Custonis – Security Exposure Scanner

تفصیل

Custonis detects publicly exposed files that should never be accessible on the internet.

Many WordPress websites unintentionally expose sensitive files such as:

• database backups (.sql, .zip)
• exported user or customer data
• configuration files (.env, wp-config backups)
• debug logs and error logs
• development leftovers

These files are actively targeted by bots and attackers because they may expose:

• database credentials
• API keys
• user data
• internal system information

Why Custonis?

Most security plugins focus on firewalls, malware or login protection.

Custonis focuses on a different but critical attack surface:

👉 Public file exposure

It helps you identify risks that are often overlooked and complements traditional security plugins.

Features

✔ Detect exposed backup files (.zip, .sql, .gz)
✔ Detect debug logs and error logs
✔ Detect configuration backups and sensitive files
✔ Detect exposed Git repositories
✔ Detect directory listing vulnerabilities
✔ Database health checks (large tables, autoload size, transients, revisions)
✔ Severity classification (Critical / Elevated / Low)
✔ Security score calculation
✔ Risk level indicator
✔ Exposure age tracking (when issues first appeared)
✔ Detailed findings dashboard with explanations and fixes
✔ Scan history chart
✔ Fast and lightweight scanning
✔ 100% local scanning (no external API calls)

How it works

1. Install and activate the plugin
2. Open the Custonis dashboard
3. Run a security scan
4. Review detected exposures and fix issues

Custonis performs read-only scans and does not modify your website.

1.1.7

= Fixed =
* Fixed missing "first detected” timestamps for findings
* Fixed finding lifecycle persistence across repeated scans
* Fixed overly aggressive severity classification for transient cache findings

Improved

• Improved finding history tracking and exposure timeline accuracy
• Improved database health severity evaluation
• Improved consistency of finding status handling (new / existing)
• More reliable exposure age tracking between scans

UX

• Clearer exposure timeline information
• More accurate risk presentation for database-related findings

1.1.6

= Fixed =
* Fixed detection regression for publicly exposed debug.log files
* Fixed exposure validation issues on hosting environments returning soft-404 responses
* Fixed multiple false positives for non-existing backup and environment files

Improved

• Improved HTTP exposure verification logic
• Improved detection accuracy for publicly accessible files
• Better filtering of invalid HTML fallback responses
• More reliable validation of exposed backup archives and configuration files
• Improved compatibility with modern hosting and caching setups

Security

• Improved exposure validation for debug logs and backup files
• Reduced risk of incorrect exposure reporting

UX

• Cleaner and more trustworthy scan results
• Reduced false positives and invalid findings

1.1.5

= Improved =
* Significantly improved exposure detection accuracy
* Reduced false positives for backup and environment file detection
* Improved validation of publicly accessible files and directories
* Better handling of soft-404 and fallback responses on modern hosting environments
* More reliable exposure verification logic

Security

• Improved detection quality for exposed backup archives
• Improved ENV file validation using content-based verification
• Improved filtering of invalid exposure results

UX

• Cleaner and more trustworthy scan results
• Reduced noise from invalid findings

1.1.4

= Improved =
* Fixed exposure timeline (first detected now tracked correctly)
* Improved consistency of finding history across scans
* Enhanced score accuracy for repeated findings

Added

• Score breakdown (critical / elevated issues) directly in dashboard
• More transparent risk evaluation for users

UX

• Improved clarity of exposure age and status
• Cleaner and more understandable dashboard feedback

1.1.3

• Optimized false positives

1.1.2

• Fixed version inconsistency in trunk

1.1.1

• Fixed dashboard live stats not updating after scan
• Improved scan result persistence

1.1

= Improved =
* Significantly improved scan stability and execution flow
* Optimized background scanning process
* More accurate live scan progress tracking
* Improved performance for large websites
* Enhanced scan result storage and reliability
* Refined dashboard UI and scan experience

Added

• Improved filesystem scanning coverage
• Enhanced database analysis
• More precise detection of exposed files and risks
• Better scan step handling and progress visualization

Internal

• Codebase cleanup and structural improvements
• Optimized AJAX handling and data flow

1.0.1

= Fixed =
* Removed all Pro / license / cron related functionality for full compliance with WordPress.org guidelines
* Replaced external CDN (Chart.js) with local asset
* Fixed nonce handling (sanitization and validation)
* Improved escaping for all output
* Improved file path handling using WordPress functions

1.0.0

= Initial release =
* Exposure scanner
* Severity detection (Critical / Elevated)
* Security score calculation
* Exposure age detection
* Findings dashboard
* Scan history chart