Docs / Overview

Welcome to WP RestoreGuard

WP RestoreGuard is the ultimate premium automated WordPress recovery, malware protection, uptime monitoring, and website restoration platform designed for agencies, developers, and business owners.

🛡️

Automatic Security

Scans and quarantines threats continuously in the background.

🔄

Instant Recovery

Fix White Screen of Death or broken wp-admin with one click.

☁️

Cloud Backups

Automated backups to Drive, Dropbox, and S3.

Installation & Activation

Installing WP RestoreGuard is simple and takes less than 60 seconds.

Standard Installation

  1. Download the wp-restoreguard.zip file from your welcome email or account dashboard.
  2. Log in to your WordPress admin dashboard (/wp-admin).
  3. Navigate to Plugins > Add New.
  4. Click Upload Plugin at the top of the page.
  5. Select the zip file and click Install Now.
  6. Click Activate.
Auto-Onboarding: Upon activation, WP RestoreGuard automatically runs a preliminary core checksum validation, malware scan, and permission audit silently in the background.

Licensing & Plans

Your license key validates your installation, grants access to cloud features, and enables automatic updates.

How to Activate Your License

  1. Go to RestoreGuard > License in your WordPress dashboard.
  2. Enter your license key provided via email after purchase.
  3. Click Activate License.

Managing Domains

Licenses are domain-locked. If you need to migrate a site or change domains, you can deactivate the license from the plugin interface or via your account dashboard at api.mujteknify.com.

Malware Scanning

Our scanner uses over 20+ regex signatures to detect PHP injections, backdoors, eval/base64 obfuscation, and shell scripts.

Running a Scan

Go to RestoreGuard > Scanner and click Run Scan Now. The scan runs asynchronously via WP-Cron, meaning it will not block your browser or time out on large sites.

Quarantine System

If suspicious files are found, they are listed in the Quarantine tab. You can safely isolate them (which renames and moves them to a secure web-inaccessible directory), restore them if it was a false positive, or permanently delete them.

Caution: Do not permanently delete files unless you are certain they are malicious. Quarantine them first to test if your site still functions correctly.

Vulnerability Scanner

WP RestoreGuard integrates with Patchstack to check all your installed plugins and themes against known CVEs in real-time.

How it Works

  • The system automatically hashes and checks your active plugins/themes daily.
  • If a vulnerability is found, you receive an email alert.
  • The Security dashboard will list the specific CVE, severity score, and required update version.

Security Hardening

Toggle essential security features with one click in RestoreGuard > Security.

  • Disable XML-RPC: Prevents pingback DDoS attacks and brute force attempts via XML-RPC.
  • Hide WP Version: Removes the WordPress version number from your page source.
  • Disable File Editor: Prevents attackers from editing plugin/theme files directly from the dashboard if they gain admin access.
  • Brute Force Protection: Automatically locks out IP addresses after configurable failed login attempts.

Recovery Tools

When things break, use these tools to recover quickly without touching FTP or cPanel.

Core Reinstallation

Safely reinstalls WordPress core files (wp-admin and wp-includes) directly from official WordPress.org checksums. This does not touch your database, themes, plugins, or uploads.

White Screen Recovery (Safe Mode)

If your frontend is blank but you can access wp-admin, use this tool to temporarily deactivate all plugins and switch to a default theme to isolate the conflict.

Emergency Recovery

What happens when you are completely locked out of wp-admin or the entire site crashes?

The Emergency Script

WP RestoreGuard generates a standalone PHP file upon installation with a secret token. You can access this via a direct URL provided in your license email or the License dashboard.

https://yoursite.com/?wprg_recovery=1&token=YOUR_SECRET_TOKEN

Capabilities

From this standalone panel, you can:

  • Force disable all plugins
  • Create a new temporary Admin user
  • Reinstall WordPress core files
  • Restore the latest backup

Local Backups

Configure automated file and database backups in RestoreGuard > Backups.

Features

  • Full Backups: Zips your entire WordPress root directory and exports your SQL database.
  • Database Only: Fast SQL dumps for quick restore points before updates.
  • Retention Policy: Automatically deletes backups older than X days to save disk space.

Cloud Backups

Available on Business and Agency plans. Connect external storage to secure your backups off-site — away from your server — so even a complete server failure cannot destroy your recovery point.

Plan Requirement: Google Drive and Dropbox require the Business plan or higher. Amazon S3 requires the Agency plan.

Google Drive Setup

Connect your Google account to securely sync backups to a designated folder in your Google Drive using your own API credentials.

How to get your Google API Credentials

  1. Go to the Google Cloud Console and create a new Project.
  2. Navigate to APIs & Services > Library, search for Google Drive API, and click Enable.
  3. Go to OAuth consent screen, configure it as "External", and publish the app.
  4. Go to Credentials, click Create Credentials > OAuth client ID. Choose "Web application".
  5. Set the Authorized redirect URIs to https://developers.google.com/oauthplayground.
  6. Copy your generated Client ID and Client Secret.
  7. Go to the OAuth 2.0 Playground. Click the gear icon, check "Use your own OAuth credentials", and paste your Client ID and Secret.
  8. Select the Drive API v3 scopes, click Authorize, then Exchange authorization code for tokens to get your Refresh Token.

Plugin Setup Steps

  1. Go to RestoreGuard › Backups › Cloud Storage in your WordPress dashboard.
  2. Select the Google Drive tab.
  3. Enter your Client ID, Client Secret, and Refresh Token.
  4. (Optional) To save to a specific folder, enter the Folder ID (the string of characters in the folder's URL). Leave blank to save to the root of your Drive.
  5. Click Enable & Save Google Drive.
Privacy Note: Your backups are uploaded directly from your server to Google's API using your own private API project.

Dropbox Setup

Sync backups to any folder in your Dropbox account using a secure Access Token.

How to get your Dropbox Access Token

  1. Go to the Dropbox App Console and click Create app.
  2. Choose Scoped access, then App folder (or Full Dropbox if preferred), and name your app.
  3. Go to the Permissions tab and check files.content.write and files.content.read. Click Submit.
  4. Go back to the Settings tab, scroll down to OAuth 2, and under "Generated access token", click Generate.
  5. Copy the generated Access Token (this is a long string of letters and numbers). Do not share this token!

Plugin Setup Steps

  1. Go to RestoreGuard › Backups › Cloud Storage in your WordPress dashboard.
  2. Select the Dropbox tab.
  3. Paste your generated Access Token.
  4. Specify the Folder Path where backups should be stored (e.g., /RestoreGuard).
  5. Click Enable & Save Dropbox.

Troubleshooting

  • Quota exceeded: Dropbox Basic accounts have 2 GB. Ensure you have enough space or increase the plugin's retention limit to auto-delete older backups.
  • Token expiration: If your token expires, generate a new one in the Dropbox console and update it in the plugin. It's recommended to configure your Dropbox app for long-lived access tokens if possible.

Amazon S3 Setup

Agency plan only. Store backups in any S3-compatible bucket — AWS, Wasabi, Backblaze B2, MinIO, etc. — using multipart uploads that handle multi-gigabyte sites reliably.

Required AWS Credentials

  • Access Key ID — from your AWS IAM user
  • Secret Access Key — generated alongside the Access Key
  • Region — e.g. us-east-1, eu-west-2
  • Bucket Name — must already exist in your AWS account

Minimum IAM Policy

Create a dedicated IAM user with the following policy to avoid granting full S3 access:

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:ListBucket", "s3:AbortMultipartUpload", "s3:ListMultipartUploadParts" ], "Resource": [ "arn:aws:s3:::YOUR-BUCKET-NAME", "arn:aws:s3:::YOUR-BUCKET-NAME/*" ] }] }

Steps

  1. Create a bucket in the AWS S3 console. Enable Block all public access.
  2. Create an IAM user with the policy above and generate Access Keys.
  3. In WordPress, go to RestoreGuard › Backups › Cloud Storage.
  4. Select Amazon S3 and fill in all four fields.
  5. Click Test Connection — you should see a green success message.
  6. Set your backup schedule and click Save Settings.

Troubleshooting

  • SignatureDoesNotMatch: Ensure the Secret Key has no trailing spaces and the region matches the bucket's actual region.
  • AccessDenied: Double-check the IAM policy includes the bucket ARN and the /* suffix for object-level permissions.
  • Upload timeout: Large sites (>500 MB) may exceed PHP's max_execution_time. Enable Chunked Upload in RestoreGuard Settings to split the upload into 5 MB parts.
S3-Compatible Storage: The same settings work with Wasabi, Backblaze B2, and MinIO. Simply replace the region with the provider's endpoint URL in the Custom Endpoint field.

Uptime & SSL Monitoring

Our external ping servers check your website every 5 minutes (Business/Agency plans).

Alerts

  • Downtime: Receive an email immediately if your site returns a 5xx, 4xx, or connection timeout.
  • SSL Expiry: Get warned 14 days, 7 days, and 1 day before your SSL certificate expires.

AI Diagnostics

Available on the Agency plan. Powered by GPT-4 and Google Gemini.

If the scanner finds a vulnerability or a complex plugin conflict, you can click "Ask AI". The system will send the error logs and file context to the AI to generate a plain-English explanation and a step-by-step repair guide.

Configure your preferred AI provider and API keys in RestoreGuard > Settings.

Agency Dashboard

Available exclusively on the Agency plan. Manage unlimited client sites from a single interface.

Central Hub

View the security score, uptime status, last backup date, and active threats across all connected sites in one table.

White Label Setup

Available on the Agency plan. Hide WP RestoreGuard from your clients and use your own brand.

  1. Go to RestoreGuard > Settings > White Label.
  2. Enter your custom Plugin Name (e.g., "MyAgency Security").
  3. Upload a custom menu icon.
  4. Change the support email address.
  5. Click Save. The menu and all branding will immediately update.

Troubleshooting

Scans getting stuck

If your malware or backup scans are stalling, it is likely due to your server's WP-Cron configuration or PHP timeout limits. Go to Settings and enable "Chunked Scanning" to process files in smaller batches.

License not activating

Ensure cURL is enabled on your PHP server and that your firewall is not blocking outbound requests to api.mujteknify.com.

FAQ

Will reinstalling core delete my images?

No. Core reinstallation only affects wp-admin and wp-includes. Your wp-content folder (uploads, themes, plugins) is 100% safe.

Does it slow down my frontend?

No. Scans run asynchronously in the background. Hardening rules are applied via .htaccess or early PHP hooks that have near-zero overhead.

Changelog

v1.0.0 (Launch Release)

  • Initial release of WP RestoreGuard Commercial version.
  • Added Malware Scanner with 20+ signatures.
  • Added Cloud Backup to Drive/Dropbox/S3.
  • Added AI Diagnostics (GPT/Gemini).
  • Added Agency White Labeling.
  • Added Emergency Recovery standalone panel.