plugin-icon

CompatShield WP Site Auditor

Door CompatShield·
Comprehensive WordPress security auditor. Scans for vulnerabilities, misconfigurations and threats — scored report with actionable fix steps.
audit
hardening
malware
Beoordelingen
Een beoordeling toevoegen
Versie
0.1.0
Laatst bijgewerkt
Jun 26, 2026
CompatShield WP Site Auditor

CompatShield Site Auditor gives WordPress site owners and agencies a full picture of their site’s security posture in one scan. Unlike basic security plugins, it audits every layer — environment, plugins, themes, users, files, and database — and produces a single weighted score out of 100 with a per-category breakdown.

What it checks

Environment & Hardening * PHP version (flags below 8.2) * WordPress core version * WP_DEBUG exposure * XML-RPC enabled * wp-config.php file permissions * Database table prefix (flags default wp_) * Directory listing enabled * .htaccess integrity * HTTPS enforcement * readme.html / license.txt version leakage

Plugin & Theme Intelligence * Lists all installed plugins (active and inactive) * Hits WordPress.org API for last updated date and install count * Flags plugins not updated in 6, 12, or 24 months * Flags plugins removed from the WordPress.org directory * Flags abandoned themes

User & Access Audit * Lists all administrator accounts * Flags the default “admin” username still in use * Detects dormant admin accounts (no login in 90+ days) * Checks for two-factor authentication plugins * Flags non-admin users with elevated capabilities (manage_options, install_plugins, etc.)

File Integrity & Backdoor Detection * Hashes WordPress core files against official checksums * Flags modified core files * Scans theme and plugin files for dangerous PHP patterns: eval(base64_decode), gzinflate, str_rot13, shell_exec, exec, system, preg_replace with /e modifier * Flags PHP files inside /uploads/ directory * Flags .git directory exposure * Detects suspicious WordPress cron jobs * Flags PHP files modified in the last 7 or 30 days

Database Security * Checks for publicly accessible phpMyAdmin * Scans published posts for injected content (hidden links, base64 blobs, external iframes) * Scans wp_options autoloaded data for malicious PHP patterns and oversized entries

Security Score * Weighted score out of 100 (Environment 25, Plugins 20, Headers 20, Users 15, Database 10, Themes 10) * Per-category score breakdown with issue count * Historical score tracking with week-over-week change

Who is this for?

  • WordPress site owners who want to know their security posture
  • Freelancers and developers managing client sites
  • Agencies auditing multiple client sites

All of the scanning and reporting features described above are fully included in this free plugin — nothing here is time-limited or feature-gated. CompatShield may offer separate, optional products in the future (such as a multi-site management dashboard); any such product would be a distinct, separately-installed plugin or service, not a restriction on this one.

Privacy

This plugin makes outbound requests to: * WordPress.org API (api.wordpress.org) — to retrieve plugin and theme metadata * Your own site’s URL — to check phpMyAdmin exposure and security headers

No data is sent to third-party servers by the free version.

Gratisvoor betaalde abonnementen
Aan de slag
Door te installeren, ga je akkoord met de Servicevoorwaarden van WordPress.com en de voorwaarden voor plugins van derden.
Getest tot
WordPress 7.0
Deze plugin kan worden gedownload, zodat je hem op je kan gebruiken.
Downloaden