{"id":330155,"date":"2026-07-03T12:26:58","date_gmt":"2026-07-03T12:26:58","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/site-security-checker\/"},"modified":"2026-07-03T12:26:39","modified_gmt":"2026-07-03T12:26:39","slug":"cybernote-security-checker","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/cybernote-security-checker\/","author":20402536,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.0","stable_tag":"1.0.0","tested":"7.0","requires":"5.9","requires_php":"7.4","requires_plugins":null,"header_name":"CyberNote Security Checker","header_author":"teeeda1129","header_description":"Diagnoses WordPress security settings and version status, presenting improvement steps in plain Japanese. No external requests. Lightweight design.","assets_banners_color":"1b3359","last_updated":"2026-07-03 12:26:39","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/www.cybernote.click\/wp-security-checker-guide\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":28,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"teeeda1129","date":"2026-07-03 12:26:39"}},"upgrade_notice":{"1.0.0":"<p>Initial release.<\/p>"},"ratings":[],"assets_icons":{"icon.svg":{"filename":"icon.svg","revision":3595243,"resolution":false,"location":"assets","locale":false}},"assets_banners":{"banner-772x250.png":{"filename":"banner-772x250.png","revision":3595246,"resolution":"772x250","location":"assets","locale":"","width":2170,"height":725}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3595246,"resolution":"1","location":"assets","locale":"","width":1518,"height":851},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3595246,"resolution":"2","location":"assets","locale":"","width":438,"height":593}},"screenshots":{"1":"Dedicated admin page \u2014 all 10 diagnostic results in one view. Priority items and hardening settings displayed in a two-column layout.","2":"Dashboard widget \u2014 compact summary on the standard WordPress dashboard showing issue count and top-priority items."}},"plugin_section":[262246],"plugin_tags":[8533,23516,31093,732,600],"plugin_category":[52,54],"plugin_contributors":[270001],"plugin_business_model":[],"class_list":["post-330155","plugin","type-plugin","status-publish","hentry","plugin_section-dashboard-widgets","plugin_tags-audit","plugin_tags-diagnostic","plugin_tags-hardening","plugin_tags-maintenance","plugin_tags-security","plugin_category-performance","plugin_category-security-and-spam-protection","plugin_contributors-teeeda1129","plugin_committers-teeeda1129"],"banners":{"banner":"https:\/\/ps.w.org\/cybernote-security-checker\/assets\/banner-772x250.png?rev=3595246","banner_2x":false,"banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":"https:\/\/ps.w.org\/cybernote-security-checker\/assets\/icon.svg?rev=3595243","icon":"https:\/\/ps.w.org\/cybernote-security-checker\/assets\/icon.svg?rev=3595243","icon_2x":false,"generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/cybernote-security-checker\/assets\/screenshot-1.png?rev=3595246","caption":"Dedicated admin page \u2014 all 10 diagnostic results in one view. Priority items and hardening settings displayed in a two-column layout."},{"src":"https:\/\/ps.w.org\/cybernote-security-checker\/assets\/screenshot-2.png?rev=3595246","caption":"Dashboard widget \u2014 compact summary on the standard WordPress dashboard showing issue count and top-priority items."}],"raw_content":"<!--section=description-->\n<p>CyberNote Security Checker is a lightweight plugin that audits your WordPress site's security posture without sending any data to external servers.<\/p>\n\n<p>Many security plugins are powerful but heavy, English-only, and full of technical jargon. CyberNote Security Checker takes the opposite approach: it targets Japanese individual bloggers and small business owners who need to understand exactly what to do \u2014 delivered quickly and without specialist knowledge.<\/p>\n\n<p><strong>12 diagnostic checks. Zero external requests.<\/strong><\/p>\n\n<p>A widget appears on the WordPress dashboard showing results in three levels: good (no action needed) \/ attention (improvement recommended) \/ recommended (priority action required). Each item includes a plain-Japanese explanation of the risk and step-by-step remediation guidance.<\/p>\n\n<h4>Category A: Version Freshness (3 checks)<\/h4>\n\n<ul>\n<li><strong>WordPress core<\/strong> \u2014 Detects whether security-only maintenance releases are unapplied. Distinguishes urgency between security patches and feature updates.<\/li>\n<li><strong>PHP version<\/strong> \u2014 Evaluated against official PHP support status. End-of-life versions flagged as \"priority action\"; security-only branches as \"attention\".<\/li>\n<li><strong>Plugin and theme updates<\/strong> \u2014 Displays the count and names of pending updates. A direct link opens the standard WordPress update screen; the plugin never performs updates itself.<\/li>\n<\/ul>\n\n<h4>Category B: Hardening Settings (9 checks)<\/h4>\n\n<ul>\n<li><strong>Debug display<\/strong> \u2014 WP_DEBUG with screen output on a production site is flagged as \"priority action\"; log-only mode as \"attention\".<\/li>\n<li><strong>File editing<\/strong> \u2014 If the theme and plugin code editor is enabled in the admin panel, flagged as \"priority action\".<\/li>\n<li><strong>Admin username<\/strong> \u2014 If a user named admin or administrator exists, flagged as \"attention\" (changing it carries migration risk, so no urgent push).<\/li>\n<li><strong>HTTPS<\/strong> \u2014 Sites running on plain HTTP are flagged as \"priority action\".<\/li>\n<li><strong>Database table prefix<\/strong> \u2014 Default wp_ prefix flagged as \"attention\" (live-site changes carry risk, so no urgent push).<\/li>\n<li><strong>XML-RPC<\/strong> \u2014 Enabled XML-RPC is flagged as \"attention\"; use-case guidance included before recommending disablement.<\/li>\n<li><strong>REST API user enumeration<\/strong> \u2014 If anonymous requests to \/wp\/v2\/users return user data, flagged as \"attention\".<\/li>\n<li><strong>Security keys (salts)<\/strong> \u2014 Checks whether the wp-config.php authentication unique keys and salts are set and not left at the default placeholder. Missing or default keys are flagged as \"priority action\" (login cookies could be forged). Key values are never read out or displayed.<\/li>\n<li><strong>Unused plugins and themes<\/strong> \u2014 Inactive plugins and unused themes still ship files on the server that can be exploited if vulnerable. Their presence is flagged as \"attention\" with removal guidance (keeping one fallback theme is fine).<\/li>\n<\/ul>\n\n<h4>Design Principles<\/h4>\n\n<ul>\n<li><strong>Read-only<\/strong> \u2014 The plugin only presents diagnostic results. It never automatically changes site settings or files.<\/li>\n<li><strong>No external requests<\/strong> \u2014 Every check reads WordPress built-in APIs and site configuration only. Nothing leaves your server.<\/li>\n<li><strong>Lightweight<\/strong> \u2014 No real-time file scanning, no custom WAF, no resident processes. Diagnostics run once when the admin page loads.<\/li>\n<li><strong>Plain language<\/strong> \u2014 Technical terms are avoided. Each check explains why it matters and what to do in everyday language.<\/li>\n<\/ul>\n\n<h4>Vulnerability alerts (separate external service)<\/h4>\n\n<p>This plugin is free and fully functional on its own. Matching your installed plugins and themes against external vulnerability databases (CVE) requires server-side processing that cannot be done locally, so it is offered separately as an external service called CyberNote, not bundled in this plugin. See https:\/\/www.cybernote.click\/wp-security-checker-guide\/ for details.<\/p>\n\n<!--section=installation-->\n<h4>Automatic installation<\/h4>\n\n<ol>\n<li>Go to Dashboard &gt; Plugins &gt; Add New<\/li>\n<li>Search for \"CyberNote Security Checker\"<\/li>\n<li>Click Install Now, then Activate<\/li>\n<\/ol>\n\n<h4>Manual installation<\/h4>\n\n<ol>\n<li>Download the ZIP file from this page<\/li>\n<li>Go to Dashboard &gt; Plugins &gt; Add New &gt; Upload Plugin<\/li>\n<li>Select the ZIP file and click Install Now, then Activate<\/li>\n<li>After activation, the diagnostic widget appears on your WordPress dashboard<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20plugin%20send%20any%20data%20to%20external%20servers%3F\"><h3>Does this plugin send any data to external servers?<\/h3><\/dt>\n<dd><p>No. All diagnostics run entirely within your WordPress installation. No data is sent anywhere.<\/p><\/dd>\n<dt id=\"will%20running%20the%20diagnostics%20slow%20down%20my%20site%3F\"><h3>Will running the diagnostics slow down my site?<\/h3><\/dt>\n<dd><p>No. Diagnostics only run when you open the plugin's admin page or dashboard widget, and there is no continuous background scanning.<\/p><\/dd>\n<dt id=\"does%20clicking%20%22open%20update%20screen%22%20automatically%20update%20my%20plugins%3F\"><h3>Does clicking \"Open update screen\" automatically update my plugins?<\/h3><\/dt>\n<dd><p>No. It navigates to the standard WordPress update screen. The decision to update is yours.<\/p><\/dd>\n<dt id=\"how%20do%20i%20get%20the%20latest%20results%20without%20reloading%20the%20page%3F\"><h3>How do I get the latest results without reloading the page?<\/h3><\/dt>\n<dd><p>Click the \"Re-diagnose\" button inside the widget or admin page to refresh results via AJAX without a full page reload.<\/p><\/dd>\n<dt id=\"php%208.1%20is%20detected.%20do%20i%20need%20to%20upgrade%20immediately%3F\"><h3>PHP 8.1 is detected. Do I need to upgrade immediately?<\/h3><\/dt>\n<dd><p>PHP 8.1 reached end-of-life in late 2025, so the plugin flags it as \"priority action\". However, upgrading PHP can break some plugins or themes. Take a backup, test in a staging environment if possible, then upgrade.<\/p><\/dd>\n<dt id=\"is%20it%20safe%20to%20leave%20xml-rpc%20enabled%3F\"><h3>Is it safe to leave XML-RPC enabled?<\/h3><\/dt>\n<dd><p>If you use Jetpack or a mobile app that relies on XML-RPC, leaving it enabled is fine. If you have no services depending on it, consider disabling it.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<li>Category A (version freshness): 3 diagnostic checks<\/li>\n<li>Category B (hardening settings): 9 diagnostic checks<\/li>\n<li>WordPress dashboard widget with AJAX refresh<\/li>\n<li>Dedicated admin panel with diagnostic sub-pages<\/li>\n<li>Full Japanese language support<\/li>\n<\/ul>","raw_excerpt":"Diagnoses WordPress security settings and version status, presenting plain-language improvement steps in Japanese. No external requests. Lightweight.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/330155","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=330155"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/teeeda1129"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=330155"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=330155"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=330155"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=330155"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=330155"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=330155"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}