ASTRARI
Sign inStart free
One agent · Linux + WordPress · UK-built

The whole estate, watched continuously.

One platform for every Linux server and every website you run. Continuous scanning, automatic fixes, off-host backups, and a forensic post-mortem for every outage — all from a single dashboard, in 60 seconds from apt install.

Start freeWatch the 60-second tour

Are you an agency? See how we're built for you →

Established
2014
Hosted in
EU
Inbound ports
0
DashboardEvery server and every site, scored, with the one that needs you next at the top.
12+
Finding categories
Every layer the agent checks
30s
Agent checkin
From dashboard click to live
60s
From install to first scan
One paste-and-run command
EU
Data residency
Backups + dashboard + logs

What it covers

Six layers of cover, one dashboard, one agent.

Most security tools are good at one thing. Astrari is built so the layer that catches a problem is irrelevant — every finding lands in the same dashboard, scored, routed, and explained.

Linux servers

Continuous server scans

Trivy CVEs, ClamAV malware, rkhunter rootkits, SSH and OS hardening — every layer, every six hours, with one-click auto-fix from the dashboard.

Websites

WordPress probed properly

Wordfence Intelligence catalogue for plugin/theme CVEs. Headers, cookies, exposed config, user enumeration, SSL and domain expiry — every site, every day.

Network

Exposure probes

What's actually listening, not just what's installed. MySQL on 0.0.0.0, Redis without a password, /.env files, default-path admin panels — plus your own custom probes.

Backups

Ransomware-resistant Vault

Append-only B2 credentials on the agent. EU-hosted, encrypted on the host before upload. Even a fully compromised host cannot delete the backup history.

Resilience

Outage RCA, automatic

Site goes down and recovers — Astrari has already collected the why. Logs, OOM kills, failed services, frozen at the moment of recovery, in the same email.

Custom

Custom probes per estate

Three kinds of probe — HTTP, port, file — composable into rules that fit your stack. A forgotten /admin path, a database port that should never face the internet, a config file with the wrong flag. Pushed to every agent on next checkin.

12 MB
The whole agent

Statically linked Go binary. Drops onto any Linux distribution. No runtime dependencies.

30 seconds
Between checkins

Dashboard actions reach the agent in under a minute. Auto-fixes apply within seconds of approval.

0 inbound
Ports we ever open

The agent only ever makes outbound HTTPS to the API. No SSH from us. Same security posture as your monitoring agent.

In their words

From agencies running estates of their own.

We used to log into four different tools per client. Astrari is one. The first thing it surfaced on a host we'd been managing for years was a Redis sitting on 0.0.0.0 with no password — that alone justified the year.
Sarah Hollis
Head of Operations · Halton Digital, Manchester
The monthly reports go out branded with our logo, on our domain, and our clients think we built the dashboard. They didn't. We're upfront about that — but the sender line is ours, the design is ours, and that's what they remember.
Daniel Akimbo
Technical Director · Westgate Studio, Bristol
I was wary of yet another security tool. The thing that won me over was the auto-fix — when SSH root login was open on a client's box, I clicked one button and it was done. From inside the host. No SSH session from me, no ticket, no follow-up.
Rachel Mainwaring
Founder · Latchet IT Services, Edinburgh

Built for agencies

Multi-tenant from day one. White-label included.

Group every server and site under a named client. Invite a scoped login that sees only their estate. Send branded monthly reports automatically. Run the whole dashboard on your own domain. None of this is roadmap — it's shipped and in production today.

See how — agencies overviewPricing

A 60-second tour

Watch how install, finding, and fix all happen on the same screen.

Astrari Vault · backup add-on

Backups ransomware on the host can't reach.

The agent on each Vaulted server has B2 credentials that can write new snapshots and read old ones — but cannot delete or overwrite. A ransomware operator with full root inherits those credentials and finds they cannot wipe a single existing snapshot. Pruning runs from Astrari infrastructure with a separate key the host never sees.

EU-hosted Backblaze B2 by default. Encrypted on the host before upload. £0.05 per GB stored / month; 10 GB of restore egress free per month. No per-server vault fee.

Read the Vault essay →

Agent B2 credentials

  • listFilesgranted
  • readFilesgranted
  • writeFilesgranted
  • deleteFileswithheld
The agent literally cannot delete a snapshot. Pruning runs from Astrari infrastructure with a separate key.

Pricing

Three plans, every one a full-fat agent.

What changes between plans is the count of servers and sites, not the depth of inspection. Vault is metered separately.

Starter

Free

Forever

  • 1 server, 3 sites
  • Full agent — every category
  • 24-hour scan cadence
  • Email findings
  • No credit card
Start free
Most chosen

Basic

£15

per month

  • 5 servers, 25 sites
  • Daily scan cadence
  • Alert routing — email + Slack
  • Outage RCA auto-fired
  • Custom exposure rules
  • 14-day free trial · no card
Start free trial

Pro

£45

per month

  • 25 servers, 100 sites
  • 12-hour scan cadence
  • Webhook + multi-channel alerts
  • Vault available · £0.05/GB
  • PDF monthly reports
  • 14-day free trial · no card
Start free trial

A small UK security team

Built by people who watch their own servers with this.

Astrari is a service of Incus Technologies Limited. We answer the support emails ourselves. The team is small enough that everyone knows what every check is doing and why.

Start free — no credit card
WordPress and Linux server security monitoring | Astrari