🎉 Use coupon MYXERO to enjoy 20% recurring discount on any plan. View Pricing
XeroWP
Custonis – Security Exposure Scanner
Custonis – Security Exposure Scanner

Custonis – Security Exposure Scanner

0/5 (0 ratings) — active installs Updated May 8, 2026
backup scannerDebug logexposed filesscannersecurity
Download v1.1.7

Custonis detects publicly exposed files that should never be accessible on the internet.

Many WordPress websites unintentionally expose sensitive files such as:

  • database backups (.sql, .zip)
  • exported user or customer data
  • configuration files (.env, wp-config backups)
  • debug logs and error logs
  • development leftovers

These files are actively targeted by bots and attackers because they may expose:

  • database credentials
  • API keys
  • user data
  • internal system information

Why Custonis?

Most security plugins focus on firewalls, malware or login protection.

Custonis focuses on a different but critical attack surface:

👉 Public file exposure

It helps you identify risks that are often overlooked and complements traditional security plugins.

Features

✔ Detect exposed backup files (.zip, .sql, .gz)
✔ Detect debug logs and error logs
✔ Detect configuration backups and sensitive files
✔ Detect exposed Git repositories
✔ Detect directory listing vulnerabilities
✔ Database health checks (large tables, autoload size, transients, revisions)
✔ Severity classification (Critical / Elevated / Low)
✔ Security score calculation
✔ Risk level indicator
✔ Exposure age tracking (when issues first appeared)
✔ Detailed findings dashboard with explanations and fixes
✔ Scan history chart
✔ Fast and lightweight scanning
✔ 100% local scanning (no external API calls)

How it works

  1. Install and activate the plugin
  2. Open the Custonis dashboard
  3. Run a security scan
  4. Review detected exposures and fix issues

Custonis performs read-only scans and does not modify your website.

1.1.7

= Fixed =
* Fixed missing “first detected” timestamps for findings
* Fixed finding lifecycle persistence across repeated scans
* Fixed overly aggressive severity classification for transient cache findings

Improved

  • Improved finding history tracking and exposure timeline accuracy
  • Improved database health severity evaluation
  • Improved consistency of finding status handling (new / existing)
  • More reliable exposure age tracking between scans

UX

  • Clearer exposure timeline information
  • More accurate risk presentation for database-related findings

1.1.6

= Fixed =
* Fixed detection regression for publicly exposed debug.log files
* Fixed exposure validation issues on hosting environments returning soft-404 responses
* Fixed multiple false positives for non-existing backup and environment files

Improved

  • Improved HTTP exposure verification logic
  • Improved detection accuracy for publicly accessible files
  • Better filtering of invalid HTML fallback responses
  • More reliable validation of exposed backup archives and configuration files
  • Improved compatibility with modern hosting and caching setups

Security

  • Improved exposure validation for debug logs and backup files
  • Reduced risk of incorrect exposure reporting

UX

  • Cleaner and more trustworthy scan results
  • Reduced false positives and invalid findings

1.1.5

= Improved =
* Significantly improved exposure detection accuracy
* Reduced false positives for backup and environment file detection
* Improved validation of publicly accessible files and directories
* Better handling of soft-404 and fallback responses on modern hosting environments
* More reliable exposure verification logic

Security

  • Improved detection quality for exposed backup archives
  • Improved ENV file validation using content-based verification
  • Improved filtering of invalid exposure results

UX

  • Cleaner and more trustworthy scan results
  • Reduced noise from invalid findings

1.1.4

= Improved =
* Fixed exposure timeline (first detected now tracked correctly)
* Improved consistency of finding history across scans
* Enhanced score accuracy for repeated findings

Added

  • Score breakdown (critical / elevated issues) directly in dashboard
  • More transparent risk evaluation for users

UX

  • Improved clarity of exposure age and status
  • Cleaner and more understandable dashboard feedback

1.1.3

  • Optimized false positives

1.1.2

  • Fixed version inconsistency in trunk

1.1.1

  • Fixed dashboard live stats not updating after scan
  • Improved scan result persistence

1.1

= Improved =
* Significantly improved scan stability and execution flow
* Optimized background scanning process
* More accurate live scan progress tracking
* Improved performance for large websites
* Enhanced scan result storage and reliability
* Refined dashboard UI and scan experience

Added

  • Improved filesystem scanning coverage
  • Enhanced database analysis
  • More precise detection of exposed files and risks
  • Better scan step handling and progress visualization

Internal

  • Codebase cleanup and structural improvements
  • Optimized AJAX handling and data flow

1.0.1

= Fixed =
* Removed all Pro / license / cron related functionality for full compliance with WordPress.org guidelines
* Replaced external CDN (Chart.js) with local asset
* Fixed nonce handling (sanitization and validation)
* Improved escaping for all output
* Improved file path handling using WordPress functions

1.0.0

= Initial release =
* Exposure scanner
* Severity detection (Critical / Elevated)
* Security score calculation
* Exposure age detection
* Findings dashboard
* Scan history chart