CompatShield Site Auditor Wordpress Plugin - Rating, Reviews, Demo & Download
Plugin Description
CompatShield Site Auditor gives WordPress site owners and agencies a full picture of their site’s security posture in one scan. Unlike basic security plugins, it audits every layer — environment, plugins, themes, users, files, and database — and produces a single weighted score out of 100 with a per-category breakdown.
What it checks
Environment & Hardening
* PHP version (flags below 8.2)
* WordPress core version
* WP_DEBUG exposure
* XML-RPC enabled
* wp-config.php file permissions
* Database table prefix (flags default wp_)
* Directory listing enabled
* .htaccess integrity
* HTTPS enforcement
* readme.html / license.txt version leakage
Plugin & Theme Intelligence
* Lists all installed plugins (active and inactive)
* Hits WordPress.org API for last updated date and install count
* Flags plugins not updated in 6, 12, or 24 months
* Flags plugins removed from the WordPress.org directory
* Flags abandoned themes
User & Access Audit
* Lists all administrator accounts
* Flags the default “admin” username still in use
* Detects dormant admin accounts (no login in 90+ days)
* Checks for two-factor authentication plugins
* Flags non-admin users with elevated capabilities (manage_options, install_plugins, etc.)
File Integrity & Backdoor Detection
* Hashes WordPress core files against official checksums
* Flags modified core files
* Scans theme and plugin files for dangerous PHP patterns: eval(base64_decode), gzinflate, str_rot13, shell_exec, exec, system, preg_replace with /e modifier
* Flags PHP files inside /uploads/ directory
* Flags .git directory exposure
* Detects suspicious WordPress cron jobs
* Flags PHP files modified in the last 7 or 30 days
Database Security
* Checks for publicly accessible phpMyAdmin
* Scans published posts for injected content (hidden links, base64 blobs, external iframes)
* Scans wp_options autoloaded data for malicious PHP patterns and oversized entries
Security Score
* Weighted score out of 100 (Environment 25, Plugins 20, Headers 20, Users 15, Database 10, Themes 10)
* Per-category score breakdown with issue count
* Historical score tracking with week-over-week change
Who is this for?
- WordPress site owners who want to know their security posture
- Freelancers and developers managing client sites
- Agencies auditing multiple client sites
All of the scanning and reporting features described above are fully
included in this free plugin — nothing here is time-limited or
feature-gated. CompatShield may offer separate, optional products in
the future (such as a multi-site management dashboard); any such
product would be a distinct, separately-installed plugin or service,
not a restriction on this one.
Privacy
This plugin makes outbound requests to:
* WordPress.org API (api.wordpress.org) — to retrieve plugin and theme metadata
* Your own site’s URL — to check phpMyAdmin exposure and security headers
No data is sent to third-party servers by the free version.
Screenshots
Main dashboard showing security score (45/100) with per-category breakdown, Environment Checks And others
Plugin intelligence page showing update status and maintenance risk
Theme intelligence page showing update status and maintenance risk
User audit page listing all admin accounts with risk indicators
File Integrity check list the files that has been modified
Malware Scan
Cron Scan
Core File Audit
Core Checksum Audit
Security headers Audit
Database Security Audit
