{"id":289309,"date":"2026-03-23T14:52:29","date_gmt":"2026-03-23T14:52:29","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/custonis-security-exposure-scanner\/"},"modified":"2026-04-01T19:58:59","modified_gmt":"2026-04-01T19:58:59","slug":"custonis-security-exposure-scanner","status":"publish","type":"plugin","link":"https:\/\/et.wordpress.org\/plugins\/custonis-security-exposure-scanner\/","author":23464258,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.1.3","stable_tag":"1.1.3","tested":"6.9.4","requires":"6.0","requires_php":"7.4","requires_plugins":null,"header_name":"Custonis \u2013 Security Exposure Scanner","header_author":"","header_description":"Detect publicly exposed backup files, database exports and sensitive files on your WordPress site.","assets_banners_color":"281323","last_updated":"2026-04-01 19:58:59","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"","rating":5,"author_block_rating":0,"active_installs":0,"downloads":129,"num_ratings":1,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq"],"tags":{"1.1":{"tag":"1.1","author":"custonis","date":"2026-04-01 11:59:12"},"1.1.1":{"tag":"1.1.1","author":"custonis","date":"2026-04-01 13:00:35"},"1.1.2":{"tag":"1.1.2","author":"custonis","date":"2026-04-01 13:47:37"},"1.1.3":{"tag":"1.1.3","author":"custonis","date":"2026-04-01 19:58:59"}},"upgrade_notice":[],"ratings":{"1":0,"2":0,"3":0,"4":0,"5":1},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3497350,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3497350,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3497503,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3497503,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.1","1.1.1","1.1.2","1.1.3"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Dashboard overview","2":"Findings table with severity levels","3":"Security score and risk indicator","4":"Scan progress with live status","5":"Scan history chart"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[259205,17813,259204,6464,600],"plugin_category":[54,59],"plugin_contributors":[258443],"plugin_business_model":[],"class_list":["post-289309","plugin","type-plugin","status-publish","hentry","plugin_tags-backup-scanner","plugin_tags-debug-log","plugin_tags-exposed-files","plugin_tags-scanner","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_category-utilities-and-tools","plugin_contributors-custonis","plugin_committers-custonis"],"banners":{"banner":"https:\/\/ps.w.org\/custonis-security-exposure-scanner\/assets\/banner-772x250.png?rev=3497503","banner_2x":"https:\/\/ps.w.org\/custonis-security-exposure-scanner\/assets\/banner-1544x500.png?rev=3497503","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/custonis-security-exposure-scanner\/assets\/icon-128x128.png?rev=3497350","icon_2x":"https:\/\/ps.w.org\/custonis-security-exposure-scanner\/assets\/icon-256x256.png?rev=3497350","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>Custonis detects <strong>publicly exposed files that should never be accessible on the internet<\/strong>.<\/p>\n\n<p>Many WordPress websites unintentionally expose sensitive files such as:<\/p>\n\n<ul>\n<li>database backups (.sql, .zip)<\/li>\n<li>exported user or customer data<\/li>\n<li>configuration files (.env, wp-config backups)<\/li>\n<li>debug logs and error logs<\/li>\n<li>development leftovers<\/li>\n<\/ul>\n\n<p>These files are actively targeted by bots and attackers because they may expose:<\/p>\n\n<ul>\n<li>database credentials  <\/li>\n<li>API keys  <\/li>\n<li>user data  <\/li>\n<li>internal system information<\/li>\n<\/ul>\n\n<h3>Why Custonis?<\/h3>\n\n<p>Most security plugins focus on firewalls, malware or login protection.<\/p>\n\n<p>Custonis focuses on a <strong>different but critical attack surface<\/strong>:<\/p>\n\n<p>\ud83d\udc49 <strong>Public file exposure<\/strong><\/p>\n\n<p>It helps you identify risks that are often overlooked and complements traditional security plugins.<\/p>\n\n<h3>Features<\/h3>\n\n<p>\u2714 Detect exposed backup files (.zip, .sql, .gz)<br \/>\n\u2714 Detect debug logs and error logs<br \/>\n\u2714 Detect configuration backups and sensitive files<br \/>\n\u2714 Detect exposed Git repositories<br \/>\n\u2714 Detect directory listing vulnerabilities<br \/>\n\u2714 Database health checks (large tables, autoload size, transients, revisions)<br \/>\n\u2714 Severity classification (Critical \/ Elevated \/ Low)<br \/>\n\u2714 Security score calculation<br \/>\n\u2714 Risk level indicator<br \/>\n\u2714 Exposure age detection<br \/>\n\u2714 Detailed findings dashboard<br \/>\n\u2714 Scan history chart<br \/>\n\u2714 Fast and lightweight scanning<br \/>\n\u2714 100% local scanning (no external API calls)<\/p>\n\n<h3>How it works<\/h3>\n\n<ol>\n<li>Install and activate the plugin  <\/li>\n<li>Open the Custonis dashboard  <\/li>\n<li>Run a security scan  <\/li>\n<li>Review detected exposures and fix issues  <\/li>\n<\/ol>\n\n<p>Custonis performs <strong>read-only scans<\/strong> and does not modify your website.<\/p>\n\n<h3>1.1.3<\/h3>\n\n<ul>\n<li>Optimized false positives<\/li>\n<\/ul>\n\n<h3>1.1.2<\/h3>\n\n<ul>\n<li>Fixed version inconsistency in trunk<\/li>\n<\/ul>\n\n<h3>1.1.1<\/h3>\n\n<ul>\n<li>Fixed dashboard live stats not updating after scan<\/li>\n<li>Improved scan result persistence<\/li>\n<\/ul>\n\n<h3>1.1<\/h3>\n\n<p>= Improved =\n* Significantly improved scan stability and execution flow\n* Optimized background scanning process\n* More accurate live scan progress tracking\n* Improved performance for large websites\n* Enhanced scan result storage and reliability\n* Refined dashboard UI and scan experience<\/p>\n\n<h4>Added<\/h4>\n\n<ul>\n<li>Improved filesystem scanning coverage<\/li>\n<li>Enhanced database analysis<\/li>\n<li>More precise detection of exposed files and risks<\/li>\n<li>Better scan step handling and progress visualization<\/li>\n<\/ul>\n\n<h4>Internal<\/h4>\n\n<ul>\n<li>Codebase cleanup and structural improvements<\/li>\n<li>Optimized AJAX handling and data flow<\/li>\n<\/ul>\n\n<h3>1.0.1<\/h3>\n\n<p>= Fixed =\n* Removed all Pro \/ license \/ cron related functionality for full compliance with WordPress.org guidelines\n* Replaced external CDN (Chart.js) with local asset\n* Fixed nonce handling (sanitization and validation)\n* Improved escaping for all output\n* Improved file path handling using WordPress functions<\/p>\n\n<h3>1.0.0<\/h3>\n\n<p>= Initial release =\n* Exposure scanner\n* Severity detection (Critical \/ Elevated)\n* Security score calculation\n* Exposure age detection\n* Findings dashboard\n* Scan history chart<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin files to the <code>\/wp-content\/plugins\/custonis<\/code> directory  <\/li>\n<li>Activate the plugin through the WordPress plugins screen  <\/li>\n<li>Open the Custonis dashboard  <\/li>\n<li>Run your first scan<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20custonis%20replace%20a%20full%20security%20plugin%3F\"><h3>Does Custonis replace a full security plugin?<\/h3><\/dt>\n<dd><p>No. Custonis focuses specifically on <strong>exposed files and data leaks<\/strong>.<br \/>\nIt works best alongside firewall or malware protection plugins.<\/p><\/dd>\n<dt id=\"does%20custonis%20modify%20my%20website%3F\"><h3>Does Custonis modify my website?<\/h3><\/dt>\n<dd><p>No. Custonis performs read-only scans and does not change any files or settings.<\/p><\/dd>\n<dt id=\"does%20the%20plugin%20connect%20to%20external%20services%3F\"><h3>Does the plugin connect to external services?<\/h3><\/dt>\n<dd><p>No. All scans are performed locally on your server.<br \/>\nNo data is transmitted externally.<\/p><\/dd>\n<dt id=\"is%20custonis%20safe%20for%20production%20websites%3F\"><h3>Is Custonis safe for production websites?<\/h3><\/dt>\n<dd><p>Yes. The scanner is lightweight and designed to run safely on live websites.<\/p><\/dd>\n\n<\/dl>","raw_excerpt":"Detect publicly exposed backup files, debug logs and sensitive data on your WordPress site.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/et.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/289309","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/et.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/et.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/et.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=289309"}],"author":[{"embeddable":true,"href":"https:\/\/et.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/custonis"}],"wp:attachment":[{"href":"https:\/\/et.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=289309"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/et.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=289309"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/et.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=289309"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/et.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=289309"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/et.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=289309"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/et.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=289309"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}