Steel Security & Hardening – Site Audit Tools Wordpress Plugin - Rating, Reviews, Demo & Download
Plugin Description
Steel Security & Hardening – Site Audit Tools focuses on practical security hygiene for WordPress administrators.
The free plugin provides:
- on-demand security scans
- risk summaries grouped by severity and category
- checks for common WordPress hardening gaps
- checks for exposed root-level artifacts such as
.env, SQL dumps,phpinfofiles, and backup archives - a quarantine vault for operator-reviewed file isolation
- uploads PHP execution blocking on supported server environments
- manual guidance when automatic server hardening is not safely supported
This plugin is positioned as an auditing and hardening tool. It helps surface risk and apply selected preventive controls, but it does not promise malware removal, incident response, or complete server protection.
Included checks
The scan currently looks for items such as:
- PHP error display exposure
WP_DEBUGanddebug.logexposure- XML-RPC availability
- author and REST user enumeration exposure
- theme/plugin file editor availability
- WordPress generator meta output
- comments enabled by default
- uploads PHP execution hardening status
- root-level sensitive files and archives
Server-aware behavior
This plugin only auto-applies server config changes where it can do so in a scoped and reversible way.
- Apache and LiteSpeed: uploads PHP blocking is managed through a Steel Security-marked
.htaccessblock - IIS: uploads PHP blocking is managed through a Steel Security-marked
web.configsection - Nginx and unsupported environments: Steel Security provides manual guidance instead of claiming automatic protection
Pro companion
This plugin can work with a separate Pro companion plugin that adds features such as scheduled scans, scan history, reports, and managed server-level controls such as directory listing protection and baseline security headers. The free plugin remains usable on its own.
Screenshots
No screenshots provided
