Documentation

Connect a site and understand the control plane.

A concise guide for pilot operators, WordPress administrators, and security analysts.

Quick start

Create a site in the dashboard, download the signed plugin, and generate a one-time enrollment token. The site begins in observe-only mode for seven days.

Dashboard → Sites → Add site → Generate enrollment token

Secure enrollment

Paste the short-lived token into Settings → SmartHoneyAI. The plugin verifies the configured site URL and receives a unique agent secret once. Store the secret only in WordPress options with autoload disabled.

Event handling

Suspicious events enter a bounded local spool and are uploaded asynchronously in signed, idempotent batches. Passwords, cookies, authorization headers, and tokens are removed before they leave WordPress.

Policy safety

Policies are declarative and versioned. Allowlist entries take priority. Each downloaded document is cryptographically verified before it replaces the last-known policy. Temporary blocks always include expiry.

Outage behavior

If the control plane is unavailable, uploads remain queued within local limits and the site continues using its verified cache. Once policy expires, the plugin falls back to monitor-only to preserve availability.

Pilot note: SmartHoneyAI provides security decision support. It is not a substitute for patching WordPress core, themes, and plugins.
Documentation | SmartHoneyAI