Title: BBH Security Insight Author: Md Jahid Shah Published: 2026 年 5 月 31 日 Last modified: 2026 年 5 月 31 日 --- 搜索插件 ![](https://ps.w.org/bbh-security-insight/assets/banner-772x250.png?rev=3555060) ![](https://ps.w.org/bbh-security-insight/assets/icon-256x256.png?rev=3555060) # BBH Security Insight 作者:[Md Jahid Shah](https://profiles.wordpress.org/jahidshah/) [下载](https://downloads.wordpress.org/plugin/bbh-security-insight.1.0.0.zip) * [详情](https://cn.wordpress.org/plugins/bbh-security-insight/#description) * [评价](https://cn.wordpress.org/plugins/bbh-security-insight/#reviews) * [安装](https://cn.wordpress.org/plugins/bbh-security-insight/#installation) * [开发进展](https://cn.wordpress.org/plugins/bbh-security-insight/#developers) [支持](https://wordpress.org/support/plugin/bbh-security-insight/) ## 描述 BBH Security Insight runs a lightweight, read-only security audit on your WordPress installation and generates a professional Security Risk Report with color-coded risk levels (Critical, Warning, Safe), an overall security score (0–100), and detailed remediation recommendations. This plugin is **completely read-only** — it never modifies files, never changes settings, and never sends data to external servers. It simply inspects your WordPress configuration and reports findings. #### Audit Checks Include * **WordPress Version Exposure** — Detects if your WordPress version is exposed via readme.html or generator tags. * **Database Table Prefix** — Checks if you are using the default `wp_` prefix. * **XML-RPC Status** — Reports whether XML-RPC is enabled or disabled. * **DISALLOW_FILE_EDIT** — Verifies if the built-in file editor is disabled. * **WP_DEBUG Status** — Checks whether debug mode is active on production. * **Directory Browsing** — Checks whether directory listing appears to be disabled. * **readme.html Exposure** — Checks for the presence of the readme file. * **install.php Exposure** — Checks if the installation script is accessible. * **wp-config.php Permissions** — Verifies file permissions on this critical file. * **wp-content Permissions** — Checks directory permissions on your content directory. * **User Enumeration Exposure** — Checks for common user enumeration exposure patterns. * **Security Headers** — Scans for CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options. * **Uploads PHP Execution** — Checks if PHP execution is blocked in the uploads directory. * **Admin Username** — Detects if an administrator uses the default “admin” username. * **Malware Heuristics** — Performs lightweight checks for suspicious code patterns in active plugin and theme PHP files. #### Features * One-click “Run Security Audit” button on the admin dashboard. * Professional, color-coded Security Risk Report with score (0–100). * Human-readable explanations and remediation recommendations for every check. * Dismissible admin reminder notice. * Fully internationalized — ready for translation. * Secure AJAX with nonce verification and capability checks. * WordPress Coding Standards compliant. * No external dependencies — no Composer, no third-party APIs. * Read-only — never makes changes to your site. #### Additional Resources Looking for additional WordPress security guidance? Visit [jahidshah.com](https://jahidshah.com) for documentation, security resources, and professional assistance. ### Support & Contact Need help or want to report an issue? Visit our support page or open a support ticket on the WordPress plugin repository. * Website: https://jahidshah.com/ * Support: https://wordpress.org/support/plugin/bbh-security-insight/ ### Other Plugins * [BBH Custom Schema](https://wordpress.org/plugins/bbh-custom-schema/) – Add custom JSON-LD schema to your website * [BBH SEO Toolkit](https://wordpress.org/plugins/bbh-seo-toolkit/) – Advanced SEO & Structured Data Engine * [AJ FAQ Block](https://wordpress.org/plugins/aj-faq-block/) – Display FAQs with a beautiful block * [AJ Card Element](https://wordpress.org/plugins/aj-card-element/) – Display content in beautiful cards * [AJ Square Testimonial Slider](https://wordpress.org/plugins/aj-square-testimonial-slider/)– Showcase testimonials in a slider * [AJ Category Posts](https://wordpress.org/plugins/aj-category-posts/) – Display posts by category * [AJx Filter for WooCommerce](https://wordpress.org/plugins/ajx-filter-for-woo/)– Advanced product filtering for WooCommerce ## 屏幕截图 [⌊The BBH Security Insight dashboard with the Run Security Audit button and a completed Security Risk Report showing score, risk level, and detailed check results.⌉⌊The BBH Security Insight dashboard with the Run Security Audit button and a completed Security Risk Report showing score, risk level, and detailed check results.⌉[ The BBH Security Insight dashboard with the Run Security Audit button and a completed Security Risk Report showing score, risk level, and detailed check results. [[ [[ ## 安装 1. Upload the `bbh-security-insight` folder to the `/wp-content/plugins/` directory, or install directly from the WordPress plugin directory. 2. Activate the plugin through the ‘Plugins’ screen in WordPress. 3. Go to **Tools Security Insight** in your WordPress admin menu. 4. Click the **“Run Security Audit”** button to generate your Security Risk Report. ## 常见问题 ### Does this plugin make any changes to my site? No. BBH Security Insight is completely read-only. It inspects your WordPress configuration, files, and settings but never modifies anything. It does not create files, change database records, or alter configurations. ### Does this plugin send data to external servers? No. All scanning is performed locally on your server. No data is sent to external services or third-party servers. The results are stored in your WordPress database and displayed only to logged-in administrators. ### How often should I run a security audit? We recommend running a security audit at least once a month, or after making significant changes to your site such as installing new plugins, updating themes, or modifying server configurations. ### Can this plugin fix the issues it finds? No. The plugin is designed as a diagnostic tool only. It provides detailed recommendations for each issue found, but you will need to implement the fixes yourself or consult with a WordPress security professional. ### What are the malware heuristics? The malware heuristics scan searches active plugin and theme PHP files for common code patterns that are often used in malicious scripts (e.g., base64_decode, eval, gzinflate). This scan has limitations — it can produce false positives from legitimate code, and it may miss sophisticated malware. This heuristic scan is informational only. It may produce false positives and cannot guarantee malware detection or site cleanliness. ## 评价 此插件暂无评价。 ## 贡献者及开发者 「BBH Security Insight」是开源软件。 以下人员对此插件做出了贡献。 贡献者 * [ Md Jahid Shah ](https://profiles.wordpress.org/jahidshah/) [帮助将「BBH Security Insight」翻译成简体中文。](https://translate.wordpress.org/projects/wp-plugins/bbh-security-insight) ### 对开发感兴趣吗? 您可以[浏览代码](https://plugins.trac.wordpress.org/browser/bbh-security-insight/), 查看[SVN仓库](https://plugins.svn.wordpress.org/bbh-security-insight/),或通过[RSS](https://plugins.trac.wordpress.org/log/bbh-security-insight/?limit=100&mode=stop_on_copy&format=rss) 订阅[开发日志](https://plugins.trac.wordpress.org/log/bbh-security-insight/)。 ## 更新日志 #### 1.0.0 * Initial release. * 15 read-only security audit checks. * Professional Security Risk Report with color-coded risk levels. * Security score (0–100) with overall risk assessment. * AJAX-powered audit execution with nonce verification. * Dismissible admin notices. * Fully internationalized. * WordPress Coding Standards compliant. ## 额外信息 * 版本 **1.0.0** * 最后更新:**2 周前** * 活跃安装数量 **不到10** * WordPress 版本 ** 6.7 或更高版本 ** * 已测试的最高版本为 **7.0** * PHP 版本 ** 7.4 或更高版本 ** * 语言 * [English (US)](https://wordpress.org/plugins/bbh-security-insight/) * 标签 * [security](https://cn.wordpress.org/plugins/tags/security/)[security audit](https://cn.wordpress.org/plugins/tags/security-audit/) [security scan](https://cn.wordpress.org/plugins/tags/security-scan/)[site health](https://cn.wordpress.org/plugins/tags/site-health/) [wordpress security](https://cn.wordpress.org/plugins/tags/wordpress-security/) * [高级视图](https://cn.wordpress.org/plugins/bbh-security-insight/advanced/) ## 评级 尚未提交反馈。 [Your review](https://wordpress.org/support/plugin/bbh-security-insight/reviews/#new-post) [查看全部评论](https://wordpress.org/support/plugin/bbh-security-insight/reviews/) ## 贡献者 * [ Md Jahid Shah ](https://profiles.wordpress.org/jahidshah/) ## 支持 有话要说吗?是否需要帮助? [查看支持论坛](https://wordpress.org/support/plugin/bbh-security-insight/) ## 捐助 您愿意支持这个插件的发展吗? [ 捐助此插件 ](https://www.buymeacoffee.com/jahidshah)