Help Documentation

VMP™ Security plugin documentation and support

Free Support

Support for users of the free version of the plugin is available on our support forums. The majority of features shown are available in the free version of VMP™ Security which helps protect millions of sites around the world.

Go to support forums

Access Upgraded Support Now

Our support engineers, equipped in Premium tickets within a few hours on weekdays, will be pleased to help you with advanced topics, provide comprehensive answers to your questions, and respond to all others in 24 hours or less.

Premium Support

Diagnostics

The Diagnostics page is a single-screen overview of everything VMP Security knows about your site, your WordPress installation, your PHP environment, and your hosting setup. It exists for two reasons: to let you check whether the plugin is healthy at a glance, and to give support engineers a complete picture of your environment when you open a ticket.

In This Article

Diagnostics sections

The page is organized into expandable sections. The most-referenced ones during day-to-day work:

  • VMP Security. Plugin version, license type and expiry, last update of firewall rules, last update of malware signatures, current protection level, current firewall mode.
  • WordPress. WordPress core version, site URL, home URL, multisite status, language, active theme, installed plugins (with versions and update availability).
  • PHP. PHP version, SAPI (Apache, FPM, etc.), memory_limit, max_execution_time, post_max_size, upload_max_filesize, OPcache state, list of loaded PHP extensions.
  • Web server. Detected server type and version, the configuration mechanism used by Extended Protection (auto_prepend_file via .user.ini, .htaccess, NGINX, etc.), and whether the loader file exists and is reachable.
  • Database. MySQL/MariaDB version, character set, table prefix. Useful for confirming that the firewall’s database tables (when MySQLi storage is enabled) are present.
  • WP-Cron. Whether WP-Cron is enabled, when it last ran, and the list of upcoming scheduled events the plugin is responsible for. The single most useful section for diagnosing “why didn’t the scheduled scan run.”
  • Connectivity. A live test of every endpoint the plugin needs to reach: the rules update server, the malware signatures server, the vulnerability database, and the Portal API. Each line shows the resolved IP, the response time, and any error.
  • Filesystem. Permissions of the plugin’s working directories, free disk space, and a list of any files the plugin had trouble reading or writing.
  • Background workers. The current state of the scan worker, the firewall worker, and any other long-running tasks the plugin owns. Includes the timestamp of their last heartbeat.

Sending diagnostics to support

When you open a support ticket, attaching diagnostics dramatically reduces the back-and-forth. The bottom of the page has a Send to Support button:

  1. Click Send to Support. The plugin gathers the full diagnostics into a single text payload.
  2. Enter the ticket reference if you already have one open. Otherwise, leave the field blank to start a new ticket.
  3. Click Send. The diagnostics are uploaded to a secure URL accessible only to support, and the URL is associated with your ticket.

If you prefer to handle the data yourself, use Download diagnostics instead. You get a text file with the same content, which you can review before attaching it manually to the ticket.

Sensitive data

Diagnostics are designed to include enough environmental detail to be useful while excluding things that should not leave your site. Specifically:

  • Database credentials are not included. Only the database version and prefix.
  • The license key is shown truncated, with only the first and last few characters visible.
  • API tokens, Portal connection tokens, and webhook secrets are not included.
  • The contents of wp-config.php are not transmitted; only the values of constants the plugin specifically queries (e.g., DISABLE_WP_CRON, WP_HTTP_BLOCK_EXTERNAL).
  • User data (visitor IPs, user emails) is not included.

Before sending diagnostics by email or attaching them to a public bug tracker, glance through the file. Anything that looks like a credential is worth double-checking; the plugin’s redaction is conservative but not infallible.

Using diagnostics during troubleshooting

For most issues, the diagnostics page itself is the first place to look before contacting support. Some quick mappings from symptoms to sections:

  • “Scans never start.” Check WP-Cron and Background workers.
  • “Firewall not blocking.” Check VMP Security (mode, last rule update) and Connectivity (rules update server reachable?).
  • “Live Traffic is empty.” Check Database (table prefix, write permissions) and Background workers.
  • “Vulnerability info is stale.” Check Connectivity (vulnerability database reachable?).
  • “Premium features greyed out.” Check VMP Security (license type and expiry).
Contents