BBH Security Insight

BBH Security Insight runs a lightweight, read-only security audit on your WordPress installation and generates a professional Security Risk Report with color-coded risk levels (Critical, Warning, Safe), an overall security score (0–100), and detailed remediation recommendations.

This plugin is completely read-only — it never modifies files, never changes settings, and never sends data to external servers. It simply inspects your WordPress configuration and reports findings.

Audit Checks Include

• WordPress Version Exposure — Detects if your WordPress version is exposed via readme.html or generator tags.
• Database Table Prefix — Checks if you are using the default wp_ prefix.
• XML-RPC Status — Reports whether XML-RPC is enabled or disabled.
• DISALLOW_FILE_EDIT — Verifies if the built-in file editor is disabled.
• WP_DEBUG Status — Checks whether debug mode is active on production.
• Directory Browsing — Checks whether directory listing appears to be disabled.
• readme.html Exposure — Checks for the presence of the readme file.
• install.php Exposure — Checks if the installation script is accessible.
• wp-config.php Permissions — Verifies file permissions on this critical file.
• wp-content Permissions — Checks directory permissions on your content directory.
• User Enumeration Exposure — Checks for common user enumeration exposure patterns.
• Security Headers — Scans for CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options.
• Uploads PHP Execution — Checks if PHP execution is blocked in the uploads directory.
• Admin Username — Detects if an administrator uses the default "admin" username.
• Malware Heuristics — Performs lightweight checks for suspicious code patterns in active plugin and theme PHP files.

Features

• One-click "Run Security Audit" button on the admin dashboard.
• Professional, color-coded Security Risk Report with score (0–100).
• Human-readable explanations and remediation recommendations for every check.
• Dismissible admin reminder notice.
• Fully internationalized — ready for translation.
• Secure AJAX with nonce verification and capability checks.
• WordPress Coding Standards compliant.
• No external dependencies — no Composer, no third-party APIs.
• Read-only — never makes changes to your site.

Additional Resources

Looking for additional WordPress security guidance? Visit jahidshah.com for documentation, security resources, and professional assistance.

Support & Contact

Need help or want to report an issue? Visit our support page or open a support ticket on the WordPress plugin repository.

• Website: https://jahidshah.com/
• Support: https://wordpress.org/support/plugin/bbh-security-insight/

Other Plugins

• BBH Custom Schema – Add custom JSON-LD schema to your website
• BBH SEO Toolkit – Advanced SEO & Structured Data Engine
• AJ FAQ Block – Display FAQs with a beautiful block
• AJ Card Element – Display content in beautiful cards
• AJ Square Testimonial Slider – Showcase testimonials in a slider
• AJ Category Posts – Display posts by category
• AJx Filter for WooCommerce – Advanced product filtering for WooCommerce