Description
Elevoire Security Audit is a production-ready, read-only WordPress security auditing plugin. It scans your site for security misconfigurations, outdated software, and dangerous settings — then explains what each issue means and how to fix it.
The plugin NEVER:
* Modifies your site or its settings
* Acts as a firewall or removes malware
* Sends any data to external servers
* Collects analytics or user information
Its only job is to audit, analyse, and educate.
What it scans
- WordPress Core version and debug mode
- File editing and SSL admin settings
- Version exposure and exposed default files
- XML-RPC and WP-Cron configuration
- User accounts and the default “admin” username
- Login page HTTPS and Application Passwords
- Outdated and inactive plugins and themes
- File permissions (wp-config.php, .htaccess, uploads)
- PHP version and dangerous PHP settings
- HTTP Security Headers (CSP, HSTS, X-Frame-Options, etc.)
- SSL/HTTPS certificate status
- Database prefix and autoloaded options size
Security Score
Every scan produces an overall Security Score (0–100) with a breakdown by severity: Critical, High, Medium, Low, and Passed checks.
Detailed Findings
Each finding includes:
* Status and severity
* What was found
* Why it matters (risk explanation)
* Recommended fix
Reports
Stores all scan reports in your database so you can compare security posture over time. You can view or delete any report at any time from the Reports page.
Installation
- Upload the
enhanceo-security-auditfolder to/wp-content/plugins/ - Activate the plugin through the Plugins screen in WordPress
- Go to Security Audit in your WordPress admin menu
- Click Run Full Scan
FAQ
-
Does this plugin fix security issues automatically?
-
No. This plugin is read-only. It identifies issues and recommends fixes, but never modifies your site. This is intentional — automated changes to security settings can break sites.
-
Will running a scan slow down my site?
-
Scans run in the WordPress admin only and never affect your front-end. Full scans may take a few seconds depending on the number of plugins and themes installed.
-
Does the plugin send my data anywhere?
-
No. All scan data stays in your WordPress database. The plugin never communicates with external servers.
-
Is this plugin safe to use on a production site?
-
Yes. The plugin is read-only, loads only in wp-admin, and follows all WordPress security best practices.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“Elevoire Security Audit” is open source software. The following people have contributed to this plugin.
ContributorsTranslate “Elevoire Security Audit” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.0.0
- Initial release
