Initial release.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3586981,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3586981,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3587077,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3587077,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":[],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3586981,"resolution":"1","location":"assets","locale":"","width":1716,"height":2377},"screenshot-10.png":{"filename":"screenshot-10.png","revision":3586981,"resolution":"10","location":"assets","locale":"","width":1716,"height":968},"screenshot-11.png":{"filename":"screenshot-11.png","revision":3586981,"resolution":"11","location":"assets","locale":"","width":1727,"height":841},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3586981,"resolution":"2","location":"assets","locale":"","width":1705,"height":899},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3586981,"resolution":"3","location":"assets","locale":"","width":1708,"height":856},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3586981,"resolution":"4","location":"assets","locale":"","width":1713,"height":854},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3586981,"resolution":"5","location":"assets","locale":"","width":1714,"height":849},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3586981,"resolution":"6","location":"assets","locale":"","width":1711,"height":842},"screenshot-7.png":{"filename":"screenshot-7.png","revision":3586981,"resolution":"7","location":"assets","locale":"","width":1704,"height":832},"screenshot-8.png":{"filename":"screenshot-8.png","revision":3586981,"resolution":"8","location":"assets","locale":"","width":1687,"height":840},"screenshot-9.png":{"filename":"screenshot-9.png","revision":3586981,"resolution":"9","location":"assets","locale":"","width":1695,"height":865}},"screenshots":{"1":"Main dashboard showing security score (45\/100) with per-category breakdown, Environment Checks And others","2":"Plugin intelligence page showing update status and maintenance risk","3":"Theme intelligence page showing update status and maintenance risk","4":"User audit page listing all admin accounts with risk indicators","5":"File Integrity check list the files that has been modified","6":"Malware Scan","7":"Cron Scan","8":"Core File Audit","9":"Core Checksum Audit","10":"Security headers Audit","11":"Database Security Audit"}},"plugin_section":[],"plugin_tags":[8533,31093,1184,600,6460],"plugin_category":[54],"plugin_contributors":[248665],"plugin_business_model":[],"class_list":["post-331654","plugin","type-plugin","status-publish","hentry","plugin_tags-audit","plugin_tags-hardening","plugin_tags-malware","plugin_tags-security","plugin_tags-vulnerability","plugin_category-security-and-spam-protection","plugin_contributors-compatshield","plugin_committers-compatshield"],"banners":{"banner":"https:\/\/ps.w.org\/compatshield-site-auditor\/assets\/banner-772x250.png?rev=3587077","banner_2x":"https:\/\/ps.w.org\/compatshield-site-auditor\/assets\/banner-1544x500.png?rev=3587077","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/compatshield-site-auditor\/assets\/icon-128x128.png?rev=3586981","icon_2x":"https:\/\/ps.w.org\/compatshield-site-auditor\/assets\/icon-256x256.png?rev=3586981","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/compatshield-site-auditor\/assets\/screenshot-1.png?rev=3586981","caption":"Main dashboard showing security score (45\/100) with per-category breakdown, Environment Checks And others"},{"src":"https:\/\/ps.w.org\/compatshield-site-auditor\/assets\/screenshot-2.png?rev=3586981","caption":"Plugin intelligence page showing update status and maintenance risk"},{"src":"https:\/\/ps.w.org\/compatshield-site-auditor\/assets\/screenshot-3.png?rev=3586981","caption":"Theme intelligence page showing update status and maintenance risk"},{"src":"https:\/\/ps.w.org\/compatshield-site-auditor\/assets\/screenshot-4.png?rev=3586981","caption":"User audit page listing all admin accounts with risk indicators"},{"src":"https:\/\/ps.w.org\/compatshield-site-auditor\/assets\/screenshot-5.png?rev=3586981","caption":"File Integrity check list the files that has been modified"},{"src":"https:\/\/ps.w.org\/compatshield-site-auditor\/assets\/screenshot-6.png?rev=3586981","caption":"Malware Scan"},{"src":"https:\/\/ps.w.org\/compatshield-site-auditor\/assets\/screenshot-7.png?rev=3586981","caption":"Cron Scan"},{"src":"https:\/\/ps.w.org\/compatshield-site-auditor\/assets\/screenshot-8.png?rev=3586981","caption":"Core File Audit"},{"src":"https:\/\/ps.w.org\/compatshield-site-auditor\/assets\/screenshot-9.png?rev=3586981","caption":"Core Checksum Audit"},{"src":"https:\/\/ps.w.org\/compatshield-site-auditor\/assets\/screenshot-10.png?rev=3586981","caption":"Security headers Audit"},{"src":"https:\/\/ps.w.org\/compatshield-site-auditor\/assets\/screenshot-11.png?rev=3586981","caption":"Database Security Audit"}],"raw_content":"\n
CompatShield Site Auditor gives WordPress site owners and agencies a full picture of their site's security posture in one scan. Unlike basic security plugins, it audits every layer \u2014 environment, plugins, themes, users, files, and database \u2014 and produces a single weighted score out of 100 with a per-category breakdown.<\/p>\n\n
Environment & Hardening<\/strong>\n* PHP version (flags below 8.2)\n* WordPress core version\n* WP_DEBUG exposure\n* XML-RPC enabled\n* wp-config.php file permissions\n* Database table prefix (flags default wp_)\n* Directory listing enabled\n* .htaccess integrity\n* HTTPS enforcement\n* readme.html \/ license.txt version leakage<\/p>\n\n Plugin & Theme Intelligence<\/strong>\n* Lists all installed plugins (active and inactive)\n* Hits WordPress.org API for last updated date and install count\n* Flags plugins not updated in 6, 12, or 24 months\n* Flags plugins removed from the WordPress.org directory\n* Flags abandoned themes<\/p>\n\n User & Access Audit<\/strong>\n* Lists all administrator accounts\n* Flags the default \"admin\" username still in use\n* Detects dormant admin accounts (no login in 90+ days)\n* Checks for two-factor authentication plugins\n* Flags non-admin users with elevated capabilities (manage_options, install_plugins, etc.)<\/p>\n\n File Integrity & Backdoor Detection<\/strong>\n* Hashes WordPress core files against official checksums\n* Flags modified core files\n* Scans theme and plugin files for dangerous PHP patterns: eval(base64_decode), gzinflate, str_rot13, shell_exec, exec, system, preg_replace with \/e modifier\n* Flags PHP files inside \/uploads\/ directory\n* Flags .git directory exposure\n* Detects suspicious WordPress cron jobs\n* Flags PHP files modified in the last 7 or 30 days<\/p>\n\n Database Security<\/strong>\n* Checks for publicly accessible phpMyAdmin\n* Scans published posts for injected content (hidden links, base64 blobs, external iframes)\n* Scans wp_options autoloaded data for malicious PHP patterns and oversized entries<\/p>\n\n Security Score<\/strong>\n* Weighted score out of 100 (Environment 25, Plugins 20, Headers 20, Users 15, Database 10, Themes 10)\n* Per-category score breakdown with issue count\n* Historical score tracking with week-over-week change<\/p>\n\n All of the scanning and reporting features described above are fully\nincluded in this free plugin \u2014 nothing here is time-limited or\nfeature-gated. CompatShield may offer separate, optional products in\nthe future (such as a multi-site management dashboard); any such\nproduct would be a distinct, separately-installed plugin or service,\nnot a restriction on this one.<\/p>\n\n This plugin makes outbound requests to:\n* WordPress.org API<\/strong> (api.wordpress.org) \u2014 to retrieve plugin and theme metadata\n* Your own site's URL<\/strong> \u2014 to check phpMyAdmin exposure and security headers<\/p>\n\n No data is sent to third-party servers by the free version.<\/p>\n\n\n Scans only run when you click \"Run Security Scan\" \u2014 nothing happens in the background on the free tier. The scan touches the local filesystem and database, so run it during off-peak hours on large sites.<\/p><\/dd>\n A score of 0 means the combined deductions from your findings exceeded 100 points. This happens on sites with multiple critical and high issues simultaneously (e.g. missing all security headers plus no 2FA plus WP_DEBUG enabled). Fix the findings listed and re-run the scan.<\/p><\/dd>\n The free version only contacts WordPress.org to fetch plugin\/theme metadata. No scan results, site data, or personal information is sent to CompatShield or any third party.<\/p><\/dd>\n No. CompatShield Site Auditor is a read-only scanner. It tells you what's wrong \u2014 it doesn't make changes to your site.<\/p><\/dd>\n Yes. The plugin supports WordPress Multisite and can be network-activated.<\/p><\/dd>\n\n<\/dl>\n\n\nWho is this for?<\/h4>\n\n
\n
Privacy<\/h4>\n\n
\n
\/wp-content\/plugins\/compatshield-site-auditor\/<\/code>, or install the plugin through the WordPress Plugins screen directly.<\/li>\n\n
Does this plugin affect site performance?<\/h3><\/dt>\n
Why does my score say 0\/100?<\/h3><\/dt>\n
Is my data sent anywhere?<\/h3><\/dt>\n
Will this plugin fix issues automatically?<\/h3><\/dt>\n
Can I use this on a multisite installation?<\/h3><\/dt>\n
0.1.0<\/h4>\n\n
\n