外掛標籤
開發者團隊
原文外掛簡介
CSGaku Site State Check is a lightweight plugin for reviewing basic WordPress site status from the admin area.
The plugin is designed for administrators and developers who want to check important maintenance and security-related signals on demand. It does not automatically repair, delete, or change site settings. It presents the current state so the site administrator can decide what to review next.
CSGaku Site State Check does not use external API communication or external vulnerability database lookups for its checks. It uses information available within the WordPress site and server environment.
The plugin can run on PHP 7.4 or later, but PHP 8.2 or later is recommended.
Design principles:
No external API or external service communication for normal checks
No automatic repair
No automatic deletion
No automatic setting changes
No direct display of secret values or full file contents
Results organized by status and severity
Latest result, simple local history, and CSV export support
Main checks include:
PHP version
WordPress version
Site URL and home URL
SSL status
Sitemap
Debug settings
wp-config.php
.htaccess
index.php
wp-admin, wp-content, and wp-includes
Public access protection for debug.log
PHP execution prevention setting in uploads
wp-config.php structure and location
SALT constants
Administrator user count
Presence of the admin username
Older administrator accounts
Application passwords
Search engine visibility setting
XML-RPC status
Core, plugin, and theme update status
Inactive plugins
Unused theme candidates
444 and 555 permissions under wp-content
uploads/YYYY/.htaccess and uploads/YYYY/MM/.htaccess
About obfuscation-related checks:
CSGaku Site State Check can review index.php for patterns that are sometimes associated with obfuscation, such as base64, eval, gzinflate, long Base64-like strings, hex escapes, and chr concatenation. If such patterns are found, they are shown as items to review. They are not treated as final proof of malicious code by themselves.
About permissions:
The plugin checks 444 and 555 permissions under wp-content. These permissions may be intentional in some environments, but they can also affect updates, deletion, and maintenance work. When such items are found under themes, the plugin can note that they may be intentional depending on the environment.
About uploads security:
The plugin checks whether uploads/.htaccess contains PHP execution prevention rules, and it also checks for .htaccess files under uploads year/month folders. If relevant .htaccess files are found in those locations, they are shown for review without displaying file contents.
About CSV export:
The latest result can be exported as CSV with a UTF-8 BOM for compatibility with spreadsheet applications. To reduce CSV formula injection risk, values starting with dangerous leading characters are escaped before export.
Important limitations:
This plugin is a confirmation tool.
It does not provide malware cleanup.
It does not provide automatic remediation.
It does not provide complete vulnerability assessment.
It does not guarantee detection of all issues.
Final review and response should be handled by the site administrator.
