Title: Steel Security & Hardening – Site Audit Tools Author: sweetwatermedia Published: 28 Aprile 2026 Last modified: 28 Aprile 2026 --- Ricerca i plugin ![](https://ps.w.org/steel-security/assets/banner-772x250.png?rev=3517816) ![](https://ps.w.org/steel-security/assets/icon-256x256.png?rev=3517818) # Steel Security & Hardening – Site Audit Tools Di [sweetwatermedia](https://profiles.wordpress.org/sweetwatermedia/) [Scarica](https://downloads.wordpress.org/plugin/steel-security.1.0.4.zip) * [Dettagli](https://it.wordpress.org/plugins/steel-security/#description) * [Recensioni](https://it.wordpress.org/plugins/steel-security/#reviews) * [Installazione](https://it.wordpress.org/plugins/steel-security/#installation) * [Sviluppo](https://it.wordpress.org/plugins/steel-security/#developers) [Supporto](https://wordpress.org/support/plugin/steel-security/) ## Descrizione Steel Security & Hardening – Site Audit Tools focuses on practical security hygiene for WordPress administrators. The free plugin provides: * on-demand security scans * risk summaries grouped by severity and category * checks for common WordPress hardening gaps * checks for exposed root-level artifacts such as `.env`, SQL dumps, `phpinfo` files, and backup archives * a quarantine vault for operator-reviewed file isolation * uploads PHP execution blocking on supported server environments * manual guidance when automatic server hardening is not safely supported This plugin is positioned as an auditing and hardening tool. It helps surface risk and apply selected preventive controls, but it does not promise malware removal, incident response, or complete server protection. #### Included checks The scan currently looks for items such as: * PHP error display exposure * `WP_DEBUG` and `debug.log` exposure * XML-RPC availability * author and REST user enumeration exposure * theme/plugin file editor availability * WordPress generator meta output * comments enabled by default * uploads PHP execution hardening status * root-level sensitive files and archives #### Server-aware behavior This plugin only auto-applies server config changes where it can do so in a scoped and reversible way. * Apache and LiteSpeed: uploads PHP blocking is managed through a Steel Security- marked `.htaccess` block * IIS: uploads PHP blocking is managed through a Steel Security-marked `web.config` section * Nginx and unsupported environments: Steel Security provides manual guidance instead of claiming automatic protection #### Pro companion This plugin can work with a separate Pro companion plugin that adds features such as scheduled scans, scan history, reports, and managed server-level controls such as directory listing protection and baseline security headers. The free plugin remains usable on its own. ## Installazione 1. Upload the plugin files to the `/wp-content/plugins/steel-security` directory, or install the plugin through the WordPress plugins screen. 2. Activate the plugin through the ‘Plugins’ screen in WordPress. 3. Open `Steel Security` in wp-admin to review the dashboard, run a scan, and configure hardening controls. ## FAQ ### Does this plugin make remote calls? The free plugin does not rely on a third-party service for core scanning or hardening, and it does not require remote API calls for its free feature set. ### Does this plugin remove malware automatically? No. This plugin is designed to audit, surface risk, and help with selective hardening and operator-reviewed quarantine workflows. It should not be described as an automatic malware removal tool. ### Will this plugin edit my server configuration? Only for specific controls where the plugin can write a clearly delimited, reversible block on supported servers. Unsupported environments receive manual guidance instead. ### What happens on uninstall? The plugin removes its stored scan data, settings, and hardening rollback metadata. Quarantine payloads are intentionally preserved so operators can review and handle them manually. ## Recensioni Non ci sono recensioni per questo plugin. ## Contributi e sviluppo “Steel Security & Hardening – Site Audit Tools” è un software open source. Le persone che hanno contribuito allo sviluppo di questo plugin sono indicate di seguito. Collaboratori * [ sweetwatermedia ](https://profiles.wordpress.org/sweetwatermedia/) [Traduci “Steel Security & Hardening – Site Audit Tools” nella tua lingua.](https://translate.wordpress.org/projects/wp-plugins/steel-security) ### Ti interessa lo sviluppo? [Esplora il codice](https://plugins.trac.wordpress.org/browser/steel-security/) segui il [repository SVN](https://plugins.svn.wordpress.org/steel-security/), segui il [log delle modifiche](https://plugins.trac.wordpress.org/log/steel-security/) tramite [RSS](https://plugins.trac.wordpress.org/log/steel-security/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.0.4 * refreshed the free plugin release package for the latest WordPress.org submission #### 1.0.3 * finalized the WordPress.org review follow-up fixes, removed dormant Pro-only local hardening code from Free, moved rollback metadata out of uploads, and refreshed the release package #### 1.0.2 * rebuilt the free plugin package after final WordPress.org review fixes and packaging updates #### 1.0.1 * clarified advisory-only handling for `DISALLOW_FILE_MODS` and excluded it from hardening posture scoring * moved managed directory listing and baseline security headers fully into the Pro companion plugin * replaced hardening-page Pro placeholders with a contextual upgrade section * moved admin-page JavaScript to enqueued assets and tightened WordPress.org review compliance #### 1.0.0 * finalized WordPress.org-compliant free plugin naming and packaging * aligned Pro package naming to Steel Security Pro for clearer installs * refreshed the Steel Security logo asset in the admin header #### 0.1.2 * narrowed backup archive detection to avoid false positives from plugin files in backup-related paths * improved first-scan dashboard messaging so new installs prompt for a scan instead of showing a misleading high-risk empty state * improved action button labels and tooltips for quarantine workflows * tightened uninstall cleanup for Free and Pro-owned data and rollback metadata #### 0.1.1 * refreshed release packaging * improved dashboard and scan presentation ## Meta * Versione **1.0.4** * Ultimo aggiornamento **2 mesi fa** * Installazioni attive **10+** * Versione WordPress ** 6.4 o superiore ** * Testato fino alla versione **6.9.4** * Versione PHP ** 8.0 o superiore ** * Lingua * [English (US)](https://wordpress.org/plugins/steel-security/) * Tag * [audit](https://it.wordpress.org/plugins/tags/audit/)[hardening](https://it.wordpress.org/plugins/tags/hardening/) [scanner](https://it.wordpress.org/plugins/tags/scanner/)[security](https://it.wordpress.org/plugins/tags/security/) * [Visualizzazione avanzata](https://it.wordpress.org/plugins/steel-security/advanced/) ## Valutazioni Non sono state ancora inviate recensioni. [Your review](https://wordpress.org/support/plugin/steel-security/reviews/#new-post) [Vedi tutte le recensioni](https://wordpress.org/support/plugin/steel-security/reviews/) ## Collaboratori * [ sweetwatermedia ](https://profiles.wordpress.org/sweetwatermedia/) ## Supporto Hai qualcosa da dire? Ti serve aiuto? [Chiedi nel forum di supporto](https://wordpress.org/support/plugin/steel-security/)