AsafAmos Accessibility Scanner

Description

AsafAmos Accessibility Scanner finds WCAG 2.1 / 2.2 AA accessibility violations on your WordPress site. The scan engine — axe-core 4.11 — is bundled with the plugin and runs entirely in your WP admin browser tab. The target page is loaded in a hidden iframe inside the admin area and evaluated there. The default scan flow does not transmit your URL, your HTML, or any scan contents to any external service.

What it does

• Loads the target page in a hidden iframe inside your WP admin and evaluates it with bundled axe-core 4.11. Nothing leaves your server during a normal scan.
• Reports every violation grouped by severity (critical / serious / moderate / minor).
• Links to axe-core documentation for each rule so you can fix it in your theme or content.
• Optional daily cron re-scans (off by default — see “Optional features” below for what it does and does not transmit).
• Works with any theme, any page builder, any caching plugin.

Why not an accessibility overlay?

Overlay widgets (the “robot button” you’ve seen on other sites) inject runtime JavaScript over broken HTML. They do not fix anything; the FTC fined the largest vendor $1M in January 2025. Real compliance means fixing the source HTML / CSS. This plugin shows you what to fix — it does not hide problems and it does not ship any JavaScript to your visitors.

Built for new accessibility regulations

• EAA 2025 — European Accessibility Act, enforceable since June 2025
• ADA — U.S. courts apply WCAG 2.1 AA as the de facto standard
• Israeli תקנה 35 — updated October 2024 with stricter enforcement

Free. Optional paid tier (separate hosted service)

The plugin itself is free. Unlimited scans, optional daily cron, full per-rule violation report — all included.

A separate hosted service at https://axle-iota.vercel.app offers Claude-generated code-fix suggestions per violation. That service is not part of this plugin and is not used by the default scan flow. If you sign up there and obtain an API key, you can paste it in this plugin’s Settings; it is then only used during the optional cron / hosted-scan path described below.

Not a compliance certificate

Automated tools (including axe-core 4.11, the engine used here) catch roughly 57% of WCAG issues. Manual review by a qualified human auditor is still recommended for full conformance.

Optional features (and what they transmit)

This is the full and accurate transmission story for every feature. The default install transmits nothing.

1. “Scan now” button — default scan flow

• Runs entirely in your WP admin browser tab.
• Loads the target page in a hidden iframe and evaluates it with bundled axe-core 4.11.
• Does not transmit anything to any external service.
• Scan results are written to your WordPress wp_options table under the key axle_last_scan so the admin dashboard can render the summary.

2. Auto scan = Daily (opt in only — Off by default)

• Only relevant if you explicitly enable this in Tools → AsafAmos Accessibility Scanner → Settings.
• WP-Cron runs without a browser, so the daily cron cannot use the in-browser iframe scanner. Instead it uses the hosted scanner at POST https://axle-iota.vercel.app/api/scan with body { "url": "<your configured target URL>", "source": "axle-wordpress" } (and Authorization: Bearer <key> if you’ve entered an axle API key).
• Requires your target URL to be publicly reachable — the hosted scanner cannot reach LocalWP, staging behind basic auth, or VPN-only environments.
• No visitor data, form data, or admin content is sent. Only the configured target URL.
• Disabled by default. Setting can be turned off again at any time.

Service provider for #2 (the opt-in daily cron only): axle (https://axle-iota.vercel.app)
Terms of use: https://axle-iota.vercel.app/terms
Privacy policy: https://axle-iota.vercel.app/privacy

You may disable all external communication by deactivating the plugin, by turning off Auto scan and not clicking Scan now, or by blocking the host axle-iota.vercel.app at the network level.