This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Triagis® WordPress Security Evaluation – Check Folder Permissions, Fix For Common Security Vulnerabilities


WordPress can be easily secured by following a few best security practices. We check your server and WordPress installation for common security vulnerabilities, which you can then address right on the plugin page itself!

Some of the things we check for, which you can fix with a few clicks!

  • Check if thumthumb.php or other scripts exist that are easily exploited
  • Location of your wp-config.php
  • Is mod_security enabled
  • Is SSL for backend enabled
  • What information do you expose
  • Do you currently allow PHP to display errors?
  • What permission does your wp-config file, folders and other files on the server have – are they secure?
  • Is your server software up to date (MySQL,PHP,OS)
  • What database prefix do you use? (1-click Fix available)
  • What is the username of the admin account (1-click Fix available)

Don’t Expose WordPress Version Using Our Suggestions

A default WordPress installation will expose your version. Hackers scan sites for exploits and always look for older versions that are still vulnerable. Use our suggestion to remove it

Check Folder Permissions With 1-Click

Most WordPress installations get hacked due to insecure folder permissions. World-writable (777) permissions invite other users to upload files to your server, making it highly vulnerable.

Move Wp-Content Directory

Most WordPress installations use a folder called wp-content and a subdirectory “uploads”. If you want to make it a little more difficult for possible automated
attacks to succeed you might want to consider changing your wp-content directory name. With our plugin you can do that with a few clicks. NOTE: This is intended for development
environments and not production sites. We do not recommend to try this on your live sites.

Why TimThumb Poses A Security Threat

On all servers that host WordPress sites you will have automated scans for a file called timthumb.php or a variation of other names that are targeting exactly this file. Why?
Because timthumb.php is very easy to exploit if you set the wrong file and folder permissions. If your server is mis-configured, timthumb.php poses a significant threat
to your site and server. That’s why we recommend that beginners try to locate plugins that make use of this script and try to find alternatives. An alternative approach is to move the timthumb.php outside
the public folders.

Future Versions

Planned for future versions is a dashboard widget with important information at a glance and additional security checks

Add improved way to check for TimThumb

Further Reading

For more info, check out the following articles and videos:


  • Displays Urgent Warnings In Red / Yellow
  • Various security options you can check and modify directly on the plugin page e.g. table prefix, admin account name, etc.


No questions yet – send questions to

If you need support, please go to our new product support forums at


Hate to be the first with a review . . .


. . . BUT, this plug-in kept me from being able to login to my WordPress dashboard today. The live site still worked, but I just got a blank screen after I entered my credentials to login. Once I removed from the plug-in directory, all worked fine again.

Looks like some more testing needs to be done. Sorry for the bad news.

Read all 2 reviews



  • Fixed some typos, checked current WordPress version stability, added new roadmap, added new support forum link for product support


  • Fixed issue for some lite users


  • Minor update, fixed some CSS issues


  • Fixed critical bug, further cleanup
  • Added disclaimer before moving wp-content directory


  • Cleaned up files


  • Fixed various functions


  • Initial stable version

Contributors & Developers

This is open source software. The following people have contributed to this plugin.


Browse the code