Frequently Asked Questions

Content Guard Pro is a specialized WordPress security plugin focused on detecting and quarantining **malicious content, spam links, and SEO injections stored in the WordPress database**. Unlike traditional security plugins centered on file integrity and WAFs, Content Guard Pro targets **database‑resident content**—posts, custom post types, and associated metadata—where attackers often hide spammy links, cloaked iframes, and obfuscated scripts. 

Wordfence and Sucuri are primarily File-Based Security and Firewall solutions. They excel at monitoring PHP files for malware signatures, blocking malicious traffic (WAF), and checking core file integrity.

Content Guard Pro is a Database and Content Integrity solution. It focuses on the data stored in your wp_options, wp_postmeta, and wp_posts tables. It detects infections like hidden redirects, SEO spam, and serialized code injections that are invisible to file-only scanners but are executed by the theme/plugins.

We are a specialized tool designed to work alongside these major solutions, filling a critical blind spot in your security stack. 

Yes, absolutely. Content Guard Pro is not a replacement for comprehensive security plugins like Wordfence or Sucuri. You need a file-based security plugin to:

• Block brute force attacks.
• Provide a Web Application Firewall (WAF).
• Monitor your core PHP and theme files for file-system malware.

Content Guard Pro handles the Database Content Integrity layer, giving you total coverage that no single plugin currently offers. 

Content Guard Pro is specifically engineered to detect threats hidden within the database, including:

• SEO Spam/Spamvertising: Hidden links to pharmaceutical, gambling, or fraudulent sites injected into postmeta, widget areas, or theme options.
• Hidden Redirects: Scripts or payloads (often obfuscated) in global settings or content fields that force visitors to malicious sites.
• Data-based Backdoors: Compromised code serialized into option values that can be used to re-infect the site or steal data.
• Gutenberg Block Injections: Malicious scripts hidden inside the JSON attributes of Gutenberg blocks. 

No. We designed Content Guard Pro to be extremely performant. Our scanning engine is optimized for database inspection and runs at a low priority on a configurable schedule. It does not sit in the critical path of page loading like a WAF, ensuring minimal impact on your frontend speed and user experience. 

Yes. Content Guard Pro is specifically designed to understand and scan complex data structures, including:

• Serialized PHP data used by many older plugins and custom fields.
• JSON-encoded data used by modern Page Builders (like Elementor and Beaver Builder) and the Gutenberg editor.

We inspect the content of these complex fields for malicious payloads, regardless of the builder used. 

Installing Content Guard Pro is just like installing any standard WordPress plugin:

1. Download the plugin ZIP file from your purchase receipt or account dashboard.
2. Log in to your WordPress admin area.
3. Navigate to Plugins > Add New.
4. Click the “Upload Plugin” button at the top.
5. Choose the downloaded ZIP file and click “Install Now.”
6. Once installed, click “Activate Plugin.”
7. Follow the on-screen prompts to enter your license key and begin the initial setup. 

Content Guard Pro has minimal system requirements and is designed to run efficiently on standard WordPress hosting environments:

• WordPress: Version 5.0 or higher.
• PHP: Version 7.2 or higher (PHP 8.0+ is recommended for optimal performance).
• MySQL/MariaDB: Any modern version compatible with your WordPress installation.
• Memory Limit: A minimum of 64MB, though 128MB or higher is standard for most hosts and recommended for large databases.
• Disk Space: Negligible space is required, as the plugin primarily works with your existing database structure. 

The duration of the first scan depends entirely on the size and complexity of your database:

• Small Sites (Under 500 total posts/options): Typically completes in under 5 minutes.
• Medium Sites (500 to 5,000 total posts/options): Usually takes between 5 to 15 minutes.
• Large Sites (Over 5,000 total posts/options, complex metadata): Can take 20 minutes or longer.

The initial scan is the longest. Subsequent scheduled scans are significantly faster as they primarily focus on new or modified database entries. 

Yes. Content Guard Pro requires a valid license key (often referred to as an API key) to activate and receive critical scan engine updates and threat intelligence data. You will enter this key during the initial setup process after activation. 

Yes, you can! We strongly encourage testing on a staging or development environment first. If you purchase a multi-site license, you can designate one license slot for a production site and another for its corresponding staging site. If you have a single-site license, we typically allow you to activate it on one production site and one non-public testing domain (e.g., staging.yoursite.com or dev.yoursite.com) without consuming an extra license slot, but this may depend on your specific license agreement. 

“Database-first” defines the core philosophy of Content Guard Pro. It means that while traditional security focuses on the file system (PHP files, themes, plugins), we prioritize the database as the primary source of hidden malicious content. Our scanner first inspects, analyzes, and decodes the complex, serialized, and JSON-encoded data within the wp_options, wp_postmeta, and wp_posts tables for malicious payloads before any traditional file check is performed. This approach targets the specific blind spot where SEO spam and database-resident malware hide. 

We recommend setting up hourly, automated scans for high-traffic or high-value sites (like e-commerce stores or large news sites). For standard business or brochure sites, a daily scan is usually sufficient.

Our engine is designed for speed and efficiency. Since subsequent scans only check content that has been newly added or recently modified, running them frequently minimizes the detection window and ensures immediate alerting if new injections occur. 

Confidence scores are a proprietary metric used by Content Guard Pro to help you prioritize threats. When our engine identifies a suspicious pattern (e.g., hidden links, obfuscated characters, or unexpected base64_decode functions in post content), it assigns a score from 1 to 100%.

• High Confidence (85%+): Indicates a pattern that strongly matches known malicious SEO spam or backdoor injections. These findings usually require immediate attention.
• Medium Confidence (50-84%): Indicates unusual encoding or a highly obfuscated structure that is common in malware but could potentially be legitimate code from a plugin.
• Low Confidence (Below 50%): May flag complex, but likely benign, serialized data from a page builder.

This score allows you to quickly differentiate a serious threat from benign complex content. 

Avoiding false positives is critical, given that page builders and complex plugins often store legitimate data in serialized or JSON formats that can resemble malicious code. We employ several techniques:

1. “Gutenberg-Aware” Contextual Analysis: We understand the structure of complex data (like Elementor JSON or serialized arrays) and only flag patterns that break the expected structure or contain executable code where only data should exist.
2. Whitelisting: We maintain an internal database of known, safe patterns and keys used by popular plugins and themes.
3. User-Defined Exceptions: You have the ability to review a flagged item and manually whitelist the specific database key or entry if you confirm it is legitimate, training the scanner not to flag it again. 

Yes, for advanced users. Content Guard Pro allows you to define and manage your own custom scanning rules through the settings panel. You can:

• Add custom string signatures: Search for specific text or URLs associated with an ongoing attack targeting your site.
• Define regular expressions (RegEx): Create complex patterns to hunt for highly customized obfuscated code unique to your environment.
• Exclude specific keys: Tell the scanner to completely ignore known, trusted, but complex database keys (option_name or meta_key). 

“Gutenberg-aware” means Content Guard Pro specifically understands the modern WordPress block editor’s structure. When Gutenberg saves a post, it embeds configuration data as JSON within HTML comments (e.g., “).

Our scanner:

1. Parses these HTML comments.
2. Decodes the JSON data hidden inside the block attributes.
3. Inspects the individual attributes (like className, anchor, or custom fields) for hidden malicious scripts or encoded payloads. 

The difference between Quarantine and Ignore lies in their intended action and final impact on your content. Quarantine is a security action designed to neutralize a verified threat. When you quarantine a finding, Content Guard Pro surgically removes the malicious payload (like a hidden script or spam link) and replaces it with a safe, empty, or placeholder value, effectively cleaning the database entry while backing up the original infected content for potential reversal. Conversely, Ignore is a configuration action used to handle false positives. When you choose to ignore a finding, the content is not modified or cleaned; the entire entry is simply added to a whitelist, instructing the scanner to leave that specific, complex, and known-safe database item untouched in all future scans. 

When Content Guard Pro quarantines a malicious finding, it does not delete the database entry. Instead, it performs a surgical removal of the detected malicious payload (e.g., the hidden spam link, the obfuscated script, or the forced redirect code) and replaces it with a safe placeholder tag or empty value.

The original, infected data is simultaneously backed up and saved to a secure, non-executable table within your database. This action effectively neutralizes the threat without breaking the original post or option structure, and it allows for safe review and potential reversal. 

No, quarantine is designed to be safe and non-destructive. Our engine uses context-aware parsing to ensure that only the malicious code is removed, preserving the surrounding legitimate content (the post text, page builder shortcodes, etc.). Because we replace the malicious content with a benign placeholder, the database structure remains intact, preventing major errors that might occur if a serialized array were simply truncated or deleted. 

Content Guard Pro provides a one-click remediation workflow:

1. Navigate to the Scan Results dashboard.
2. Review the flagged item and its Confidence Score.
3. For high-confidence threats, click the “Quarantine” button next to the finding.
4. The plugin instantly removes the malicious payload and saves the cleaned content back to the database.
   

For complex, low-confidence findings, you can manually inspect the backed-up data before applying quarantine. 

If you determine that a flagged item is legitimate (a false positive):

1. Review the finding in the dashboard.
2. Select the “Ignore & Whitelist” option.

This tells Content Guard Pro that the specific database key and/or content pattern is safe for this particular entry. The item will be removed from future scan results, and it will help train the scanner to improve accuracy for your site. 

Yes, you can. All quarantined data is backed up to a secure, separate database table. If you find that a quarantine action caused an unexpected issue, you can navigate to the “Quarantine Log” screen. From there, you can select the original backed-up entry and restore the content exactly as it was before the quarantine, effectively undoing the remediation. 

Yes! We want you to feel confident in your purchase. We offer a 14-day, no-questions-asked money-back guarantee on all new subscriptions. If Content Guard Pro isn’t the right fit for your workflow, simply contact our support team within 14 days of your initial purchase for a full refund. Please note that this guarantee applies to initial purchases and does not cover subscription renewals.

Our licensing is based on the number of active production websites you need to protect. We offer tiers (e.g., 1 Site, 5 Sites, Unlimited Sites) that correspond to the number of sites where you can activate your license key.

• Activation: Once you purchase a license, you receive a key that is used to activate the plugin on your WordPress installation. This process registers the domain URL with our system and grants access to updates and support.
• Staging/Development: We generally allow one non-public testing or staging site per production license at no extra charge (e.g., dev.yoursite.com). 

Yes. We understand that websites change, and clients come and go. You can easily manage and transfer your license keys through your Content Guard Pro Account Portal.

1. Log in to your account portal on our website.
2. Find the site you no longer need the license on and click “Deactivate” or “Remove.”
3. The license slot is immediately freed up.
4. You can then activate the license key on your new site.

This process ensures your license count always reflects your current active projects. 

All active licenses include priority technical support directly from our expert team. This covers:

• Plugin Installation and Setup Assistance.
• Troubleshooting any bugs or conflicts with themes/other plugins.
• Guidance on interpreting scan results and confidence scores.
• Remediation Advice for unique or complex database findings.

Support is generally provided via a dedicated ticket system or email and is available during business hours, with a commitment to fast response times. 

Yes. An active license guarantees you access to all plugin updates for the duration of your subscription. Updates include:

• New Features: Enhancements to the scanning engine and user interface.
• Compatibility Patches: Updates to ensure smooth operation with the latest versions of WordPress, PHP, and major page builders.
• Threat Intelligence: Critical, daily updates to our proprietary database of new malware signatures and obfuscation techniques.

We recommend always running the latest version to ensure maximum protection. 

All data associated with Content Guard Pro is stored locally within your existing WordPress database:

• Configuration: Plugin settings and license key are stored as standard entries in the wp_options table.
• Scan Results & Logs: Detailed scan findings and history are stored in a few dedicated, custom tables (e.g., wp_cgp_findings) created by the plugin.
• Quarantined Data: The original, malicious content that was removed is securely backed up and stored in a separate, non-executable table (e.g., wp_cgp_quarantine_log) within the database for safe restoration. No data is sent externally unless you configure webhooks or integrate with our cloud service for advanced threat intelligence (optional). 

Yes, Content Guard Pro works perfectly on standard shared hosting environments. The plugin is designed to be resource-efficient, particularly with its scanning engine, which operates at a low priority. Since it focuses on database queries rather than intensive file operations, it is lightweight and generally adheres to the resource limits imposed by shared hosting providers. 

Content Guard Pro is fully compatible with WordPress Multisite.

• Network Activation: The plugin can be installed and network-activated to be available across all sub-sites.
• Scanning: Our licensing supports network-wide installation, and the scanner is capable of inspecting the site-specific tables (wp_X_options, wp_X_postmeta, etc.) for each site within the network, ensuring complete coverage across your entire multisite installation. 

Yes, Content Guard Pro includes a robust REST API. This API allows developers and administrators to programmatically interact with the scanner, providing powerful integration capabilities. You can use the API to:

• Trigger On-Demand Scans (e.g., immediately after a deployment or major content update).
• Retrieve Detailed Scan Reports (JSON format).
• Manage Whitelist/Ignore Rules. 

Webhooks provide a way for Content Guard Pro to notify external services or applications about important events in real-time.

• Function: When a significant event occurs (e.g., a High-Confidence Threat is Detected or A Scan is Completed), the plugin automatically sends an HTTP POST request to a specified URL.
• Integration: This allows for seamless integration with external systems like Slack, custom incident response platforms, or external monitoring tools, ensuring you get immediate alerts without having to manually check the WordPress dashboard. 

Absolutely. Integration is a core feature of Content Guard Pro, made possible primarily through our REST API and Webhooks.

• API: You can poll the API endpoints from your external monitoring system (e.g., Prometheus, Datadog) to pull detailed status and threat counts.
• Webhooks: Configure a webhook to push critical alerts directly to your ticketing system (e.g., Jira, Zendesk) or operational dashboards, making Content Guard Pro a native part of your overall security and incident response workflow.