Title: CompatShield WP Site Auditor Author: CompatShield Published: June 26, 2026 Last modified: June 26, 2026 --- Search plugins ![](https://ps.w.org/compatshield-site-auditor/assets/banner-772x250.png?rev=3587077) ![](https://ps.w.org/compatshield-site-auditor/assets/icon-256x256.png?rev=3586981) # CompatShield WP Site Auditor By [CompatShield](https://profiles.wordpress.org/compatshield/) [Download](https://downloads.wordpress.org/plugin/compatshield-site-auditor.zip) * [Details](https://wordpress.org/plugins/compatshield-site-auditor/#description) * [Reviews](https://wordpress.org/plugins/compatshield-site-auditor/#reviews) * [Installation](https://wordpress.org/plugins/compatshield-site-auditor/#installation) * [Development](https://wordpress.org/plugins/compatshield-site-auditor/#developers) [Support](https://wordpress.org/support/plugin/compatshield-site-auditor/) ## Description CompatShield Site Auditor gives WordPress site owners and agencies a full picture of their site’s security posture in one scan. Unlike basic security plugins, it audits every layer — environment, plugins, themes, users, files, and database — and produces a single weighted score out of 100 with a per-category breakdown. #### What it checks **Environment & Hardening** * PHP version (flags below 8.2) * WordPress core version* WP_DEBUG exposure * XML-RPC enabled * wp-config.php file permissions * Database table prefix (flags default wp_) * Directory listing enabled * .htaccess integrity* HTTPS enforcement * readme.html / license.txt version leakage **Plugin & Theme Intelligence** * Lists all installed plugins (active and inactive)* Hits WordPress.org API for last updated date and install count * Flags plugins not updated in 6, 12, or 24 months * Flags plugins removed from the WordPress.org directory* Flags abandoned themes **User & Access Audit** * Lists all administrator accounts * Flags the default “ admin” username still in use * Detects dormant admin accounts (no login in 90+ days)* Checks for two-factor authentication plugins * Flags non-admin users with elevated capabilities (manage_options, install_plugins, etc.) **File Integrity & Backdoor Detection** * Hashes WordPress core files against official checksums * Flags modified core files * Scans theme and plugin files for dangerous PHP patterns: eval(base64_decode), gzinflate, str_rot13, shell_exec, exec, system, preg_replace with /e modifier * Flags PHP files inside /uploads/ directory * Flags. git directory exposure * Detects suspicious WordPress cron jobs * Flags PHP files modified in the last 7 or 30 days **Database Security** * Checks for publicly accessible phpMyAdmin * Scans published posts for injected content (hidden links, base64 blobs, external iframes) * Scans wp_options autoloaded data for malicious PHP patterns and oversized entries **Security Score** * Weighted score out of 100 (Environment 25, Plugins 20, Headers 20, Users 15, Database 10, Themes 10) * Per-category score breakdown with issue count * Historical score tracking with week-over-week change #### Who is this for? * WordPress site owners who want to know their security posture * Freelancers and developers managing client sites * Agencies auditing multiple client sites All of the scanning and reporting features described above are fully included in this free plugin — nothing here is time-limited or feature-gated. CompatShield may offer separate, optional products in the future (such as a multi-site management dashboard); any such product would be a distinct, separately-installed plugin or service, not a restriction on this one. #### Privacy This plugin makes outbound requests to: * **WordPress.org API** (api.wordpress. org) — to retrieve plugin and theme metadata * **Your own site’s URL** — to check phpMyAdmin exposure and security headers No data is sent to third-party servers by the free version. ## Screenshots [⌊Main dashboard showing security score (45/100) with per-category breakdown, Environment Checks And others⌉⌊Main dashboard showing security score (45/100) with per-category breakdown, Environment Checks And others⌉[ Main dashboard showing security score (45/100) with per-category breakdown, Environment Checks And others [⌊Plugin intelligence page showing update status and maintenance risk⌉⌊Plugin intelligence page showing update status and maintenance risk⌉[ Plugin intelligence page showing update status and maintenance risk [⌊Theme intelligence page showing update status and maintenance risk⌉⌊Theme intelligence page showing update status and maintenance risk⌉[ Theme intelligence page showing update status and maintenance risk [⌊User audit page listing all admin accounts with risk indicators⌉⌊User audit page listing all admin accounts with risk indicators⌉[ User audit page listing all admin accounts with risk indicators [⌊File Integrity check list the files that has been modified⌉⌊File Integrity check list the files that has been modified⌉[ File Integrity check list the files that has been modified [⌊Malware Scan⌉⌊Malware Scan⌉[ Malware Scan [⌊Cron Scan⌉⌊Cron Scan⌉[ Cron Scan [⌊Core File Audit⌉⌊Core File Audit⌉[ Core File Audit [⌊Core Checksum Audit⌉⌊Core Checksum Audit⌉[ Core Checksum Audit [⌊Security headers Audit⌉⌊Security headers Audit⌉[ Security headers Audit [⌊Database Security Audit⌉⌊Database Security Audit⌉[ Database Security Audit ## Installation 1. Upload the plugin files to `/wp-content/plugins/compatshield-site-auditor/`, or install the plugin through the WordPress Plugins screen directly. 2. Activate the plugin through the Plugins screen in WordPress. 3. Navigate to **Security Audit** in the WordPress admin sidebar. 4. Click **Run Security Scan** to perform your first scan. ## FAQ ### Does this plugin affect site performance? Scans only run when you click “Run Security Scan” — nothing happens in the background on the free tier. The scan touches the local filesystem and database, so run it during off-peak hours on large sites. ### Why does my score say 0/100? A score of 0 means the combined deductions from your findings exceeded 100 points. This happens on sites with multiple critical and high issues simultaneously (e.g. missing all security headers plus no 2FA plus WP_DEBUG enabled). Fix the findings listed and re-run the scan. ### Is my data sent anywhere? The free version only contacts WordPress.org to fetch plugin/theme metadata. No scan results, site data, or personal information is sent to CompatShield or any third party. ### Will this plugin fix issues automatically? No. CompatShield Site Auditor is a read-only scanner. It tells you what’s wrong — it doesn’t make changes to your site. ### Can I use this on a multisite installation? Yes. The plugin supports WordPress Multisite and can be network-activated. ## Reviews There are no reviews for this plugin. ## Contributors & Developers “CompatShield WP Site Auditor” is open source software. The following people have contributed to this plugin. Contributors * [ CompatShield ](https://profiles.wordpress.org/compatshield/) [Translate “CompatShield WP Site Auditor” into your language.](https://translate.wordpress.org/projects/wp-plugins/compatshield-site-auditor) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/compatshield-site-auditor/), check out the [SVN repository](https://plugins.svn.wordpress.org/compatshield-site-auditor/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/compatshield-site-auditor/) by [RSS](https://plugins.trac.wordpress.org/log/compatshield-site-auditor/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 0.1.0 * Initial release * Environment & hardening scanner (10 checks) * Plugin & theme intelligence with WordPress.org API integration * User & access audit with dormant account detection * File integrity scanner with malware pattern detection * Database security scanner * Weighted security score with per-category breakdown * Historical score tracking * Security headers audit ## Meta * Version **0.1.0** * Last updated **21 hours ago** * Active installations **Fewer than 10** * WordPress version ** 6.5 or higher ** * Tested up to **7.0** * PHP version ** 7.4 or higher ** * Tags * [audit](https://wordpress.org/plugins/tags/audit/)[hardening](https://wordpress.org/plugins/tags/hardening/) [malware](https://wordpress.org/plugins/tags/malware/)[security](https://wordpress.org/plugins/tags/security/) [vulnerability](https://wordpress.org/plugins/tags/vulnerability/) * [Advanced View](https://wordpress.org/plugins/compatshield-site-auditor/advanced/) ## Ratings No reviews have been submitted yet. [Your review](https://wordpress.org/support/plugin/compatshield-site-auditor/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/compatshield-site-auditor/reviews/) ## Contributors * [ CompatShield ](https://profiles.wordpress.org/compatshield/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/compatshield-site-auditor/)