Elevoire Security Audit

Description

Elevoire Security Audit is a production-ready, read-only WordPress security auditing plugin. It scans your site for security misconfigurations, outdated software, and dangerous settings — then explains what each issue means and how to fix it.

The plugin NEVER:
* Modifies your site or its settings
* Acts as a firewall or removes malware
* Sends any data to external servers
* Collects analytics or user information

Its only job is to audit, analyse, and educate.

What it scans

  • WordPress Core version and debug mode
  • File editing and SSL admin settings
  • Version exposure and exposed default files
  • XML-RPC and WP-Cron configuration
  • User accounts and the default “admin” username
  • Login page HTTPS and Application Passwords
  • Outdated and inactive plugins and themes
  • File permissions (wp-config.php, .htaccess, uploads)
  • PHP version and dangerous PHP settings
  • HTTP Security Headers (CSP, HSTS, X-Frame-Options, etc.)
  • SSL/HTTPS certificate status
  • Database prefix and autoloaded options size

Security Score

Every scan produces an overall Security Score (0–100) with a breakdown by severity: Critical, High, Medium, Low, and Passed checks.

Detailed Findings

Each finding includes:
* Status and severity
* What was found
* Why it matters (risk explanation)
* Recommended fix

Reports

Stores all scan reports in your database so you can compare security posture over time. You can view or delete any report at any time from the Reports page.

Installation

  1. Upload the enhanceo-security-audit folder to /wp-content/plugins/
  2. Activate the plugin through the Plugins screen in WordPress
  3. Go to Security Audit in your WordPress admin menu
  4. Click Run Full Scan

FAQ

Does this plugin fix security issues automatically?

No. This plugin is read-only. It identifies issues and recommends fixes, but never modifies your site. This is intentional — automated changes to security settings can break sites.

Will running a scan slow down my site?

Scans run in the WordPress admin only and never affect your front-end. Full scans may take a few seconds depending on the number of plugins and themes installed.

Does the plugin send my data anywhere?

No. All scan data stays in your WordPress database. The plugin never communicates with external servers.

Is this plugin safe to use on a production site?

Yes. The plugin is read-only, loads only in wp-admin, and follows all WordPress security best practices.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“Elevoire Security Audit” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

1.0.0

  • Initial release