Custonis – Security Exposure Scanner
Custonis detects publicly exposed files that should never be accessible on the internet.
Many WordPress websites unintentionally expose sensitive files such as:
- database backups (.sql, .zip)
- exported user or customer data
- configuration files (.env, wp-config backups)
- debug logs and error logs
- development leftovers
These files are actively targeted by bots and attackers because they may expose:
- database credentials
- API keys
- user data
- internal system information
Why Custonis?
Most security plugins focus on firewalls, malware or login protection.
Custonis focuses on a different but critical attack surface:
👉 Public file exposure
It helps you identify risks that are often overlooked and complements traditional security plugins.
Features
✔ Detect exposed backup files (.zip, .sql, .gz) ✔ Detect debug logs and error logs ✔ Detect configuration backups and sensitive files ✔ Detect exposed Git repositories ✔ Detect directory listing vulnerabilities ✔ Database health checks (large tables, autoload size, transients, revisions) ✔ Severity classification (Critical / Elevated / Low) ✔ Security score calculation ✔ Risk level indicator ✔ Exposure age tracking (when issues first appeared) ✔ Detailed findings dashboard with explanations and fixes ✔ Scan history chart ✔ Fast and lightweight scanning ✔ 100% local scanning (no external API calls)
How it works
- Install and activate the plugin
- Open the Custonis dashboard
- Run a security scan
- Review detected exposures and fix issues
Custonis performs read-only scans and does not modify your website.
1.1.4
= Improved = * Fixed exposure timeline (first detected now tracked correctly) * Improved consistency of finding history across scans * Enhanced score accuracy for repeated findings
Added
- Score breakdown (critical / elevated issues) directly in dashboard
- More transparent risk evaluation for users
UX
- Improved clarity of exposure age and status
- Cleaner and more understandable dashboard feedback
1.1.3
- Optimized false positives
1.1.2
- Fixed version inconsistency in trunk
1.1.1
- Fixed dashboard live stats not updating after scan
- Improved scan result persistence
1.1
= Improved = * Significantly improved scan stability and execution flow * Optimized background scanning process * More accurate live scan progress tracking * Improved performance for large websites * Enhanced scan result storage and reliability * Refined dashboard UI and scan experience
Added
- Improved filesystem scanning coverage
- Enhanced database analysis
- More precise detection of exposed files and risks
- Better scan step handling and progress visualization
Internal
- Codebase cleanup and structural improvements
- Optimized AJAX handling and data flow
1.0.1
= Fixed = * Removed all Pro / license / cron related functionality for full compliance with WordPress.org guidelines * Replaced external CDN (Chart.js) with local asset * Fixed nonce handling (sanitization and validation) * Improved escaping for all output * Improved file path handling using WordPress functions
1.0.0
= Initial release = * Exposure scanner * Severity detection (Critical / Elevated) * Security score calculation * Exposure age detection * Findings dashboard * Scan history chart