Title: BBH Security Insight Author: Md Jahid Shah Published: 31 Mayıs 2026 Last modified: 31 Mayıs 2026 --- Eklentilerde ara ![](https://ps.w.org/bbh-security-insight/assets/banner-772x250.png?rev=3555060) ![](https://ps.w.org/bbh-security-insight/assets/icon-256x256.png?rev=3555060) # BBH Security Insight [Md Jahid Shah](https://profiles.wordpress.org/jahidshah/) tarafından [İndir](https://downloads.wordpress.org/plugin/bbh-security-insight.1.0.0.zip) * [Detaylar](https://tr.wordpress.org/plugins/bbh-security-insight/#description) * [İncelemeler](https://tr.wordpress.org/plugins/bbh-security-insight/#reviews) * [Kurulum](https://tr.wordpress.org/plugins/bbh-security-insight/#installation) * [Geliştirme](https://tr.wordpress.org/plugins/bbh-security-insight/#developers) [Destek](https://wordpress.org/support/plugin/bbh-security-insight/) ## Açıklama BBH Security Insight runs a lightweight, read-only security audit on your WordPress installation and generates a professional Security Risk Report with color-coded risk levels (Critical, Warning, Safe), an overall security score (0–100), and detailed remediation recommendations. This plugin is **completely read-only** — it never modifies files, never changes settings, and never sends data to external servers. It simply inspects your WordPress configuration and reports findings. #### Audit Checks Include * **WordPress Version Exposure** — Detects if your WordPress version is exposed via readme.html or generator tags. * **Database Table Prefix** — Checks if you are using the default `wp_` prefix. * **XML-RPC Status** — Reports whether XML-RPC is enabled or disabled. * **DISALLOW_FILE_EDIT** — Verifies if the built-in file editor is disabled. * **WP_DEBUG Status** — Checks whether debug mode is active on production. * **Directory Browsing** — Checks whether directory listing appears to be disabled. * **readme.html Exposure** — Checks for the presence of the readme file. * **install.php Exposure** — Checks if the installation script is accessible. * **wp-config.php Permissions** — Verifies file permissions on this critical file. * **wp-content Permissions** — Checks directory permissions on your content directory. * **User Enumeration Exposure** — Checks for common user enumeration exposure patterns. * **Security Headers** — Scans for CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy, and X-Content-Type-Options. * **Uploads PHP Execution** — Checks if PHP execution is blocked in the uploads directory. * **Admin Username** — Detects if an administrator uses the default “admin” username. * **Malware Heuristics** — Performs lightweight checks for suspicious code patterns in active plugin and theme PHP files. #### Features * One-click “Run Security Audit” button on the admin dashboard. * Professional, color-coded Security Risk Report with score (0–100). * Human-readable explanations and remediation recommendations for every check. * Dismissible admin reminder notice. * Fully internationalized — ready for translation. * Secure AJAX with nonce verification and capability checks. * WordPress Coding Standards compliant. * No external dependencies — no Composer, no third-party APIs. * Read-only — never makes changes to your site. #### Additional Resources Looking for additional WordPress security guidance? Visit [jahidshah.com](https://jahidshah.com) for documentation, security resources, and professional assistance. ### Support & Contact Need help or want to report an issue? Visit our support page or open a support ticket on the WordPress plugin repository. * Website: https://jahidshah.com/ * Support: https://wordpress.org/support/plugin/bbh-security-insight/ ### Other Plugins * [BBH Custom Schema](https://wordpress.org/plugins/bbh-custom-schema/) – Add custom JSON-LD schema to your website * [BBH SEO Toolkit](https://wordpress.org/plugins/bbh-seo-toolkit/) – Advanced SEO & Structured Data Engine * [AJ FAQ Block](https://wordpress.org/plugins/aj-faq-block/) – Display FAQs with a beautiful block * [AJ Card Element](https://wordpress.org/plugins/aj-card-element/) – Display content in beautiful cards * [AJ Square Testimonial Slider](https://wordpress.org/plugins/aj-square-testimonial-slider/)– Showcase testimonials in a slider * [AJ Category Posts](https://wordpress.org/plugins/aj-category-posts/) – Display posts by category * [AJx Filter for WooCommerce](https://wordpress.org/plugins/ajx-filter-for-woo/)– Advanced product filtering for WooCommerce ## Ekran Görüntüleri * [[ * The BBH Security Insight dashboard with the Run Security Audit button and a completed Security Risk Report showing score, risk level, and detailed check results. * [[ * [[ ## Yükleme 1. Upload the `bbh-security-insight` folder to the `/wp-content/plugins/` directory, or install directly from the WordPress plugin directory. 2. Activate the plugin through the ‘Plugins’ screen in WordPress. 3. Go to **Tools Security Insight** in your WordPress admin menu. 4. Click the **“Run Security Audit”** button to generate your Security Risk Report. ## SSS ### Does this plugin make any changes to my site? No. BBH Security Insight is completely read-only. It inspects your WordPress configuration, files, and settings but never modifies anything. It does not create files, change database records, or alter configurations. ### Does this plugin send data to external servers? No. All scanning is performed locally on your server. No data is sent to external services or third-party servers. The results are stored in your WordPress database and displayed only to logged-in administrators. ### How often should I run a security audit? We recommend running a security audit at least once a month, or after making significant changes to your site such as installing new plugins, updating themes, or modifying server configurations. ### Can this plugin fix the issues it finds? No. The plugin is designed as a diagnostic tool only. It provides detailed recommendations for each issue found, but you will need to implement the fixes yourself or consult with a WordPress security professional. ### What are the malware heuristics? The malware heuristics scan searches active plugin and theme PHP files for common code patterns that are often used in malicious scripts (e.g., base64_decode, eval, gzinflate). This scan has limitations — it can produce false positives from legitimate code, and it may miss sophisticated malware. This heuristic scan is informational only. It may produce false positives and cannot guarantee malware detection or site cleanliness. ## İncelemeler Bu eklenti için herhangi bir değerlendirme bulunmuyor. ## Katkıda Bulunanlar ve Geliştiriciler “BBH Security Insight” açık kaynaklı yazılımdır. Aşağıdaki kişiler bu eklentiye katkıda bulunmuşlardır. Katkıda bulunanlar * [ Md Jahid Shah ](https://profiles.wordpress.org/jahidshah/) [“BBH Security Insight” eklentisini dilinize çevirin.](https://translate.wordpress.org/projects/wp-plugins/bbh-security-insight) ### Geliştirmeyle ilgilenir misiniz? [Kodu görüntüleyin](https://plugins.trac.wordpress.org/browser/bbh-security-insight/), [SVN deposuna](https://plugins.svn.wordpress.org/bbh-security-insight/) göz atın ya da [RSS](https://plugins.trac.wordpress.org/log/bbh-security-insight/?limit=100&mode=stop_on_copy&format=rss) ile [geliştirme günlüğüne](https://plugins.trac.wordpress.org/log/bbh-security-insight/) abone olun. ## Değişiklik Kaydı #### 1.0.0 * Initial release. * 15 read-only security audit checks. * Professional Security Risk Report with color-coded risk levels. * Security score (0–100) with overall risk assessment. * AJAX-powered audit execution with nonce verification. * Dismissible admin notices. * Fully internationalized. * WordPress Coding Standards compliant. ## Meta * Sürüm **1.0.0** * Son güncelleme **3 gün önce** * Etkin kurulumlar **10dan fazla** * WordPress sürümü ** 6.7 veya üstü ** * Test edilen sürüm **7.0** * PHP sürümü ** 7.4 veya üstü ** * Dil * [English (US)](https://wordpress.org/plugins/bbh-security-insight/) * Etiketler * [security](https://tr.wordpress.org/plugins/tags/security/)[security audit](https://tr.wordpress.org/plugins/tags/security-audit/) [security scan](https://tr.wordpress.org/plugins/tags/security-scan/)[site health](https://tr.wordpress.org/plugins/tags/site-health/) [wordpress security](https://tr.wordpress.org/plugins/tags/wordpress-security/) * [Gelişmiş görünüm](https://tr.wordpress.org/plugins/bbh-security-insight/advanced/) ## Puanlar Henüz inceleme gönderilmedi. [Your review](https://wordpress.org/support/plugin/bbh-security-insight/reviews/#new-post) [Tüm değerlendirmeleri görün](https://wordpress.org/support/plugin/bbh-security-insight/reviews/) ## Katkıda bulunanlar * [ Md Jahid Shah ](https://profiles.wordpress.org/jahidshah/) ## Destek Söyleyeceğiniz bir şey mi var? Yardım mı lazım? [Destek forumunu görüntüle](https://wordpress.org/support/plugin/bbh-security-insight/) ## Bağış yap Bu eklentinin geliştirilmesini desteklemek ister misiniz? [ Bu eklentiye bağış yap ](https://www.buymeacoffee.com/jahidshah)