Title: Custonis – Security Exposure Scanner
Author: custonis
Published: <strong>March 23, 2026</strong>
Last modified: May 21, 2026

---

Search plugins

![](https://ps.w.org/custonis-security-exposure-scanner/assets/banner-772x250.png?
rev=3497503)

![](https://ps.w.org/custonis-security-exposure-scanner/assets/icon-256x256.png?
rev=3497350)

# Custonis – Security Exposure Scanner

 By [custonis](https://profiles.wordpress.org/custonis/)

[Download](https://downloads.wordpress.org/plugin/custonis-security-exposure-scanner.1.1.7.zip)

 * [Details](https://vec.wordpress.org/plugins/custonis-security-exposure-scanner/#description)
 * [Reviews](https://vec.wordpress.org/plugins/custonis-security-exposure-scanner/#reviews)
 *  [Installation](https://vec.wordpress.org/plugins/custonis-security-exposure-scanner/#installation)
 * [Development](https://vec.wordpress.org/plugins/custonis-security-exposure-scanner/#developers)

 [Support](https://wordpress.org/support/plugin/custonis-security-exposure-scanner/)

## Description

Custonis detects publicly exposed files that should never be accessible on the internet.

Many WordPress websites unintentionally expose sensitive files such as:

 * database backups (.sql, .zip)
 * exported user or customer data
 * configuration files (.env, wp-config backups)
 * debug logs and error logs
 * development leftovers

These files are actively targeted by bots and attackers because they may expose:

 * database credentials
 * API keys
 * user data
 * internal system information

### Why Custonis?

Most security plugins focus on firewalls, malware or login protection.

Custonis focuses on a different but critical attack surface:

👉 Public file exposure

It helps you identify risks that are often overlooked and complements traditional
security plugins.

### Features

✔ Detect exposed backup files (.zip, .sql, .gz)
 ✔ Detect debug logs and error logs
✔ Detect configuration backups and sensitive files ✔ Detect exposed Git repositories
✔ Detect directory listing vulnerabilities ✔ Database health checks (large tables,
autoload size, transients, revisions) ✔ Severity classification (Critical / Elevated/
Low) ✔ Security score calculation ✔ Risk level indicator ✔ Exposure age tracking(
when issues first appeared) ✔ Detailed findings dashboard with explanations and 
fixes ✔ Scan history chart ✔ Fast and lightweight scanning ✔ 100% local scanning(
no external API calls)

### How it works

 1. Install and activate the plugin
 2. Open the Custonis dashboard
 3. Run a security scan
 4. Review detected exposures and fix issues

Custonis performs read-only scans and does not modify your website.

### 1.1.7

= Fixed =
 * Fixed missing “first detected” timestamps for findings * Fixed finding
lifecycle persistence across repeated scans * Fixed overly aggressive severity classification
for transient cache findings

#### Improved

 * Improved finding history tracking and exposure timeline accuracy
 * Improved database health severity evaluation
 * Improved consistency of finding status handling (new / existing)
 * More reliable exposure age tracking between scans

#### UX

 * Clearer exposure timeline information
 * More accurate risk presentation for database-related findings

### 1.1.6

= Fixed =
 * Fixed detection regression for publicly exposed debug.log files * Fixed
exposure validation issues on hosting environments returning soft-404 responses *
Fixed multiple false positives for non-existing backup and environment files

#### Improved

 * Improved HTTP exposure verification logic
 * Improved detection accuracy for publicly accessible files
 * Better filtering of invalid HTML fallback responses
 * More reliable validation of exposed backup archives and configuration files
 * Improved compatibility with modern hosting and caching setups

#### Security

 * Improved exposure validation for debug logs and backup files
 * Reduced risk of incorrect exposure reporting

#### UX

 * Cleaner and more trustworthy scan results
 * Reduced false positives and invalid findings

### 1.1.5

= Improved =
 * Significantly improved exposure detection accuracy * Reduced false
positives for backup and environment file detection * Improved validation of publicly
accessible files and directories * Better handling of soft-404 and fallback responses
on modern hosting environments * More reliable exposure verification logic

#### Security

 * Improved detection quality for exposed backup archives
 * Improved ENV file validation using content-based verification
 * Improved filtering of invalid exposure results

#### UX

 * Cleaner and more trustworthy scan results
 * Reduced noise from invalid findings

### 1.1.4

= Improved =
 * Fixed exposure timeline (first detected now tracked correctly) *
Improved consistency of finding history across scans * Enhanced score accuracy for
repeated findings

#### Added

 * Score breakdown (critical / elevated issues) directly in dashboard
 * More transparent risk evaluation for users

#### UX

 * Improved clarity of exposure age and status
 * Cleaner and more understandable dashboard feedback

### 1.1.3

 * Optimized false positives

### 1.1.2

 * Fixed version inconsistency in trunk

### 1.1.1

 * Fixed dashboard live stats not updating after scan
 * Improved scan result persistence

### 1.1

= Improved =
 * Significantly improved scan stability and execution flow * Optimized
background scanning process * More accurate live scan progress tracking * Improved
performance for large websites * Enhanced scan result storage and reliability * 
Refined dashboard UI and scan experience

#### Added

 * Improved filesystem scanning coverage
 * Enhanced database analysis
 * More precise detection of exposed files and risks
 * Better scan step handling and progress visualization

#### Internal

 * Codebase cleanup and structural improvements
 * Optimized AJAX handling and data flow

### 1.0.1

= Fixed =
 * Removed all Pro / license / cron related functionality for full compliance
with WordPress.org guidelines * Replaced external CDN (Chart.js) with local asset*
Fixed nonce handling (sanitization and validation) * Improved escaping for all output*
Improved file path handling using WordPress functions

### 1.0.0

= Initial release =
 * Exposure scanner * Severity detection (Critical / Elevated)*
Security score calculation * Exposure age detection * Findings dashboard * Scan 
history chart

## Screenshots

[⌊Dashboard overview⌉⌊Dashboard overview⌉[

Dashboard overview

[⌊Findings table with severity levels⌉⌊Findings table with severity levels⌉[

Findings table with severity levels

[⌊Security score and risk indicator⌉⌊Security score and risk indicator⌉[

Security score and risk indicator

[⌊Scan progress with live status⌉⌊Scan progress with live status⌉[

Scan progress with live status

[⌊Scan history chart⌉⌊Scan history chart⌉[

Scan history chart

[[

## Installation

 1. Upload the plugin files to the /wp-content/plugins/custonis directory
 2. Activate the plugin through the WordPress plugins screen
 3. Open the Custonis dashboard
 4. Run your first scan

## FAQ

### Does Custonis replace a full security plugin?

No. Custonis focuses specifically on exposed files and data leaks.
 It works best
alongside firewall or malware protection plugins.

### Does Custonis modify my website?

No. Custonis performs read-only scans and does not change any files or settings.

### Does the plugin connect to external services?

No. All scans are performed locally on your server.
 No data is transmitted externally.

### Is Custonis safe for production websites?

Yes. The scanner is lightweight and designed to run safely on live websites.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“Custonis – Security Exposure Scanner” is open source software. The following people
have contributed to this plugin.

Contributors

 *   [ custonis ](https://profiles.wordpress.org/custonis/)

[Translate “Custonis – Security Exposure Scanner” into your language.](https://translate.wordpress.org/projects/wp-plugins/custonis-security-exposure-scanner)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/custonis-security-exposure-scanner/),
check out the [SVN repository](https://plugins.svn.wordpress.org/custonis-security-exposure-scanner/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/custonis-security-exposure-scanner/)
by [RSS](https://plugins.trac.wordpress.org/log/custonis-security-exposure-scanner/?limit=100&mode=stop_on_copy&format=rss).

## Meta

 *  Version **1.1.7**
 *  Last updated **2 months ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 6.0 or higher **
 *  Tested up to **7.0**
 *  PHP version ** 7.4 or higher **
 *  Language
 * [English (US)](https://wordpress.org/plugins/custonis-security-exposure-scanner/)
 * Tags
 * [Debug log](https://vec.wordpress.org/plugins/tags/debug-log/)[scanner](https://vec.wordpress.org/plugins/tags/scanner/)
   [security](https://vec.wordpress.org/plugins/tags/security/)
 *  [Advanced View](https://vec.wordpress.org/plugins/custonis-security-exposure-scanner/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/custonis-security-exposure-scanner/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/custonis-security-exposure-scanner/reviews/)

## Contributors

 *   [ custonis ](https://profiles.wordpress.org/custonis/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/custonis-security-exposure-scanner/)