內容簡介
Custonis 是一款專注於檢測公開暴露檔案的安全外掛,幫助使用者識別網站上不應該被公開的敏感檔案,並提供詳細的風險評估與修復建議,增強網站安全性。
【主要功能】
• 檢測暴露的備份檔案 (.zip, .sql, .gz)
• 檢測除錯日誌和錯誤日誌
• 檢測配置備份和敏感檔案
• 檢測暴露的 Git 倉庫
• 檢測目錄列舉漏洞
• 數據庫健康檢查
外掛標籤
開發者團隊
② 後台搜尋「Custonis – Security Exposure Scanner」→ 直接安裝(推薦)
原文外掛簡介
Custonis detects publicly exposed files that should never be accessible on the internet.
Many WordPress websites unintentionally expose sensitive files such as:
database backups (.sql, .zip)
exported user or customer data
configuration files (.env, wp-config backups)
debug logs and error logs
development leftovers
These files are actively targeted by bots and attackers because they may expose:
database credentials
API keys
user data
internal system information
Why Custonis?
Most security plugins focus on firewalls, malware or login protection.
Custonis focuses on a different but critical attack surface:
👉 Public file exposure
It helps you identify risks that are often overlooked and complements traditional security plugins.
Features
✔ Detect exposed backup files (.zip, .sql, .gz)
✔ Detect debug logs and error logs
✔ Detect configuration backups and sensitive files
✔ Detect exposed Git repositories
✔ Detect directory listing vulnerabilities
✔ Database health checks (large tables, autoload size, transients, revisions)
✔ Severity classification (Critical / Elevated / Low)
✔ Security score calculation
✔ Risk level indicator
✔ Exposure age tracking (when issues first appeared)
✔ Detailed findings dashboard with explanations and fixes
✔ Scan history chart
✔ Fast and lightweight scanning
✔ 100% local scanning (no external API calls)
How it works
Install and activate the plugin
Open the Custonis dashboard
Run a security scan
Review detected exposures and fix issues
Custonis performs read-only scans and does not modify your website.
1.1.4
= Improved =
* Fixed exposure timeline (first detected now tracked correctly)
* Improved consistency of finding history across scans
* Enhanced score accuracy for repeated findings
Added
Score breakdown (critical / elevated issues) directly in dashboard
More transparent risk evaluation for users
UX
Improved clarity of exposure age and status
Cleaner and more understandable dashboard feedback
1.1.3
Optimized false positives
1.1.2
Fixed version inconsistency in trunk
1.1.1
Fixed dashboard live stats not updating after scan
Improved scan result persistence
1.1
= Improved =
* Significantly improved scan stability and execution flow
* Optimized background scanning process
* More accurate live scan progress tracking
* Improved performance for large websites
* Enhanced scan result storage and reliability
* Refined dashboard UI and scan experience
Added
Improved filesystem scanning coverage
Enhanced database analysis
More precise detection of exposed files and risks
Better scan step handling and progress visualization
Internal
Codebase cleanup and structural improvements
Optimized AJAX handling and data flow
1.0.1
= Fixed =
* Removed all Pro / license / cron related functionality for full compliance with WordPress.org guidelines
* Replaced external CDN (Chart.js) with local asset
* Fixed nonce handling (sanitization and validation)
* Improved escaping for all output
* Improved file path handling using WordPress functions
1.0.0
= Initial release =
* Exposure scanner
* Severity detection (Critical / Elevated)
* Security score calculation
* Exposure age detection
* Findings dashboard
* Scan history chart
