Nova Scan

Teaching Nova Scan to read what webshells try to hide. Bitop-encoded sink names, polyglot JPG+PHP droppers, socket C2 channels, XSLT-embedded eval, register_globals emulation — all catching now. 24,000-sample stratified training rig running. Weeks of refining ahead. I am going to change the game for the entire wordpress ecosystem - for free.

- Fixed a bug that could wipe saved API keys during unrelated Settings saves. - Saving API keys will no longer ask to save as a password in the browser. Added Show and Remove buttons. - Vulnerability sync rate-limit fix for errors that occurred when syncing across multiple plugins. - Fixed a rare crash on firewall-triggered rescans. - Under the hood — expanded WAF telemetry for upcoming detection improvements.

3.32.14 — two upgrades that punch above the version number. Shield wakes up smart. 27 trusted CDN, analytics, payment, font, and CAPTCHA origins pre-loaded the moment you activate — so your violations feed shows real threats from minute one, not a week of allowlist grinding. Remove what you don't want. We never put it back. Pre-WP firewall, surgically reinstalled. Marker-wrapped splice into wp-config, PHP-validated before write, fully reversible on uninstall. Zero backup files anywhere on disk. Because the only safe backup of a credentials file is no backup. Two small ships. One bigger principle: security tools should never become the thing you're protecting against.

Nova Core = 1.3.6 = * New — Email provider chain now intercepts every wp_mail() call on the site via pre_wp_mail hook. Transactional email (password resets, WooCommerce orders, plugin alerts, contact forms) routes through the chain instead of native sendmail when any provider is enabled.\ - Translations — Fresh translations across all 21 supported languages covering the new Nova Scan resilience features (retry toast, resume button, paused state messaging). - Plural handling — Correct plural forms for languages with complex grammar rules. Nova Scan = 3.32.0 = - Scans survive connection hiccups — Transient network errors, server timeouts, and proxy cutoffs no longer kill your scan. The scanner automatically retries with a smart backoff, and if retries fail, a Resume Scan button picks up right where you left off — progress is saved even across page refreshes. - Adaptive chunk sizing — The scanner automatically adjusts how many files it processes per round based on how your server is performing. Large sites that used to fail with timeouts now scan cleanly. No more tweaking settings manually. - Faster repeat scans — Files that have not changed since they were last scanned now carry forward their verdict instead of being re-analyzed. Saves significant time on sites with recurring findings. - Clearer error messages — The old “HTTP 0” error is gone. When something goes wrong, you see exactly what happened and how to recover. - Under the hood — Various code quality improvements for long-term maintainability.

- Scanner and firewall now work together — When the firewall blocks a live attack targeting a file, the scanner’s confidence in findings for that file is strengthened. Live evidence confirms the threat. - LIVE badge on findings — Findings with real-time attack evidence display a pulsing red LIVE indicator. Click to see the evidence chain behind the alert. - Auto-rescan on firewall events — When the firewall detects a targeted exploit against a file, the scanner immediately runs a deep analysis of that file — no waiting for the next scheduled scan. - Planted backdoor detection — Files that expose web endpoints but have never received a request now get flagged as suspicious dormant code — the classic pattern of a backdoor waiting to be activated. - Privacy preserving — All runtime correlation data uses anonymized identifiers with daily-rotating salts. No raw IP addresses are ever stored. Feature can be disabled in Settings. - Settings save reliability — NDE Detection Sensitivity, WAF Sensitivity Preset, and Nova Shield settings now persist correctly across page reloads. - False positive reduction — Scanner correctly identifies its own background tasks as legitimate. No more “unknown cron” warnings on plugin-owned scheduled jobs. - Hardened self-integrity — Extended tamper detection now covers the new correlation system. Any unauthorized modification to detection logic is caught immediately.

Nova Scan 3.27.9 — Smarter scanning: new intent classification engine understands code context, eliminating false positives on page builders, EDD updaters, and media plugins. Shield performance overhaul: single-batch reporting, default allowlist, zero-write learning mode.

Nova Scan v3.27.6 — This release tightens everything under the hood. Shield layout fixes, translation corrections, improved scan accuracy, refreshed hardening icons, REST API fix, and JS error resolved. Sharper, cleaner, more reliable scanning.

Stay updated with our latest and greatest Announcements, Releases, Updates and more on our Nova Pulse Broadcasting system (also located in Nova Core plugin). https://novaheaven.io/en/novapulse