FAIR

Federated and Independent Repositories

FreelanceBo Sentra Control

Plugin Banner

FreelanceBo Sentra Control

by FreelanceBo Group S.r.l.s

Download
Description

FreelanceBo Sentra Control is a comprehensive WordPress security plugin that connects your site to the Sentra central console, providing enterprise-grade protection.

Features

  • Web Application Firewall (WAF) – Block malicious requests, SQL injection, XSS, and other common attacks
  • Malware Scanner – Scan WordPress core files, themes, and plugins for known malware signatures
  • Vulnerability Scanner – Check installed plugins and themes against known vulnerability databases
  • Brute Force Protection – Limit login attempts and block attackers automatically
  • File Integrity Monitoring – Detect unauthorized changes to WordPress core files
  • IP Blocklist – Manage blocked IPs manually or automatically based on threat detection
  • Security Events Log – Track all security events with detailed logging
  • Central Console – Manage multiple WordPress sites from a single dashboard

How It Works

  1. Install and activate the plugin on your WordPress site
  2. Connect to your Sentra central console by entering the server URL and API key in Settings
  3. The plugin automatically starts monitoring your site and reporting to the console
  4. View scan results, manage firewall rules, and review security events from either the WordPress admin panel or the central console

Requirements

  • WordPress 5.8 or higher
  • PHP 7.4 or higher
  • A Sentra central console account (available at freelancebo.it)

External Services

This plugin relies on the following external services:

FreelanceBo Sentra Control Console

This plugin connects to a self-hosted FreelanceBo Sentra Control central console for centralized security monitoring and management. This connection is essential for the plugin to function.

What data is sent:
* Site URL, WordPress version, PHP version, and installed plugins/themes list (during heartbeat and scans)
* Security events (firewall blocks, failed login attempts, malware detections, file integrity changes)
* Scan results (malware scan, vulnerability scan, integrity scan findings)

When data is sent:
* On plugin activation and periodically via heartbeat (every 5 minutes)
* When security events occur (login attempts, firewall blocks)
* When scans are triggered (manually or via scheduled cron)
* When the admin manages firewall rules, blocklists, or settings

Service provider: FreelanceBo Group S.r.l.s., Bologna, Italy
* Service URL: https://sentra.freelancebo.it
* Terms of Service: https://sentra.freelancebo.it/terms
* Privacy Policy: https://sentra.freelancebo.it/privacy

The console server URL is configurable by the user in the plugin settings. All data is transmitted over HTTPS. Data is stored on EU-based servers in compliance with GDPR.

WordPress.org API

The vulnerability scanner module uses the official WordPress.org API to retrieve information about installed plugins, themes, and WordPress core version. This is necessary to check for known vulnerabilities and outdated software.

What data is sent:
* Plugin slugs, theme slugs, and WordPress core version

When data is sent:
* When a vulnerability scan is triggered (manually or via scheduled cron)

Service provider: WordPress.org
* API endpoint: https://api.wordpress.org
* Terms of Service: https://wordpress.org/about/privacy/
* Privacy Policy: https://wordpress.org/about/privacy/

  1. Upload the sentra folder to the /wp-content/plugins/ directory, or install the plugin through the WordPress plugins screen
  2. Activate the plugin through the ‘Plugins’ screen in WordPress
  3. Go to Sentra > Settings to configure the connection to your central console
  4. Enter your Sentra Server URL and API Key
  5. Click “Save Changes” and verify the connection status
Do I need a Sentra account?

Yes, the plugin connects to a Sentra central console for centralized monitoring and management. Visit freelancebo.it to set up your console.

Does this plugin slow down my site?

No. Sentra is designed to be lightweight. The firewall runs inline with minimal overhead, and scans are performed in the background without affecting site performance.

Can I use this on multiple sites?

Yes. Sentra is designed for managing security across multiple WordPress sites from a single central console.

What PHP version is required?

PHP 7.4 or higher is required.

2.2.5

  • Security audit: fixed path traversal in rollback (C1), removed raw_replace fix type (C2)
  • Strict path validation with no fallback on realpath failure (M2, H5)
  • Checksum verification for restored core files via WordPress.org API (H4)
  • Input sanitization: whitelist patch_type, extract only allowed fields from JSON (H1, H2)
  • Slug validation on analyze-patches to prevent SSRF (H3)
  • Rate limiting on vulnerability analysis (1 per 2 minutes) (M4)
  • Nginx protection: index.php in backup/quarantine directories (M1)
  • File scan limit: max 500 PHP files, skip files over 2MB (L3)
  • Removed sensitive data (plugin list) from patch results (L2)

2.2.4

  • Auto-patch now runs its own live scans (vulnerability + malware + integrity) independently
  • CVE details shown in patch suggestions with CVSS score, references and fix version
  • Aggregated CVEs per plugin for unified patch suggestions
  • Fixed patch execution flow: patches now execute immediately from the UI
  • Improved error handling for already-updated plugins

2.2.3

  • Added Auto-Patch admin page in WordPress plugin
  • View patch suggestions, apply patches, and rollback from WP admin

2.2.2

  • NEW: Auto-patching system for security vulnerabilities
  • Auto-update vulnerable plugins and themes via WordPress native API
  • Quarantine detected malware files with automatic backup
  • Restore modified WordPress core files from official checksums
  • Surgical code patching for abandoned plugins (SQL injection, XSS, CSRF, file inclusion, auth bypass, upload validation)
  • Automatic backup before any patch with rollback capability
  • PHP syntax validation after surgical patches
  • Server-to-plugin push notification for immediate patch execution

2.2.1

  • Fixed critical bug: event queue flush never cleared events from database (save_queue reloaded stale data from WP option cache)
  • Fixed missing WP-cron schedule: sentra_flush_events could become unscheduled, stopping all event delivery
  • Improved load_queue with loaded flag to prevent redundant database reads

2.1.9

  • Fixed WAF blocking legitimate REST API calls from admin users (AIOSEO, Gutenberg, etc.)
  • Admin users are now whitelisted for wp-json REST API requests

2.1.8

  • Scans triggered from the console now execute immediately (push notification)
  • Added REST API endpoint for server-to-plugin communication

2.1.7

  • Improved malware scanner with 12 new detection signatures
  • Added heuristic detection for SEO spam injection, cloaking, and hidden content
  • Can now detect obfuscated malware that mimics WordPress function names

2.1.6

  • Added setup guide in Settings page with link to Sentra console registration
  • Added Italian translations for setup guide

2.1.5

  • Added full internationalization (i18n) support
  • Added Italian translation (it_IT)
  • All user-facing strings are now translatable
  • Added languages/ directory with .pot and .mo files

2.1.9

  • Fixed WAF blocking legitimate REST API calls from admin users (AIOSEO, Gutenberg, etc.)
  • Admin users are now whitelisted for wp-json REST API requests

2.1.8

  • Scans triggered from the console now execute immediately (push notification)
  • Added REST API endpoint for server-to-plugin communication

2.1.7

  • Improved malware scanner with 12 new detection signatures
  • Added heuristic detection for SEO spam injection, cloaking, and hidden content
  • Can now detect obfuscated malware that mimics WordPress function names

2.1.6

  • Added setup guide in Settings page with link to Sentra console registration
  • Added Italian translations for setup guide

2.1.5

  • Added full internationalization (i18n) support with Italian translation

2.1.4

  • Renamed plugin slug, folder and main file to freelancebo-sentra-control per WordPress.org guidelines
  • Fixed Text Domain to match plugin slug (freelancebo-sentra-control)
  • Extracted all inline scripts to separate JS files using wp_enqueue_script
  • Fixed pcre.backtrack_limit handling: save original once, restore once after loop
  • Added recursive sanitization for JSON POST body in AJAX proxy
  • Sanitized $_SERVER[SERVER_SOFTWARE] with sanitize_text_field
  • Added External Services section documenting Sentra console and WordPress.org API usage

2.1.2

  • Renamed plugin to “FreelanceBo Sentra Control” per WordPress.org naming guidelines
  • Added “External Services” section documenting all third-party service connections
  • Documented data transmission to FreelanceBo Sentra Control console and WordPress.org API
  • Included links to Terms of Service and Privacy Policy for all external services

2.1.1

  • Firewall: fixed logout blocked for authenticated users on wp-login.php
  • Firewall: admin users in backend logged as waf_admin_alert instead of blocked
  • Integrity scanner: lowered severity to LOW for plugin/theme directory files
  • Malware scanner: excluded own plugin directory to prevent false positives
  • Fixed residual CSS selectors from previous rename

1.9.3

  • Improved login guard module with enhanced brute force detection
  • Updated vulnerability scanner with latest CVE database integration
  • Renamed plugin to Sentra
  • Bug fixes and performance improvements

1.9.0

  • Added file integrity monitoring module
  • Added IP blocklist management
  • Improved WAF rules engine
  • Central console integration improvements

1.0.0

  • Initial release
  • WAF, malware scanner, vulnerability scanner
  • Brute force protection
  • Central console connectivity
Back to top