{"id":274322,"date":"2026-02-16T17:07:57","date_gmt":"2026-02-16T17:07:57","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/boonrisk-site-security-check-report\/"},"modified":"2026-02-16T17:38:27","modified_gmt":"2026-02-16T17:38:27","slug":"boonrisk-site-security-check-report","status":"publish","type":"plugin","link":"https:\/\/da.wordpress.org\/plugins\/boonrisk-site-security-check-report\/","author":20950101,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.2","stable_tag":"1.0.2","tested":"6.9.4","requires":"5.0","requires_php":"7.4","requires_plugins":null,"header_name":"BoonRisk \u2013 Site Security Check & Report","header_author":"boonband","header_description":"Safe, read-only security check for WordPress. Get a clear security report with risks explained and actionable recommendations. No scanning, blocking, or site changes.","assets_banners_color":"f0f4f6","last_updated":"2026-02-16 17:38:27","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/boonrisk.com","header_author_uri":"https:\/\/boonrisk.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":160,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.2":{"tag":"1.0.2","author":"boonband","date":"2026-02-16 17:38:27"}},"upgrade_notice":{"1.0.2":"<p>Improved settings sanitization and text domain compliance for WordPress plugin review.<\/p>","1.0.0":"<p>Initial public release. Security posture assessment with 30 checks, prioritized findings, and printable reports.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3462732,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3462732,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3462732,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3462732,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.2"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3462732,"resolution":"1","location":"assets","locale":""}},"screenshots":{"1":"Security Posture Summary with risk level explanation","2":"Top Risks prioritized by impact","3":"All Findings with explainability","4":"Printable Local Report"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[8533,31093,600,151481,6460],"plugin_category":[54],"plugin_contributors":[255968],"plugin_business_model":[],"class_list":["post-274322","plugin","type-plugin","status-publish","hentry","plugin_tags-audit","plugin_tags-hardening","plugin_tags-security","plugin_tags-site-health","plugin_tags-vulnerability","plugin_category-security-and-spam-protection","plugin_contributors-boonband","plugin_committers-boonband"],"banners":{"banner":"https:\/\/ps.w.org\/boonrisk-site-security-check-report\/assets\/banner-772x250.png?rev=3462732","banner_2x":"https:\/\/ps.w.org\/boonrisk-site-security-check-report\/assets\/banner-1544x500.png?rev=3462732","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/boonrisk-site-security-check-report\/assets\/icon-128x128.png?rev=3462732","icon_2x":"https:\/\/ps.w.org\/boonrisk-site-security-check-report\/assets\/icon-256x256.png?rev=3462732","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/boonrisk-site-security-check-report\/assets\/screenshot-1.png?rev=3462732","caption":"Security Posture Summary with risk level explanation"}],"raw_content":"<!--section=description-->\n<p>BoonRisk gives you a <strong>clear security and readiness report<\/strong> for your WordPress site. See exactly what security risks exist, why they matter, and what to do about them \u2014 all explained in plain language.<\/p>\n\n<p><strong>Safe &amp; Read-Only:<\/strong> This plugin only reads your site configuration. It does not scan files, block traffic, or make any changes to your WordPress installation.<\/p>\n\n<h4>What You Get<\/h4>\n\n<ul>\n<li><strong>Security Check Report<\/strong> \u2014 See your site's security status: PHP version, WordPress updates, user settings, HTTPS, and 30+ configuration checks<\/li>\n<li><strong>Clear Explanations<\/strong> \u2014 Every finding explains \"why this matters\" and \"what to do about it\" in plain language<\/li>\n<li><strong>Prioritized Risks<\/strong> \u2014 Top risks ranked by impact so you know what to fix first<\/li>\n<li><strong>Printable Report<\/strong> \u2014 Professional HTML report you can view, print, or share directly from WordPress admin<\/li>\n<\/ul>\n\n<h4>What This Plugin Does NOT Do (100% Safe)<\/h4>\n\n<ul>\n<li><strong>No file scanning<\/strong> \u2014 Does not scan your files or look for malware<\/li>\n<li><strong>No traffic blocking<\/strong> \u2014 Does not act as a firewall or block visitors<\/li>\n<li><strong>No site changes<\/strong> \u2014 Does not modify settings, files, or database<\/li>\n<li><strong>No active testing<\/strong> \u2014 Does not simulate attacks or run security scans<\/li>\n<li><strong>Read-only analysis<\/strong> \u2014 Only reads your configuration, never writes or changes anything<\/li>\n<\/ul>\n\n<h4>Who Is It For?<\/h4>\n\n<ul>\n<li><strong>Site owners<\/strong> \u2014 Understand your security risks without technical expertise<\/li>\n<li><strong>Freelancers &amp; agencies<\/strong> \u2014 Generate client-ready reports in minutes<\/li>\n<li><strong>Developers<\/strong> \u2014 Quick baseline check before or after deployments<\/li>\n<li><strong>Teams<\/strong> \u2014 Consistent security reporting across multiple WordPress sites<\/li>\n<\/ul>\n\n<h4>Free Security Check (No Account Required)<\/h4>\n\n<p>Run a complete security and readiness check instantly \u2014 100% local, no data sent anywhere:<\/p>\n\n<ul>\n<li><strong>Overall Risk Level<\/strong> \u2014 Clear Low\/Medium\/High rating with explanation of what it means<\/li>\n<li><strong>Top Risks First<\/strong> \u2014 See your biggest security issues ranked by impact<\/li>\n<li><strong>30+ Configuration Checks<\/strong> \u2014 WordPress updates, PHP version, HTTPS, user permissions, backups, 2FA, debug mode, and more<\/li>\n<li><strong>Action Plan<\/strong> \u2014 Every issue includes \"why it matters\" and \"how to fix it\"<\/li>\n<li><strong>Professional Report<\/strong> \u2014 Printable HTML report you can view in WordPress admin or share with your team<\/li>\n<\/ul>\n\n<p><strong>What you'll learn:<\/strong> \"Is my site at risk?\" and \"What should I fix first?\"<\/p>\n\n<p><strong>100% Private:<\/strong> All checks run on your server. Nothing is sent externally. No account or email required.<\/p>\n\n<h4>Optional: Web Dashboard<\/h4>\n\n<p>Connect the plugin to the <a href=\"https:\/\/boonrisk.com\/\">BoonRisk web dashboard<\/a> for additional capabilities (optional, requires free account):<\/p>\n\n<ul>\n<li><strong><a href=\"https:\/\/boonrisk.com\/scanner\/\">Surface Scan<\/a><\/strong> \u2014 External scan of your site's public-facing security headers, SSL configuration, and exposed services<\/li>\n<li><strong>Vulnerability Intelligence<\/strong> \u2014 Known CVEs matched to your installed plugins and themes with severity ratings<\/li>\n<li><strong>Continuous Monitoring<\/strong> \u2014 Automatic daily checks with alerts when your security posture changes<\/li>\n<li><strong>Track Over Time<\/strong> \u2014 See how your site security improves (or changes) month over month<\/li>\n<li><strong>PDF Reports<\/strong> \u2014 Download professional reports to share with clients or management<\/li>\n<\/ul>\n\n<p><strong>Note:<\/strong> The local security check is fully functional on its own. The web dashboard is completely optional.<\/p>\n\n<p>Learn more at <a href=\"https:\/\/boonrisk.com\/\">boonrisk.com<\/a><\/p>\n\n<h3>How It Works<\/h3>\n\n<h4>Local Assessment (Default)<\/h4>\n\n<ol>\n<li>Install and activate the plugin<\/li>\n<li>Go to <strong>BoonRisk<\/strong> \u2192 <strong>Local Assessment<\/strong><\/li>\n<li>Click <strong>Run Assessment Now<\/strong><\/li>\n<li>View your Security Posture Summary and Top Risks<\/li>\n<li>Click <strong>View Full Report<\/strong> for a printable HTML report<\/li>\n<\/ol>\n\n<p>All analysis happens on your server. Nothing is sent externally.<\/p>\n\n<h4>Web Dashboard (Optional)<\/h4>\n\n<ol>\n<li>Create a free account at <a href=\"https:\/\/boonrisk.com\/\">boonrisk.com<\/a><\/li>\n<li>Go to <strong>BoonRisk<\/strong> \u2192 <strong>Connect (Optional)<\/strong><\/li>\n<li>Enter your API key<\/li>\n<li>Send your assessment to the dashboard for vulnerability intelligence, surface scan, and monitoring<\/li>\n<\/ol>\n\n<p>External API calls only happen when you explicitly request them.<\/p>\n\n<h3>Data Usage<\/h3>\n\n<h4>Local Assessment<\/h4>\n\n<p>In local mode, <strong>no data is sent externally<\/strong>. All checks run inside WordPress.<\/p>\n\n<h4>Web Dashboard (Optional)<\/h4>\n\n<p>When you send data to the dashboard, the following is transmitted:<\/p>\n\n<ul>\n<li>PHP and WordPress versions<\/li>\n<li>Active plugin and theme names\/versions<\/li>\n<li>Configuration flags (debug mode, file editor status, etc.)<\/li>\n<\/ul>\n\n<p>What you get in return:<\/p>\n\n<ul>\n<li>Known vulnerability data for your installed plugins and themes<\/li>\n<li>Surface scan results for public-facing security<\/li>\n<li>Severity context for identified risks<\/li>\n<li>Historical trend data and monitoring alerts<\/li>\n<\/ul>\n\n<p><strong>What is never collected:<\/strong><\/p>\n\n<ul>\n<li>User data or personal information<\/li>\n<li>Passwords or credentials<\/li>\n<li>Post\/page content<\/li>\n<li>Database contents<\/li>\n<li>File contents<\/li>\n<\/ul>\n\n<p>Data is sent <strong>only when you click<\/strong> Send to Dashboard or enable automatic daily sync. No personal data is collected.<\/p>\n\n<h3>Privacy Policy<\/h3>\n\n<p>Read our full privacy policy at https:\/\/boonrisk.com\/privacy<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin to <code>\/wp-content\/plugins\/boonrisk\/<\/code> or install through WordPress plugins<\/li>\n<li>Activate through the 'Plugins' screen<\/li>\n<li>Navigate to <strong>BoonRisk<\/strong> \u2192 <strong>Local Assessment<\/strong><\/li>\n<li>Click <strong>Run Assessment Now<\/strong> \u2014 no setup required<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"do%20i%20need%20to%20register%20to%20use%20this%20plugin%3F\"><h3>Do I need to register to use this plugin?<\/h3><\/dt>\n<dd><p>No. Local assessment works immediately without any registration or API key.<\/p><\/dd>\n<dt id=\"what%27s%20the%20difference%20between%20the%20plugin%20and%20the%20web%20dashboard%3F\"><h3>What's the difference between the plugin and the web dashboard?<\/h3><\/dt>\n<dd><p>The plugin runs 30+ configuration checks entirely on your server. The web dashboard (optional) adds external surface scanning, known vulnerability matching for your plugins and themes, continuous monitoring, and PDF reports.<\/p><\/dd>\n<dt id=\"does%20this%20plugin%20slow%20down%20my%20site%3F\"><h3>Does this plugin slow down my site?<\/h3><\/dt>\n<dd><p>No. The plugin is read-only and only runs when you trigger an assessment from the admin panel. It has no impact on frontend performance.<\/p><\/dd>\n<dt id=\"is%20this%20a%20security%20plugin%20like%20wordfence%3F\"><h3>Is this a security plugin like Wordfence?<\/h3><\/dt>\n<dd><p>No. BoonRisk is a security posture assessment tool, not a protection tool. It explains your configuration and risks but does not block traffic, scan for malware, or auto-fix issues. It works alongside any existing security plugin.<\/p><\/dd>\n<dt id=\"can%20i%20use%20this%20for%20client%20sites%3F\"><h3>Can I use this for client sites?<\/h3><\/dt>\n<dd><p>Yes. The printable HTML report is designed to be shared. Run an assessment, click View Full Report, and print or save as PDF directly from your browser. With the optional web dashboard you can also generate PDF reports.<\/p><\/dd>\n<dt id=\"does%20this%20plugin%20make%20external%20connections%3F\"><h3>Does this plugin make external connections?<\/h3><\/dt>\n<dd><p>Only when you explicitly send data to the web dashboard (optional). Local assessment makes no external connections.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Added sanitize_callback for register_setting() compliance<\/li>\n<li>Fixed text domain to match plugin slug for community translations<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial public release<\/li>\n<li>Local assessment mode (no registration required)<\/li>\n<li>Security Posture Summary with human-readable risk level<\/li>\n<li>Top Risks section prioritized by impact<\/li>\n<li>30 configuration checks across Security, Trust &amp; Readiness<\/li>\n<li>Printable HTML reports<\/li>\n<li>Optional web dashboard integration for vulnerability intelligence<\/li>\n<li>Read-only assessment with clear \"what to do\" guidance<\/li>\n<\/ul>","raw_excerpt":"Security posture report for WordPress \u2014 30+ checks, prioritized risks, and a printable report. Get a clear picture in minutes.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/da.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/274322","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/da.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/da.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/da.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=274322"}],"author":[{"embeddable":true,"href":"https:\/\/da.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/boonband"}],"wp:attachment":[{"href":"https:\/\/da.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=274322"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/da.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=274322"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/da.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=274322"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/da.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=274322"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/da.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=274322"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/da.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=274322"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}