plugin-icon

Custonis – Security Exposure Scanner

By custonis·
Detect publicly exposed backup files, debug logs and sensitive data on your WordPress site.
backup scanner
Debug log
exposed files
Ratings
Add a review
Version
1.1.3
Last updated
Apr 1, 2026
Custonis – Security Exposure Scanner

Custonis detects publicly exposed files that should never be accessible on the internet.

Many WordPress websites unintentionally expose sensitive files such as:

  • database backups (.sql, .zip)
  • exported user or customer data
  • configuration files (.env, wp-config backups)
  • debug logs and error logs
  • development leftovers

These files are actively targeted by bots and attackers because they may expose:

  • database credentials
  • API keys
  • user data
  • internal system information

Why Custonis?

Most security plugins focus on firewalls, malware or login protection.

Custonis focuses on a different but critical attack surface:

👉 Public file exposure

It helps you identify risks that are often overlooked and complements traditional security plugins.

Features

✔ Detect exposed backup files (.zip, .sql, .gz) ✔ Detect debug logs and error logs ✔ Detect configuration backups and sensitive files ✔ Detect exposed Git repositories ✔ Detect directory listing vulnerabilities ✔ Database health checks (large tables, autoload size, transients, revisions) ✔ Severity classification (Critical / Elevated / Low) ✔ Security score calculation ✔ Risk level indicator ✔ Exposure age detection ✔ Detailed findings dashboard ✔ Scan history chart ✔ Fast and lightweight scanning ✔ 100% local scanning (no external API calls)

How it works

  1. Install and activate the plugin
  2. Open the Custonis dashboard
  3. Run a security scan
  4. Review detected exposures and fix issues

Custonis performs read-only scans and does not modify your website.

1.1.3

  • Optimized false positives

1.1.2

  • Fixed version inconsistency in trunk

1.1.1

  • Fixed dashboard live stats not updating after scan
  • Improved scan result persistence

1.1

= Improved = * Significantly improved scan stability and execution flow * Optimized background scanning process * More accurate live scan progress tracking * Improved performance for large websites * Enhanced scan result storage and reliability * Refined dashboard UI and scan experience

Added

  • Improved filesystem scanning coverage
  • Enhanced database analysis
  • More precise detection of exposed files and risks
  • Better scan step handling and progress visualization

Internal

  • Codebase cleanup and structural improvements
  • Optimized AJAX handling and data flow

1.0.1

= Fixed = * Removed all Pro / license / cron related functionality for full compliance with WordPress.org guidelines * Replaced external CDN (Chart.js) with local asset * Fixed nonce handling (sanitization and validation) * Improved escaping for all output * Improved file path handling using WordPress functions

1.0.0

= Initial release = * Exposure scanner * Severity detection (Critical / Elevated) * Security score calculation * Exposure age detection * Findings dashboard * Scan history chart

Freeon paid plans
Get started
By installing, you agree to WordPress.com Terms of Service and Third-Party plugin Terms.
Tested up to
WordPress 6.9.4
This plugin is available for download for your site.
Download