描述
Custonis detects publicly exposed files that should never be accessible on the internet.
Many WordPress websites unintentionally expose sensitive files such as:
- database backups (.sql, .zip)
- exported user or customer data
- configuration files (.env, wp-config backups)
- debug logs and error logs
- development leftovers
These files are actively targeted by bots and attackers because they may expose:
- database credentials
- API keys
- user data
- internal system information
Why Custonis?
Most security plugins focus on firewalls, malware or login protection.
Custonis focuses on a different but critical attack surface:
👉 Public file exposure
It helps you identify risks that are often overlooked and complements traditional security plugins.
Features
✔ Detect exposed backup files (.zip, .sql, .gz)
✔ Detect debug logs and error logs
✔ Detect configuration backups and sensitive files
✔ Detect exposed Git repositories
✔ Detect directory listing vulnerabilities
✔ Database health checks (large tables, autoload size, transients, revisions)
✔ Severity classification (Critical / Elevated / Low)
✔ Security score calculation
✔ Risk level indicator
✔ Exposure age tracking (when issues first appeared)
✔ Detailed findings dashboard with explanations and fixes
✔ Scan history chart
✔ Fast and lightweight scanning
✔ 100% local scanning (no external API calls)
How it works
- Install and activate the plugin
- Open the Custonis dashboard
- Run a security scan
- Review detected exposures and fix issues
Custonis performs read-only scans and does not modify your website.
1.1.7
= Fixed =
* Fixed missing “first detected” timestamps for findings
* Fixed finding lifecycle persistence across repeated scans
* Fixed overly aggressive severity classification for transient cache findings
Improved
- Improved finding history tracking and exposure timeline accuracy
- Improved database health severity evaluation
- Improved consistency of finding status handling (new / existing)
- More reliable exposure age tracking between scans
UX
- Clearer exposure timeline information
- More accurate risk presentation for database-related findings
1.1.6
= Fixed =
* Fixed detection regression for publicly exposed debug.log files
* Fixed exposure validation issues on hosting environments returning soft-404 responses
* Fixed multiple false positives for non-existing backup and environment files
Improved
- Improved HTTP exposure verification logic
- Improved detection accuracy for publicly accessible files
- Better filtering of invalid HTML fallback responses
- More reliable validation of exposed backup archives and configuration files
- Improved compatibility with modern hosting and caching setups
Security
- Improved exposure validation for debug logs and backup files
- Reduced risk of incorrect exposure reporting
UX
- Cleaner and more trustworthy scan results
- Reduced false positives and invalid findings
1.1.5
= Improved =
* Significantly improved exposure detection accuracy
* Reduced false positives for backup and environment file detection
* Improved validation of publicly accessible files and directories
* Better handling of soft-404 and fallback responses on modern hosting environments
* More reliable exposure verification logic
Security
- Improved detection quality for exposed backup archives
- Improved ENV file validation using content-based verification
- Improved filtering of invalid exposure results
UX
- Cleaner and more trustworthy scan results
- Reduced noise from invalid findings
1.1.4
= Improved =
* Fixed exposure timeline (first detected now tracked correctly)
* Improved consistency of finding history across scans
* Enhanced score accuracy for repeated findings
Added
- Score breakdown (critical / elevated issues) directly in dashboard
- More transparent risk evaluation for users
UX
- Improved clarity of exposure age and status
- Cleaner and more understandable dashboard feedback
1.1.3
- Optimized false positives
1.1.2
- Fixed version inconsistency in trunk
1.1.1
- Fixed dashboard live stats not updating after scan
- Improved scan result persistence
1.1
= Improved =
* Significantly improved scan stability and execution flow
* Optimized background scanning process
* More accurate live scan progress tracking
* Improved performance for large websites
* Enhanced scan result storage and reliability
* Refined dashboard UI and scan experience
Added
- Improved filesystem scanning coverage
- Enhanced database analysis
- More precise detection of exposed files and risks
- Better scan step handling and progress visualization
Internal
- Codebase cleanup and structural improvements
- Optimized AJAX handling and data flow
1.0.1
= Fixed =
* Removed all Pro / license / cron related functionality for full compliance with WordPress.org guidelines
* Replaced external CDN (Chart.js) with local asset
* Fixed nonce handling (sanitization and validation)
* Improved escaping for all output
* Improved file path handling using WordPress functions
1.0.0
= Initial release =
* Exposure scanner
* Severity detection (Critical / Elevated)
* Security score calculation
* Exposure age detection
* Findings dashboard
* Scan history chart
安装
- Upload the plugin files to the /wp-content/plugins/custonis directory
- Activate the plugin through the WordPress plugins screen
- Open the Custonis dashboard
- Run your first scan
常见问题
-
Does Custonis replace a full security plugin?
-
No. Custonis focuses specifically on exposed files and data leaks.
It works best alongside firewall or malware protection plugins. -
Does Custonis modify my website?
-
No. Custonis performs read-only scans and does not change any files or settings.
-
Does the plugin connect to external services?
-
No. All scans are performed locally on your server.
No data is transmitted externally. -
Is Custonis safe for production websites?
-
Yes. The scanner is lightweight and designed to run safely on live websites.
评价
此插件暂无评价。
