Description
Custonis detects publicly exposed files that should never be accessible on the internet.
Many WordPress websites unintentionally expose sensitive files such as:
- database backups (.sql, .zip)
- exported user or customer data
- configuration files (.env, wp-config backups)
- debug logs and error logs
- development leftovers
These files are actively targeted by bots and attackers because they may expose:
- database credentials
- API keys
- user data
- internal system information
Why Custonis?
Most security plugins focus on firewalls, malware or login protection.
Custonis focuses on a different but critical attack surface:
👉 Public file exposure
It helps you identify risks that are often overlooked and complements traditional security plugins.
Features
✔ Detect exposed backup files (.zip, .sql, .gz)
✔ Detect debug logs and error logs
✔ Detect configuration backups and sensitive files
✔ Detect exposed Git repositories
✔ Detect directory listing vulnerabilities
✔ Database health checks (large tables, autoload size, transients, revisions)
✔ Severity classification (Critical / Elevated / Low)
✔ Security score calculation
✔ Risk level indicator
✔ Exposure age detection
✔ Detailed findings dashboard
✔ Scan history chart
✔ Fast and lightweight scanning
✔ 100% local scanning (no external API calls)
How it works
- Install and activate the plugin
- Open the Custonis dashboard
- Run a security scan
- Review detected exposures and fix issues
Custonis performs read-only scans and does not modify your website.
1.1.3
- Optimized false positives
1.1.2
- Fixed version inconsistency in trunk
1.1.1
- Fixed dashboard live stats not updating after scan
- Improved scan result persistence
1.1
= Improved =
* Significantly improved scan stability and execution flow
* Optimized background scanning process
* More accurate live scan progress tracking
* Improved performance for large websites
* Enhanced scan result storage and reliability
* Refined dashboard UI and scan experience
Added
- Improved filesystem scanning coverage
- Enhanced database analysis
- More precise detection of exposed files and risks
- Better scan step handling and progress visualization
Internal
- Codebase cleanup and structural improvements
- Optimized AJAX handling and data flow
1.0.1
= Fixed =
* Removed all Pro / license / cron related functionality for full compliance with WordPress.org guidelines
* Replaced external CDN (Chart.js) with local asset
* Fixed nonce handling (sanitization and validation)
* Improved escaping for all output
* Improved file path handling using WordPress functions
1.0.0
= Initial release =
* Exposure scanner
* Severity detection (Critical / Elevated)
* Security score calculation
* Exposure age detection
* Findings dashboard
* Scan history chart
Installation
- Upload the plugin files to the
/wp-content/plugins/custonisdirectory - Activate the plugin through the WordPress plugins screen
- Open the Custonis dashboard
- Run your first scan
FAQ
-
Does Custonis replace a full security plugin?
-
No. Custonis focuses specifically on exposed files and data leaks.
It works best alongside firewall or malware protection plugins. -
Does Custonis modify my website?
-
No. Custonis performs read-only scans and does not change any files or settings.
-
Does the plugin connect to external services?
-
No. All scans are performed locally on your server.
No data is transmitted externally. -
Is Custonis safe for production websites?
-
Yes. The scanner is lightweight and designed to run safely on live websites.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“Custonis – Security Exposure Scanner” is open source software. The following people have contributed to this plugin.
Contributors
Translate “Custonis – Security Exposure Scanner” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.