Anonindo Security Advisor helps site owners understand and improve their WordPress security posture without acting like a full firewall suite.
The plugin follows a simple workflow:
- Scan for common WordPress security issues and misconfigurations
- Explain what each issue means in beginner-friendly language
- Show practical guidance and safer best practices
- Offer safe auto-fix actions for selected hardening steps
This plugin is designed to be lightweight, educational, and operationally safe.
Features
- Detects debug mode enabled in production
- Detects dashboard file editing enabled
- Detects XML-RPC exposure
- Detects weak file permissions on common paths
- Detects potentially exposed
wp-config.phpbackup patterns - Detects outdated plugins and themes
- Detects suspicious administrator account patterns
- Detects REST API user enumeration exposure
- Heuristically scans active theme and plugin PHP files for basic SQL injection and XSS risk patterns
- Scans selected database content for suspicious script-like patterns
- Provides a security score and prioritized recommendations
- Includes an activity log for meaningful security-related site events
- Supports safe auto-fixes for selected hardening improvements