Custonis – Security Exposure Scanner

Custonis detects publicly exposed files that should never be accessible on the internet.

Many WordPress websites unintentionally expose sensitive files such as:

• database backups (.sql, .zip)
• exported user or customer data
• configuration files (.env, wp-config backups)
• debug logs and error logs
• development leftovers

These files are actively targeted by bots and attackers because they may expose:

• database credentials
• API keys
• user data
• internal system information

Why Custonis?

Most security plugins focus on firewalls, malware or login protection.

Custonis focuses on a different but critical attack surface:

👉 Public file exposure

It helps you identify risks that are often overlooked and complements traditional security plugins.

Features

✔ Detect exposed backup files (.zip, .sql, .gz) ✔ Detect debug logs and error logs ✔ Detect configuration backups and sensitive files ✔ Detect exposed Git repositories ✔ Detect directory listing vulnerabilities ✔ Database health checks (large tables, autoload size, transients, revisions) ✔ Severity classification (Critical / Elevated / Low) ✔ Security score calculation ✔ Risk level indicator ✔ Exposure age tracking (when issues first appeared) ✔ Detailed findings dashboard with explanations and fixes ✔ Scan history chart ✔ Fast and lightweight scanning ✔ 100% local scanning (no external API calls)

How it works

1. Install and activate the plugin
2. Open the Custonis dashboard
3. Run a security scan
4. Review detected exposures and fix issues

Custonis performs read-only scans and does not modify your website.

1.1.4

= Improved = * Fixed exposure timeline (first detected now tracked correctly) * Improved consistency of finding history across scans * Enhanced score accuracy for repeated findings

Added

• Score breakdown (critical / elevated issues) directly in dashboard
• More transparent risk evaluation for users

UX

• Improved clarity of exposure age and status
• Cleaner and more understandable dashboard feedback

1.1.3

• Optimized false positives

1.1.2

• Fixed version inconsistency in trunk

1.1.1

• Fixed dashboard live stats not updating after scan
• Improved scan result persistence

1.1

= Improved = * Significantly improved scan stability and execution flow * Optimized background scanning process * More accurate live scan progress tracking * Improved performance for large websites * Enhanced scan result storage and reliability * Refined dashboard UI and scan experience

Added

• Improved filesystem scanning coverage
• Enhanced database analysis
• More precise detection of exposed files and risks
• Better scan step handling and progress visualization

Internal

• Codebase cleanup and structural improvements
• Optimized AJAX handling and data flow

1.0.1

= Fixed = * Removed all Pro / license / cron related functionality for full compliance with WordPress.org guidelines * Replaced external CDN (Chart.js) with local asset * Fixed nonce handling (sanitization and validation) * Improved escaping for all output * Improved file path handling using WordPress functions

1.0.0

= Initial release = * Exposure scanner * Severity detection (Critical / Elevated) * Security score calculation * Exposure age detection * Findings dashboard * Scan history chart