Anonindo Security Advisor

Anonindo Security Advisor helps site owners understand and improve their WordPress security posture without acting like a full firewall suite.

The plugin follows a simple workflow:

• Scan for common WordPress security issues and misconfigurations
• Explain what each issue means in beginner-friendly language
• Show practical guidance and safer best practices
• Offer safe auto-fix actions for selected hardening steps

This plugin is designed to be lightweight, educational, and operationally safe.

Features

• Detects debug mode enabled in production
• Detects dashboard file editing enabled
• Detects XML-RPC exposure
• Detects weak file permissions on common paths
• Detects potentially exposed wp-config.php backup patterns
• Detects outdated plugins and themes
• Detects suspicious administrator account patterns
• Detects REST API user enumeration exposure
• Heuristically scans active theme and plugin PHP files for basic SQL injection and XSS risk patterns
• Scans selected database content for suspicious script-like patterns
• Provides a security score and prioritized recommendations
• Includes an activity log for meaningful security-related site events
• Supports safe auto-fixes for selected hardening improvements