{"id":289309,"date":"2026-03-23T14:52:29","date_gmt":"2026-03-23T14:52:29","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/custonis-security-exposure-scanner\/"},"modified":"2026-05-08T17:00:56","modified_gmt":"2026-05-08T17:00:56","slug":"custonis-security-exposure-scanner","status":"publish","type":"plugin","link":"https:\/\/es-pr.wordpress.org\/plugins\/custonis-security-exposure-scanner\/","author":23464258,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.1.7","stable_tag":"1.1.7","tested":"6.9.4","requires":"6.0","requires_php":"7.4","requires_plugins":null,"header_name":"Custonis \u2013 Security Exposure Scanner","header_author":"","header_description":"Detect publicly exposed backup files, database exports and sensitive files on your WordPress site.","assets_banners_color":"281323","last_updated":"2026-05-08 17:00:56","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"","rating":5,"author_block_rating":0,"active_installs":0,"downloads":307,"num_ratings":1,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq"],"tags":{"1.1":{"tag":"1.1","author":"custonis","date":"2026-04-01 11:59:12"},"1.1.1":{"tag":"1.1.1","author":"custonis","date":"2026-04-01 13:00:35"},"1.1.2":{"tag":"1.1.2","author":"custonis","date":"2026-04-01 13:47:37"},"1.1.3":{"tag":"1.1.3","author":"custonis","date":"2026-04-01 19:58:59"},"1.1.4":{"tag":"1.1.4","author":"custonis","date":"2026-04-04 16:30:51"},"1.1.5":{"tag":"1.1.5","author":"custonis","date":"2026-05-08 13:47:44"},"1.1.6":{"tag":"1.1.6","author":"custonis","date":"2026-05-08 15:27:36"},"1.1.7":{"tag":"1.1.7","author":"custonis","date":"2026-05-08 17:00:56"}},"upgrade_notice":[],"ratings":{"1":0,"2":0,"3":0,"4":0,"5":1},"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3497350,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3497350,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3497503,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3497503,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.1","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3529981,"resolution":"1","location":"assets","locale":"","width":1170,"height":2532},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3529981,"resolution":"2","location":"assets","locale":"","width":1170,"height":2532},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3529981,"resolution":"3","location":"assets","locale":"","width":1170,"height":2532},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3529981,"resolution":"4","location":"assets","locale":"","width":1170,"height":2532},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3529981,"resolution":"5","location":"assets","locale":"","width":1170,"height":2532},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3529981,"resolution":"6","location":"assets","locale":"","width":1170,"height":2532}},"screenshots":{"1":"Dashboard overview","2":"Findings table with severity levels","3":"Security score and risk indicator","4":"Scan progress with live status","5":"Scan history chart"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[259205,17813,259204,6464,600],"plugin_category":[54,59],"plugin_contributors":[258443],"plugin_business_model":[],"class_list":["post-289309","plugin","type-plugin","status-publish","hentry","plugin_tags-backup-scanner","plugin_tags-debug-log","plugin_tags-exposed-files","plugin_tags-scanner","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_category-utilities-and-tools","plugin_contributors-custonis","plugin_committers-custonis"],"banners":{"banner":"https:\/\/ps.w.org\/custonis-security-exposure-scanner\/assets\/banner-772x250.png?rev=3497503","banner_2x":"https:\/\/ps.w.org\/custonis-security-exposure-scanner\/assets\/banner-1544x500.png?rev=3497503","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/custonis-security-exposure-scanner\/assets\/icon-128x128.png?rev=3497350","icon_2x":"https:\/\/ps.w.org\/custonis-security-exposure-scanner\/assets\/icon-256x256.png?rev=3497350","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/custonis-security-exposure-scanner\/assets\/screenshot-1.png?rev=3529981","caption":"Dashboard overview"},{"src":"https:\/\/ps.w.org\/custonis-security-exposure-scanner\/assets\/screenshot-2.png?rev=3529981","caption":"Findings table with severity levels"},{"src":"https:\/\/ps.w.org\/custonis-security-exposure-scanner\/assets\/screenshot-3.png?rev=3529981","caption":"Security score and risk indicator"},{"src":"https:\/\/ps.w.org\/custonis-security-exposure-scanner\/assets\/screenshot-4.png?rev=3529981","caption":"Scan progress with live status"},{"src":"https:\/\/ps.w.org\/custonis-security-exposure-scanner\/assets\/screenshot-5.png?rev=3529981","caption":"Scan history chart"},{"src":"https:\/\/ps.w.org\/custonis-security-exposure-scanner\/assets\/screenshot-6.png?rev=3529981","caption":""}],"raw_content":"<!--section=description-->\n<p>Custonis detects publicly exposed files that should never be accessible on the internet.<\/p>\n\n<p>Many WordPress websites unintentionally expose sensitive files such as:<\/p>\n\n<ul>\n<li>database backups (.sql, .zip)<\/li>\n<li>exported user or customer data<\/li>\n<li>configuration files (.env, wp-config backups)<\/li>\n<li>debug logs and error logs<\/li>\n<li>development leftovers<\/li>\n<\/ul>\n\n<p>These files are actively targeted by bots and attackers because they may expose:<\/p>\n\n<ul>\n<li>database credentials<\/li>\n<li>API keys<\/li>\n<li>user data<\/li>\n<li>internal system information<\/li>\n<\/ul>\n\n<h3>Why Custonis?<\/h3>\n\n<p>Most security plugins focus on firewalls, malware or login protection.<\/p>\n\n<p>Custonis focuses on a different but critical attack surface:<\/p>\n\n<p>\ud83d\udc49 Public file exposure<\/p>\n\n<p>It helps you identify risks that are often overlooked and complements traditional security plugins.<\/p>\n\n<h3>Features<\/h3>\n\n<p>\u2714 Detect exposed backup files (.zip, .sql, .gz)\n\u2714 Detect debug logs and error logs\n\u2714 Detect configuration backups and sensitive files\n\u2714 Detect exposed Git repositories\n\u2714 Detect directory listing vulnerabilities\n\u2714 Database health checks (large tables, autoload size, transients, revisions)\n\u2714 Severity classification (Critical \/ Elevated \/ Low)\n\u2714 Security score calculation\n\u2714 Risk level indicator\n\u2714 Exposure age tracking (when issues first appeared)\n\u2714 Detailed findings dashboard with explanations and fixes\n\u2714 Scan history chart\n\u2714 Fast and lightweight scanning\n\u2714 100% local scanning (no external API calls)<\/p>\n\n<h3>How it works<\/h3>\n\n<ol>\n<li>Install and activate the plugin<\/li>\n<li>Open the Custonis dashboard<\/li>\n<li>Run a security scan<\/li>\n<li>Review detected exposures and fix issues<\/li>\n<\/ol>\n\n<p>Custonis performs read-only scans and does not modify your website.<\/p>\n\n<h3>1.1.7<\/h3>\n\n<p>= Fixed =\n* Fixed missing \"first detected\" timestamps for findings\n* Fixed finding lifecycle persistence across repeated scans\n* Fixed overly aggressive severity classification for transient cache findings<\/p>\n\n<h4>Improved<\/h4>\n\n<ul>\n<li>Improved finding history tracking and exposure timeline accuracy<\/li>\n<li>Improved database health severity evaluation<\/li>\n<li>Improved consistency of finding status handling (new \/ existing)<\/li>\n<li>More reliable exposure age tracking between scans<\/li>\n<\/ul>\n\n<h4>UX<\/h4>\n\n<ul>\n<li>Clearer exposure timeline information<\/li>\n<li>More accurate risk presentation for database-related findings<\/li>\n<\/ul>\n\n<h3>1.1.6<\/h3>\n\n<p>= Fixed =\n* Fixed detection regression for publicly exposed debug.log files\n* Fixed exposure validation issues on hosting environments returning soft-404 responses\n* Fixed multiple false positives for non-existing backup and environment files<\/p>\n\n<h4>Improved<\/h4>\n\n<ul>\n<li>Improved HTTP exposure verification logic<\/li>\n<li>Improved detection accuracy for publicly accessible files<\/li>\n<li>Better filtering of invalid HTML fallback responses<\/li>\n<li>More reliable validation of exposed backup archives and configuration files<\/li>\n<li>Improved compatibility with modern hosting and caching setups<\/li>\n<\/ul>\n\n<h4>Security<\/h4>\n\n<ul>\n<li>Improved exposure validation for debug logs and backup files<\/li>\n<li>Reduced risk of incorrect exposure reporting<\/li>\n<\/ul>\n\n<h4>UX<\/h4>\n\n<ul>\n<li>Cleaner and more trustworthy scan results<\/li>\n<li>Reduced false positives and invalid findings<\/li>\n<\/ul>\n\n<h3>1.1.5<\/h3>\n\n<p>= Improved =\n* Significantly improved exposure detection accuracy\n* Reduced false positives for backup and environment file detection\n* Improved validation of publicly accessible files and directories\n* Better handling of soft-404 and fallback responses on modern hosting environments\n* More reliable exposure verification logic<\/p>\n\n<h4>Security<\/h4>\n\n<ul>\n<li>Improved detection quality for exposed backup archives<\/li>\n<li>Improved ENV file validation using content-based verification<\/li>\n<li>Improved filtering of invalid exposure results<\/li>\n<\/ul>\n\n<h4>UX<\/h4>\n\n<ul>\n<li>Cleaner and more trustworthy scan results<\/li>\n<li>Reduced noise from invalid findings<\/li>\n<\/ul>\n\n<h3>1.1.4<\/h3>\n\n<p>= Improved =\n* Fixed exposure timeline (first detected now tracked correctly)\n* Improved consistency of finding history across scans\n* Enhanced score accuracy for repeated findings<\/p>\n\n<h4>Added<\/h4>\n\n<ul>\n<li>Score breakdown (critical \/ elevated issues) directly in dashboard<\/li>\n<li>More transparent risk evaluation for users<\/li>\n<\/ul>\n\n<h4>UX<\/h4>\n\n<ul>\n<li>Improved clarity of exposure age and status<\/li>\n<li>Cleaner and more understandable dashboard feedback<\/li>\n<\/ul>\n\n<h3>1.1.3<\/h3>\n\n<ul>\n<li>Optimized false positives<\/li>\n<\/ul>\n\n<h3>1.1.2<\/h3>\n\n<ul>\n<li>Fixed version inconsistency in trunk<\/li>\n<\/ul>\n\n<h3>1.1.1<\/h3>\n\n<ul>\n<li>Fixed dashboard live stats not updating after scan<\/li>\n<li>Improved scan result persistence<\/li>\n<\/ul>\n\n<h3>1.1<\/h3>\n\n<p>= Improved =\n* Significantly improved scan stability and execution flow\n* Optimized background scanning process\n* More accurate live scan progress tracking\n* Improved performance for large websites\n* Enhanced scan result storage and reliability\n* Refined dashboard UI and scan experience<\/p>\n\n<h4>Added<\/h4>\n\n<ul>\n<li>Improved filesystem scanning coverage<\/li>\n<li>Enhanced database analysis<\/li>\n<li>More precise detection of exposed files and risks<\/li>\n<li>Better scan step handling and progress visualization<\/li>\n<\/ul>\n\n<h4>Internal<\/h4>\n\n<ul>\n<li>Codebase cleanup and structural improvements<\/li>\n<li>Optimized AJAX handling and data flow<\/li>\n<\/ul>\n\n<h3>1.0.1<\/h3>\n\n<p>= Fixed =\n* Removed all Pro \/ license \/ cron related functionality for full compliance with WordPress.org guidelines\n* Replaced external CDN (Chart.js) with local asset\n* Fixed nonce handling (sanitization and validation)\n* Improved escaping for all output\n* Improved file path handling using WordPress functions<\/p>\n\n<h3>1.0.0<\/h3>\n\n<p>= Initial release =\n* Exposure scanner\n* Severity detection (Critical \/ Elevated)\n* Security score calculation\n* Exposure age detection\n* Findings dashboard\n* Scan history chart<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin files to the \/wp-content\/plugins\/custonis directory<\/li>\n<li>Activate the plugin through the WordPress plugins screen<\/li>\n<li>Open the Custonis dashboard<\/li>\n<li>Run your first scan<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20custonis%20replace%20a%20full%20security%20plugin%3F\"><h3>Does Custonis replace a full security plugin?<\/h3><\/dt>\n<dd><p>No. Custonis focuses specifically on exposed files and data leaks.\nIt works best alongside firewall or malware protection plugins.<\/p><\/dd>\n<dt id=\"does%20custonis%20modify%20my%20website%3F\"><h3>Does Custonis modify my website?<\/h3><\/dt>\n<dd><p>No. Custonis performs read-only scans and does not change any files or settings.<\/p><\/dd>\n<dt id=\"does%20the%20plugin%20connect%20to%20external%20services%3F\"><h3>Does the plugin connect to external services?<\/h3><\/dt>\n<dd><p>No. All scans are performed locally on your server.\nNo data is transmitted externally.<\/p><\/dd>\n<dt id=\"is%20custonis%20safe%20for%20production%20websites%3F\"><h3>Is Custonis safe for production websites?<\/h3><\/dt>\n<dd><p>Yes. The scanner is lightweight and designed to run safely on live websites.<\/p><\/dd>\n\n<\/dl>","raw_excerpt":"Detect publicly exposed backup files, debug logs and sensitive data on your WordPress site.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/es-pr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/289309","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/es-pr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/es-pr.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/es-pr.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=289309"}],"author":[{"embeddable":true,"href":"https:\/\/es-pr.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/custonis"}],"wp:attachment":[{"href":"https:\/\/es-pr.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=289309"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/es-pr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=289309"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/es-pr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=289309"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/es-pr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=289309"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/es-pr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=289309"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/es-pr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=289309"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}