plugin-icon

CyberNote Security Checker

作者:teeeda1129·
Diagnoses WordPress security settings and version status, presenting plain-language improvement steps in Japanese. No external requests. Lightweight.
版本
1.0.0
最后更新
Jul 3, 2026
CyberNote Security Checker

CyberNote Security Checker is a lightweight plugin that audits your WordPress site’s security posture without sending any data to external servers.

Many security plugins are powerful but heavy, English-only, and full of technical jargon. CyberNote Security Checker takes the opposite approach: it targets Japanese individual bloggers and small business owners who need to understand exactly what to do — delivered quickly and without specialist knowledge.

12 diagnostic checks. Zero external requests.

A widget appears on the WordPress dashboard showing results in three levels: good (no action needed) / attention (improvement recommended) / recommended (priority action required). Each item includes a plain-Japanese explanation of the risk and step-by-step remediation guidance.

Category A: Version Freshness (3 checks)

  • WordPress core — Detects whether security-only maintenance releases are unapplied. Distinguishes urgency between security patches and feature updates.
  • PHP version — Evaluated against official PHP support status. End-of-life versions flagged as “priority action”; security-only branches as “attention”.
  • Plugin and theme updates — Displays the count and names of pending updates. A direct link opens the standard WordPress update screen; the plugin never performs updates itself.

Category B: Hardening Settings (9 checks)

  • Debug display — WP_DEBUG with screen output on a production site is flagged as “priority action”; log-only mode as “attention”.
  • File editing — If the theme and plugin code editor is enabled in the admin panel, flagged as “priority action”.
  • Admin username — If a user named admin or administrator exists, flagged as “attention” (changing it carries migration risk, so no urgent push).
  • HTTPS — Sites running on plain HTTP are flagged as “priority action”.
  • Database table prefix — Default wp_ prefix flagged as “attention” (live-site changes carry risk, so no urgent push).
  • XML-RPC — Enabled XML-RPC is flagged as “attention”; use-case guidance included before recommending disablement.
  • REST API user enumeration — If anonymous requests to /wp/v2/users return user data, flagged as “attention”.
  • Security keys (salts) — Checks whether the wp-config.php authentication unique keys and salts are set and not left at the default placeholder. Missing or default keys are flagged as “priority action” (login cookies could be forged). Key values are never read out or displayed.
  • Unused plugins and themes — Inactive plugins and unused themes still ship files on the server that can be exploited if vulnerable. Their presence is flagged as “attention” with removal guidance (keeping one fallback theme is fine).

Design Principles

  • Read-only — The plugin only presents diagnostic results. It never automatically changes site settings or files.
  • No external requests — Every check reads WordPress built-in APIs and site configuration only. Nothing leaves your server.
  • Lightweight — No real-time file scanning, no custom WAF, no resident processes. Diagnostics run once when the admin page loads.
  • Plain language — Technical terms are avoided. Each check explains why it matters and what to do in everyday language.

Vulnerability alerts (separate external service)

This plugin is free and fully functional on its own. Matching your installed plugins and themes against external vulnerability databases (CVE) requires server-side processing that cannot be done locally, so it is offered separately as an external service called CyberNote, not bundled in this plugin. See https://www.cybernote.click/wp-security-checker-guide/ for details.

免费基于付费套餐
通过安装,您同意 WordPress.com 服务条款第三方插件条款
目前已测试版本
WordPress 7.0
这个插件是可用的下载,适用于您的站点。