WordPress Security Plugin

CompatShield Site Auditor

A complete WordPress security audit, scored out of 100, in one scan.

CompatShield Site Auditor gives WordPress site owners and agencies a full picture of their site's security posture in one scan. Unlike basic security plugins, it audits every layer — environment, plugins, themes, users, files, and database — and produces a single weighted score with a per-category breakdown.

90/100

Example security score visualization

What it checks

Six comprehensive audit categories covering every layer of your WordPress site.

🛡️

Environment & Hardening

  • PHP version (flags below 8.2)
  • WordPress core version
  • WP_DEBUG exposure
  • XML-RPC enabled
  • wp-config.php file permissions
  • Database table prefix (flags default wp_)
  • Directory listing enabled
  • .htaccess integrity
  • HTTPS enforcement
  • readme.html / license.txt version leakage
🔌

Plugin & Theme Intelligence

  • Lists all installed plugins (active and inactive)
  • Checks WordPress.org for last updated date and install count
  • Flags plugins not updated in 6, 12, or 24 months
  • Flags plugins removed from the WordPress.org directory
  • Flags abandoned themes
👤

User & Access Audit

  • Lists all administrator accounts
  • Flags the default "admin" username still in use
  • Detects dormant admin accounts (no login in 90+ days)
  • Checks for two-factor authentication plugins
  • Flags non-admin users with elevated capabilities
📁

File Integrity & Malware

  • Hashes WordPress core files against official checksums
  • Flags modified core files
  • Scans theme and plugin files for dangerous PHP patterns
  • Flags PHP files inside the /uploads/ directory
  • Flags .git directory exposure
  • Detects suspicious WordPress cron jobs
  • Flags PHP files modified in the last 7 or 30 days
🗄️

Database & Content Security

  • Checks for publicly accessible phpMyAdmin
  • Scans published posts for injected content (hidden links, base64 blobs, external iframes)
  • Scans wp_options autoloaded data for malicious patterns and oversized entries
📊

Scoring

  • Weighted score out of 100 (Environment 25, Plugins 20, Headers 20, Users 15, Database 10, Themes 10)
  • Per-category score breakdown with issue count
  • Historical score tracking with week-over-week change

Who is this for?

Built for anyone who takes WordPress security seriously.

🏠

WordPress site owners who want to know their security posture

💻

Freelancers and developers managing client sites

🏢

Agencies auditing multiple client sites

Privacy

Your data stays yours. No third-party tracking or data sharing.

CompatShield Site Auditor only communicates with:

WordPress.org API (api.wordpress.org) — to retrieve plugin and theme metadata
Your own site's URL — to check phpMyAdmin exposure and security headers

Get started

Install CompatShield Site Auditor from the WordPress.org plugin directory and run your first scan in minutes.

View on WordPress.org