{"id":318041,"date":"2026-05-31T00:56:18","date_gmt":"2026-05-31T00:56:18","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/bbh-security-insight\/"},"modified":"2026-05-31T00:56:06","modified_gmt":"2026-05-31T00:56:06","slug":"bbh-security-insight","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/bbh-security-insight\/","author":15777968,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.0","stable_tag":"1.0.0","tested":"7.0","requires":"6.7","requires_php":"7.4","requires_plugins":null,"header_name":"BBH Security Insight","header_author":"Jahid Shah","header_description":"Perform lightweight read-only security health scans on your WordPress installation. Generate professional security risk reports with actionable recommendations.","assets_banners_color":"3d5065","last_updated":"2026-05-31 00:56:06","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/www.buymeacoffee.com\/jahidshah","header_plugin_uri":"https:\/\/wordpress.org\/plugins\/bbh-security-insight\/","header_author_uri":"https:\/\/jahidshah.com\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":33,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"jahidshah","date":"2026-05-31 00:56:06"}},"upgrade_notice":{"1.0.0":"<p>Initial release of BBH Security Insight. Run a security audit from Tools \u2192 Security Insight.<\/p>"},"ratings":[],"assets_icons":{"icon-256x256.png":{"filename":"icon-256x256.png","revision":3555060,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3555060,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3555060,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3555060,"resolution":"1","location":"assets","locale":"","width":900,"height":500},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3555060,"resolution":"2","location":"assets","locale":"","width":900,"height":500},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3555060,"resolution":"3","location":"assets","locale":"","width":900,"height":500}},"screenshots":{"1":"The BBH Security Insight dashboard with the Run Security Audit button and a completed Security Risk Report showing score, risk level, and detailed check results."}},"plugin_section":[],"plugin_tags":[600,8642,8645,151481,1173],"plugin_category":[54],"plugin_contributors":[240946],"plugin_business_model":[],"class_list":["post-318041","plugin","type-plugin","status-publish","hentry","plugin_tags-security","plugin_tags-security-audit","plugin_tags-security-scan","plugin_tags-site-health","plugin_tags-wordpress-security","plugin_category-security-and-spam-protection","plugin_contributors-jahidshah","plugin_committers-jahidshah"],"banners":{"banner":"https:\/\/ps.w.org\/bbh-security-insight\/assets\/banner-772x250.png?rev=3555060","banner_2x":"https:\/\/ps.w.org\/bbh-security-insight\/assets\/banner-1544x500.png?rev=3555060","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/bbh-security-insight\/assets\/icon-256x256.png?rev=3555060","icon_2x":"https:\/\/ps.w.org\/bbh-security-insight\/assets\/icon-256x256.png?rev=3555060","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/bbh-security-insight\/assets\/screenshot-1.png?rev=3555060","caption":"The BBH Security Insight dashboard with the Run Security Audit button and a completed Security Risk Report showing score, risk level, and detailed check results."},{"src":"https:\/\/ps.w.org\/bbh-security-insight\/assets\/screenshot-2.png?rev=3555060","caption":""},{"src":"https:\/\/ps.w.org\/bbh-security-insight\/assets\/screenshot-3.png?rev=3555060","caption":""}],"raw_content":"<!--section=description-->\n<p>BBH Security Insight runs a lightweight, read-only security audit on your WordPress installation and generates a professional Security Risk Report with color-coded risk levels (Critical, Warning, Safe), an overall security score (0\u2013100), and detailed remediation recommendations.<\/p>\n\n<p>This plugin is <strong>completely read-only<\/strong> \u2014 it never modifies files, never changes settings, and never sends data to external servers. It simply inspects your WordPress configuration and reports findings.<\/p>\n\n<h4>Audit Checks Include<\/h4>\n\n<ul>\n<li><strong>WordPress Version Exposure<\/strong> \u2014 Detects if your WordPress version is exposed via readme.html or generator tags.<\/li>\n<li><strong>Database Table Prefix<\/strong> \u2014 Checks if you are using the default <code>wp_<\/code> prefix.<\/li>\n<li><strong>XML-RPC Status<\/strong> \u2014 Reports whether XML-RPC is enabled or disabled.<\/li>\n<li><strong>DISALLOW_FILE_EDIT<\/strong> \u2014 Verifies if the built-in file editor is disabled.<\/li>\n<li><strong>WP_DEBUG Status<\/strong> \u2014 Checks whether debug mode is active on production.<\/li>\n<li><strong>Directory Browsing<\/strong> \u2014 Checks whether directory listing appears to be disabled.<\/li>\n<li><strong>readme.html Exposure<\/strong> \u2014 Checks for the presence of the readme file.<\/li>\n<li><strong>install.php Exposure<\/strong> \u2014 Checks if the installation script is accessible.<\/li>\n<li><strong>wp-config.php Permissions<\/strong> \u2014 Verifies file permissions on this critical file.<\/li>\n<li><strong>wp-content Permissions<\/strong> \u2014 Checks directory permissions on your content directory.<\/li>\n<li><strong>User Enumeration Exposure<\/strong> \u2014 Checks for common user enumeration exposure patterns.<\/li>\n<li><strong>Security Headers<\/strong> \u2014 Scans for CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options.<\/li>\n<li><strong>Uploads PHP Execution<\/strong> \u2014 Checks if PHP execution is blocked in the uploads directory.<\/li>\n<li><strong>Admin Username<\/strong> \u2014 Detects if an administrator uses the default \"admin\" username.<\/li>\n<li><strong>Malware Heuristics<\/strong> \u2014 Performs lightweight checks for suspicious code patterns in active plugin and theme PHP files.<\/li>\n<\/ul>\n\n<h4>Features<\/h4>\n\n<ul>\n<li>One-click \"Run Security Audit\" button on the admin dashboard.<\/li>\n<li>Professional, color-coded Security Risk Report with score (0\u2013100).<\/li>\n<li>Human-readable explanations and remediation recommendations for every check.<\/li>\n<li>Dismissible admin reminder notice.<\/li>\n<li>Fully internationalized \u2014 ready for translation.<\/li>\n<li>Secure AJAX with nonce verification and capability checks.<\/li>\n<li>WordPress Coding Standards compliant.<\/li>\n<li>No external dependencies \u2014 no Composer, no third-party APIs.<\/li>\n<li>Read-only \u2014 never makes changes to your site.<\/li>\n<\/ul>\n\n<h4>Additional Resources<\/h4>\n\n<p>Looking for additional WordPress security guidance? Visit <a href=\"https:\/\/jahidshah.com\">jahidshah.com<\/a> for documentation, security resources, and professional assistance.<\/p>\n\n<h3>Support &amp; Contact<\/h3>\n\n<p>Need help or want to report an issue? Visit our support page or open a support ticket on the WordPress plugin repository.<\/p>\n\n<ul>\n<li>Website: https:\/\/jahidshah.com\/<\/li>\n<li>Support: https:\/\/wordpress.org\/support\/plugin\/bbh-security-insight\/<\/li>\n<\/ul>\n\n<h3>Other Plugins<\/h3>\n\n<ul>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/bbh-custom-schema\/\">BBH Custom Schema<\/a> - Add custom JSON-LD schema to your website<\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/bbh-seo-toolkit\/\">BBH SEO Toolkit<\/a> - Advanced SEO &amp; Structured Data Engine<\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/aj-faq-block\/\">AJ FAQ Block<\/a> - Display FAQs with a beautiful block<\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/aj-card-element\/\">AJ Card Element<\/a> - Display content in beautiful cards<\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/aj-square-testimonial-slider\/\">AJ Square Testimonial Slider<\/a> - Showcase testimonials in a slider<\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/aj-category-posts\/\">AJ Category Posts<\/a> - Display posts by category<\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/ajx-filter-for-woo\/\">AJx Filter for WooCommerce<\/a> - Advanced product filtering for WooCommerce<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>bbh-security-insight<\/code> folder to the <code>\/wp-content\/plugins\/<\/code> directory, or install directly from the WordPress plugin directory.<\/li>\n<li>Activate the plugin through the 'Plugins' screen in WordPress.<\/li>\n<li>Go to <strong>Tools \u2192 Security Insight<\/strong> in your WordPress admin menu.<\/li>\n<li>Click the <strong>\"Run Security Audit\"<\/strong> button to generate your Security Risk Report.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20plugin%20make%20any%20changes%20to%20my%20site%3F\"><h3>Does this plugin make any changes to my site?<\/h3><\/dt>\n<dd><p>No. BBH Security Insight is completely read-only. It inspects your WordPress configuration, files, and settings but never modifies anything. It does not create files, change database records, or alter configurations.<\/p><\/dd>\n<dt id=\"does%20this%20plugin%20send%20data%20to%20external%20servers%3F\"><h3>Does this plugin send data to external servers?<\/h3><\/dt>\n<dd><p>No. All scanning is performed locally on your server. No data is sent to external services or third-party servers. The results are stored in your WordPress database and displayed only to logged-in administrators.<\/p><\/dd>\n<dt id=\"how%20often%20should%20i%20run%20a%20security%20audit%3F\"><h3>How often should I run a security audit?<\/h3><\/dt>\n<dd><p>We recommend running a security audit at least once a month, or after making significant changes to your site such as installing new plugins, updating themes, or modifying server configurations.<\/p><\/dd>\n<dt id=\"can%20this%20plugin%20fix%20the%20issues%20it%20finds%3F\"><h3>Can this plugin fix the issues it finds?<\/h3><\/dt>\n<dd><p>No. The plugin is designed as a diagnostic tool only. It provides detailed recommendations for each issue found, but you will need to implement the fixes yourself or consult with a WordPress security professional.<\/p><\/dd>\n<dt id=\"what%20are%20the%20malware%20heuristics%3F\"><h3>What are the malware heuristics?<\/h3><\/dt>\n<dd><p>The malware heuristics scan searches active plugin and theme PHP files for common code patterns that are often used in malicious scripts (e.g., base64_decode, eval, gzinflate). This scan has limitations \u2014 it can produce false positives from legitimate code, and it may miss sophisticated malware. This heuristic scan is informational only. It may produce false positives and cannot guarantee malware detection or site cleanliness.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<li>15 read-only security audit checks.<\/li>\n<li>Professional Security Risk Report with color-coded risk levels.<\/li>\n<li>Security score (0\u2013100) with overall risk assessment.<\/li>\n<li>AJAX-powered audit execution with nonce verification.<\/li>\n<li>Dismissible admin notices.<\/li>\n<li>Fully internationalized.<\/li>\n<li>WordPress Coding Standards compliant.<\/li>\n<\/ul>","raw_excerpt":"Lightweight, read-only WordPress security audits with risk scoring, security checks, and actionable recommendations.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/318041","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=318041"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/jahidshah"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=318041"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=318041"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=318041"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=318041"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=318041"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=318041"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}