[WordPress] 外掛分享： Custonis – Security Exposure Scanner

內容簡介

Custonis 是一款專注於檢測公開暴露檔案的安全外掛，幫助使用者識別網站上不應該被公開的敏感檔案，並提供詳細的風險評估與修復建議，增強網站安全性。

【主要功能】
• 檢測暴露的備份檔案 (.zip, .sql, .gz)
• 檢測除錯日誌和錯誤日誌
• 檢測配置備份和敏感檔案
• 檢測暴露的 Git 倉庫
• 檢測目錄列舉漏洞
• 數據庫健康檢查

外掛標籤

開發者團隊

📦 歷史版本下載

1.11.1.11.1.21.1.31.1.41.1.51.1.61.1.7trunk

原文外掛簡介

Custonis detects publicly exposed files that should never be accessible on the internet.
Many WordPress websites unintentionally expose sensitive files such as:

database backups (.sql, .zip)
exported user or customer data
configuration files (.env, wp-config backups)
debug logs and error logs
development leftovers

These files are actively targeted by bots and attackers because they may expose:

database credentials
API keys
user data
internal system information

Why Custonis?
Most security plugins focus on firewalls, malware or login protection.
Custonis focuses on a different but critical attack surface:
👉 Public file exposure
It helps you identify risks that are often overlooked and complements traditional security plugins.
Features
✔ Detect exposed backup files (.zip, .sql, .gz)
✔ Detect debug logs and error logs
✔ Detect configuration backups and sensitive files
✔ Detect exposed Git repositories
✔ Detect directory listing vulnerabilities
✔ Database health checks (large tables, autoload size, transients, revisions)
✔ Severity classification (Critical / Elevated / Low)
✔ Security score calculation
✔ Risk level indicator
✔ Exposure age tracking (when issues first appeared)
✔ Detailed findings dashboard with explanations and fixes
✔ Scan history chart
✔ Fast and lightweight scanning
✔ 100% local scanning (no external API calls)
How it works

Install and activate the plugin
Open the Custonis dashboard
Run a security scan
Review detected exposures and fix issues

Custonis performs read-only scans and does not modify your website.
1.1.7
= Fixed =
* Fixed missing “first detected” timestamps for findings
* Fixed finding lifecycle persistence across repeated scans
* Fixed overly aggressive severity classification for transient cache findings
Improved

Improved finding history tracking and exposure timeline accuracy
Improved database health severity evaluation
Improved consistency of finding status handling (new / existing)
More reliable exposure age tracking between scans

UX

Clearer exposure timeline information
More accurate risk presentation for database-related findings

1.1.6
= Fixed =
* Fixed detection regression for publicly exposed debug.log files
* Fixed exposure validation issues on hosting environments returning soft-404 responses
* Fixed multiple false positives for non-existing backup and environment files
Improved

Improved HTTP exposure verification logic
Improved detection accuracy for publicly accessible files
Better filtering of invalid HTML fallback responses
More reliable validation of exposed backup archives and configuration files
Improved compatibility with modern hosting and caching setups

Security

Improved exposure validation for debug logs and backup files
Reduced risk of incorrect exposure reporting

UX

Cleaner and more trustworthy scan results
Reduced false positives and invalid findings

1.1.5
= Improved =
* Significantly improved exposure detection accuracy
* Reduced false positives for backup and environment file detection
* Improved validation of publicly accessible files and directories
* Better handling of soft-404 and fallback responses on modern hosting environments
* More reliable exposure verification logic
Security

Improved detection quality for exposed backup archives
Improved ENV file validation using content-based verification
Improved filtering of invalid exposure results

UX

Cleaner and more trustworthy scan results
Reduced noise from invalid findings

1.1.4
= Improved =
* Fixed exposure timeline (first detected now tracked correctly)
* Improved consistency of finding history across scans
* Enhanced score accuracy for repeated findings
Added

Score breakdown (critical / elevated issues) directly in dashboard
More transparent risk evaluation for users

UX

Improved clarity of exposure age and status
Cleaner and more understandable dashboard feedback

1.1.3

Optimized false positives

1.1.2

Fixed version inconsistency in trunk

1.1.1

Fixed dashboard live stats not updating after scan
Improved scan result persistence

1.1
= Improved =
* Significantly improved scan stability and execution flow
* Optimized background scanning process
* More accurate live scan progress tracking
* Improved performance for large websites
* Enhanced scan result storage and reliability
* Refined dashboard UI and scan experience
Added

Improved filesystem scanning coverage
Enhanced database analysis
More precise detection of exposed files and risks
Better scan step handling and progress visualization

Internal

Codebase cleanup and structural improvements
Optimized AJAX handling and data flow

1.0.1
= Fixed =
* Removed all Pro / license / cron related functionality for full compliance with WordPress.org guidelines
* Replaced external CDN (Chart.js) with local asset
* Fixed nonce handling (sanitization and validation)
* Improved escaping for all output
* Improved file path handling using WordPress functions
1.0.0
= Initial release =
* Exposure scanner
* Severity detection (Critical / Elevated)
* Security score calculation
* Exposure age detection
* Findings dashboard
* Scan history chart