Custom WordPress plugin built to detect vulnerabilities, misconfigurations and exposure risks across 8 security modules. Passive scanning only — no changes made to scanned sites.
🌐 Live at roocyber.com
RooCyber scans any WordPress site and returns an overall security score (0–100), risk level and issue breakdown per module with severity ratings (Critical / High / Medium / Low).
100% passive — no intrusive actions, no authentication required, no changes to the target site.
| Module | What it checks |
|---|---|
| SSL / TLS | Certificate validity, protocol version, cipher strength |
| Security Headers | X-Frame-Options, CSP, HSTS, Referrer-Policy and more |
| Malware & Reputation | Google Safe Browsing status, malware signatures in HTML |
| WordPress Risk | xmlrpc.php, user enumeration, debug mode, readme exposure |
| Server & Software | Outdated components, WAF presence, fingerprinting |
| Privacy & Exposure | Sensitive files accessible, directory listing, PHP errors |
| Website Redirects | Redirect loops, HTTPS downgrades, cross-domain redirects |
| Search Visibility | noindex detection, canonical URL, HTTPS consistency |
| Module |
|---|
| Malware |
| WordPress Risk |
| Security Headers |
| SSL / TLS |
| Privacy & Exposure |
| Redirects |
| Server & Software |
| SEO / Visibility |
| Score | Grade | Risk |
|---|---|---|
| 85–100 | A | Low |
| 70–84 | B | Low |
| 55–69 | C | Medium |
| 40–54 | D | Medium |
| 0–39 | F | High |
Built as a custom WordPress plugin with a modular structure:
- Core engine — orchestrates scan, scoring and rendering
- 8 detection modules — one per security area
- Admin backend — internal service and client management
- Stripe integration — payment and token-based report delivery
- Free instant security scan
- Detailed paid security report
- Manual security fix service
- Monthly maintenance and monitoring
WordPress · PHP · MySQL · Stripe API · cURL
Built and maintained by Diego Fernandez — Australia, 2025–2026