Center
―
why the workflow matters
security data is only useful when it stays connected.
Standalone alerts can leave teams guessing about what was scanned, which asset is affected, and what should be fixed first. Aegisify Audit keeps the target, job, evidence, finding, score, and report connected from start to finish.
Aegisify Audit: Step by step workflow
The SaaS Platform Starts The Scan.
The workflow begins inside Aegisify Audit, where the user selects the target and scan profile.
- Confirm the target domain
- Select the scan profile
- Create a unique scan ID and queued job
A Secure Channel Connects SaaS To The Agent.
The request moves to the WordPress Agent through the approved communication path before local collection begins.
- HTTPS REST request
- Security key and request signature
- Nonce and replay protection checks
The Agent Gathers Local WordPress Evidence.
The WordPress Agent collects details that an outside-only scan may not be able to see.
- WordPress core, plugin, theme, and MU-plugin inventory
- PHP, configuration, and dependency signals
- Activity, application, and commerce-related logs
Scan Engines Review The Attack Surface.
Multiple checks analyze the public site and the Agent evidence instead of treating every signal as a separate report.
- SAST, code quality, and vulnerability review
- DAST, headers, routes, forms, and browser-facing checks
- REST, OpenAPI, GraphQL, and WooCommerce checks
Risk Is Correlated With Evidence And Context.
Aegisify Audit connects the finding to the affected asset, supporting evidence, and risk context so teams can review more than a raw alert count.
- OWASP-aligned context where applicable
- CVE, OSV, KEV, and EPSS intelligence signals
- Severity, confidence, evidence, and affected asset
Reports And AI-Assisted Triage Turn Data Into Action.
The final stage presents the highest-priority issues, supporting evidence, and guidance in a format teams can review and share.
- Top threats and prioritized findings
- AI-assisted, human-reviewable guidance
- CSV, PDF, and XML report exports
- Remediation status and verification notes
― Important Scan Details
what the workflow brings together.
The page below explains the main evidence groups shown in the original workflow: public exposure, local WordPress evidence, commerce and application flows, and prioritized outputs.
― the practical result
see what changed, what matters and what to do first.
Aegisify Audit is designed to help serious WordPress teams move from raw scan data to a clearer review and remediation process.
― common questions
what teams should know before starting
Aegisify Audit is designed to help serious WordPress teams move from raw scan data to a clearer review and remediation process.
Why does Aegisify Audit use both SaaS and a WordPress Agent?
The SaaS platform manages the scan workflow, correlation, dashboards, and reports. The Agent provides deeper local WordPress evidence that an external-only scan may not be able to collect.
Does AI automatically change my WordPress site?
This page describes AI-assisted triage and guidance. Recommendations should be reviewed before changes are made. The workflow does not need to promise automatic remediation to provide value.
Can the workflow include WooCommerce?
Yes. The workflow shown here includes commerce and application checks such as cart, checkout, Store API, payment paths, webhooks, HPOS, Action Scheduler posture, and order-related signals.
What can be exported after a scan?
The workflow illustration identifies CSV, PDF, and XML report exports, along with dashboard reporting and prioritized findings.
