / RCE-prone plugins (e.g. WP File Manager — CVE-2020-25213)
- .htaccess tampering — PHP handler overrides, auto_prepend_file injection
- PHP dropped where it never belongs — uploads, cache, languages
SEO spam injection
- Injected casino / pharma posts — Mostbet, 1WIN, 1xBet, kazino, bukmeker
- Cloaked off-screen link-farms pushed thousands of pixels off-screen
- Spam buried in page-builder data (Elementor _elementor_data postmeta)
- Spam stored in wp_options and echoed sitewide by a fake plugin
- Transliterated brand spam a keyword list misses — caught by AI review
- Rogue administrator inventory, including cloaked admins
How it works
Connect. Scan. Remediate.
Connect
A site joins the portal and Sentinel connects over an isolated, dedicated key — nothing to install inside the site, nothing an attacker can switch off from within.
Scan
Every day, automatically, Sentinel verifies core, sweeps the filesystem for backdoor signatures, scans the database for injected spam, and escalates anything ambiguous to AI judgment. Findings are scored by severity and category.
Remediate
High-confidence threats are auto-cleaned the moment they're found; everything else waits for one-click approval. Quarantine is reversible, content edits are revisioned, and a single click restores any false positive.
Plugin vs Sentinel
Why Sentinel beats a security plugin
| Typical WP security plugin | TopSyde Sentinel | |
|---|---|---|
| Vantage point | Runs inside the site — compromised with it | Outside-in, over SSH |
| Source of truth | Its own signature list | Official core checksums + AI judgment |
| AI-generated threats | Misses what's not in the list | AI judges anything ambiguous |
| Remediation | Alerts you; you clean it | Finds and removes it — reversibly |
| Hidden admins / app-passwords / timestomp | Usually blind | Explicitly hunted |
| Fleet view | One site at a time | Every site, every provider, one dashboard |
| Cost | Paid plugin + paid clean-up service | Included free with hosting |
Reversible by design
Aggressive on malware. Gentle on your site.
Automatic removal only makes sense if it can never make things worse. So nothing Sentinel does is permanent.
Quarantine, not delete
Malware is moved to a safe holding area and can be restored in one click — never destroyed outright.
Revisioned content
Every spam-strip or content edit creates a standard WordPress revision you can roll back.
Restore false positives
A single safety-net action bulk-reverts anything that was ever flagged in error.
The best part
All of this is included. Free. With every plan.
Sentinel isn't a premium tier, a usage-metered add-on, or a separate invoice. It's simply how TopSyde does security — bundled into managed hosting that starts at $67/site. Host with us, and your fleet is protected from day one.
Frequently asked
Sentinel FAQ
Is Sentinel really free?
Yes. Sentinel is the security layer built into TopSyde managed hosting — included on every plan at no extra cost. It is not an add-on, an upsell, or a separate subscription. If your site is hosted with us, it's protected.
Doesn't my firewall, CDN, and Wordfence already cover this?
Those stop a lot of traffic at the door, and we keep them in place. But a firewall can't see a webshell already sitting in your uploads folder, a CDN can't revoke an attacker's REST application-password, and an in-site plugin is blind the moment the site is compromised. Sentinel works from outside, on the real filesystem and database, and removes what got through.
Do I need to install a plugin?
No. Sentinel connects from the outside — nothing runs inside your site, so nothing can be disabled by an attacker who's already in.
Will it break my site?
Remediation is reversible by design. Malware is quarantined (moved, not deleted) and can be restored; content edits create WordPress revisions; one click reverts anything wrongly flagged. Only high-confidence, unambiguous threats are ever auto-cleaned.
My site keeps getting re-infected. Can Sentinel help?
That's our specialty. Re-infection almost always means a persistence vector survived the last cleanup — a hidden admin, a timestomped backdoor, a dropped payload, or an application-password REST key. Sentinel hunts every one of these specifically.
Does it catch the spam Google is penalizing me for?
Yes — injected casino/pharma posts, cloaked off-screen link-farms in real pages, page-builder (Elementor) injections, and spam stored in the database and echoed sitewide.
See what your last cleanup missed
Request a free security scan
We'll point Sentinel at your site and show you the real findings — backdoors, hidden admins, injected spam, tampered core. No plugin, no commitment. Then we'll remove it.
Sentinel is included free with every TopSyde plan · read the deep dive · see how we compare