Elevoire Security Audit
Elevoire Security Audit is a production-ready, read-only WordPress security auditing plugin. It scans your site for security misconfigurations, outdated software, and dangerous settings — then explains what each issue means and how to fix it.
The plugin NEVER: * Modifies your site or its settings * Acts as a firewall or removes malware * Sends any data to external servers * Collects analytics or user information
Its only job is to audit, analyse, and educate.
What it scans
- WordPress Core version and debug mode
- File editing and SSL admin settings
- Version exposure and exposed default files
- XML-RPC and WP-Cron configuration
- User accounts and the default « admin » username
- Login page HTTPS and Application Passwords
- Outdated and inactive plugins and themes
- File permissions (wp-config.php, .htaccess, uploads)
- PHP version and dangerous PHP settings
- HTTP Security Headers (CSP, HSTS, X-Frame-Options, etc.)
- SSL/HTTPS certificate status
- Database prefix and autoloaded options size
Security Score
Every scan produces an overall Security Score (0–100) with a breakdown by severity: Critical, High, Medium, Low, and Passed checks.
Detailed Findings
Each finding includes: * Status and severity * What was found * Why it matters (risk explanation) * Recommended fix
Reports
Stores all scan reports in your database so you can compare security posture over time. You can view or delete any report at any time from the Reports page.
