I have been thinking about how to add security and checks to things like WP and more, so in this I have had an idea on how to do this. We have a package deploy system so the plan is to do a package deploy script that I have on GitHub and when the container scan happens it deploys this package and then after runs the scan, it fetches this file from your site and it contains a JSON output of telemetry data that the checker uses. This will include things like Wordpress version, wp admin username, Htaccess rules set, and more. This can then be used by the container scan script to do some checks.
How would this work on the telemetry file to make it safe? Cant anyone view? This file will ONLY be visible by NodeHost internal IP's OR we can only allow it to be viewed for 1 minute after install before it is no good and viewing it only causes self delete. We can use
filemtime() to see how old the file is for that. The file once viewed even once will self delete.
What do you think? I can make it open so that it can be updated with new PHP versions to check for and more, and I was working on a malware scanner service and this can be part of it auto deploying on site scans to also scan and remove malware and send users alerts if we did remove any.