外掛標籤
開發者團隊
原文外掛簡介
BBH Security Insight runs a lightweight, read-only security audit on your WordPress installation and generates a professional Security Risk Report with color-coded risk levels (Critical, Warning, Safe), an overall security score (0–100), and detailed remediation recommendations.
This plugin is completely read-only — it never modifies files, never changes settings, and never sends data to external servers. It simply inspects your WordPress configuration and reports findings.
Audit Checks Include
WordPress Version Exposure — Detects if your WordPress version is exposed via readme.html or generator tags.
Database Table Prefix — Checks if you are using the default wp_ prefix.
XML-RPC Status — Reports whether XML-RPC is enabled or disabled.
DISALLOW_FILE_EDIT — Verifies if the built-in file editor is disabled.
WP_DEBUG Status — Checks whether debug mode is active on production.
Directory Browsing — Checks whether directory listing appears to be disabled.
readme.html Exposure — Checks for the presence of the readme file.
install.php Exposure — Checks if the installation script is accessible.
wp-config.php Permissions — Verifies file permissions on this critical file.
wp-content Permissions — Checks directory permissions on your content directory.
User Enumeration Exposure — Checks for common user enumeration exposure patterns.
Security Headers — Scans for CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options.
Uploads PHP Execution — Checks if PHP execution is blocked in the uploads directory.
Admin Username — Detects if an administrator uses the default “admin” username.
Malware Heuristics — Performs lightweight checks for suspicious code patterns in active plugin and theme PHP files.
Features
One-click “Run Security Audit” button on the admin dashboard.
Professional, color-coded Security Risk Report with score (0–100).
Human-readable explanations and remediation recommendations for every check.
Dismissible admin reminder notice.
Fully internationalized — ready for translation.
Secure AJAX with nonce verification and capability checks.
WordPress Coding Standards compliant.
No external dependencies — no Composer, no third-party APIs.
Read-only — never makes changes to your site.
Additional Resources
Looking for additional WordPress security guidance? Visit jahidshah.com for documentation, security resources, and professional assistance.
Support & Contact
Need help or want to report an issue? Visit our support page or open a support ticket on the WordPress plugin repository.
Website: https://jahidshah.com/
Support: https://wordpress.org/support/plugin/bbh-security-insight/
Other Plugins
BBH Custom Schema – Add custom JSON-LD schema to your website
BBH SEO Toolkit – Advanced SEO & Structured Data Engine
AJ FAQ Block – Display FAQs with a beautiful block
AJ Card Element – Display content in beautiful cards
AJ Square Testimonial Slider – Showcase testimonials in a slider
AJ Category Posts – Display posts by category
AJx Filter for WooCommerce – Advanced product filtering for WooCommerce
