BBH Security Insight Wordpress Plugin - Rating, Reviews, Demo & Download
Plugin Description
BBH Security Insight runs a lightweight, read-only security audit on your WordPress installation and generates a professional Security Risk Report with color-coded risk levels (Critical, Warning, Safe), an overall security score (0–100), and detailed remediation recommendations.
This plugin is completely read-only — it never modifies files, never changes settings, and never sends data to external servers. It simply inspects your WordPress configuration and reports findings.
Audit Checks Include
- WordPress Version Exposure — Detects if your WordPress version is exposed via readme.html or generator tags.
- Database Table Prefix — Checks if you are using the default
wp_prefix. - XML-RPC Status — Reports whether XML-RPC is enabled or disabled.
- DISALLOW_FILE_EDIT — Verifies if the built-in file editor is disabled.
- WP_DEBUG Status — Checks whether debug mode is active on production.
- Directory Browsing — Checks whether directory listing appears to be disabled.
- readme.html Exposure — Checks for the presence of the readme file.
- install.php Exposure — Checks if the installation script is accessible.
- wp-config.php Permissions — Verifies file permissions on this critical file.
- wp-content Permissions — Checks directory permissions on your content directory.
- User Enumeration Exposure — Checks for common user enumeration exposure patterns.
- Security Headers — Scans for CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options.
- Uploads PHP Execution — Checks if PHP execution is blocked in the uploads directory.
- Admin Username — Detects if an administrator uses the default “admin” username.
- Malware Heuristics — Performs lightweight checks for suspicious code patterns in active plugin and theme PHP files.
Features
- One-click “Run Security Audit” button on the admin dashboard.
- Professional, color-coded Security Risk Report with score (0–100).
- Human-readable explanations and remediation recommendations for every check.
- Dismissible admin reminder notice.
- Fully internationalized — ready for translation.
- Secure AJAX with nonce verification and capability checks.
- WordPress Coding Standards compliant.
- No external dependencies — no Composer, no third-party APIs.
- Read-only — never makes changes to your site.
Additional Resources
Looking for additional WordPress security guidance? Visit jahidshah.com for documentation, security resources, and professional assistance.
Support & Contact
Need help or want to report an issue? Visit our support page or open a support ticket on the WordPress plugin repository.
- Website: https://jahidshah.com/
- Support: https://wordpress.org/support/plugin/bbh-security-insight/
Other Plugins
- BBH Custom Schema – Add custom JSON-LD schema to your website
- BBH SEO Toolkit – Advanced SEO & Structured Data Engine
- AJ FAQ Block – Display FAQs with a beautiful block
- AJ Card Element – Display content in beautiful cards
- AJ Square Testimonial Slider – Showcase testimonials in a slider
- AJ Category Posts – Display posts by category
- AJx Filter for WooCommerce – Advanced product filtering for WooCommerce
Screenshots
The BBH Security Insight dashboard with the Run Security Audit button and a completed Security Risk Report showing score, risk level, and detailed check results.
