NUDAYOSH

SECURITY SCANNER + WORDPRESS PLUGIN

Knowing what's wrong with your website shouldn't take 3 hours and a "security consultant".

Scanner with 10 detection layers (free, no signup). WordPress plugin with auto-mitigation (FIM + malware quarantine + IP blocks). Centralized SaaS for agencies. GDPR compliant. Made in Madrid.

Analyze my site (free) β†’ Download WordPress plugin

How it works

10 detection layers. 1 actionable report.

01 / TLS & CERTIFICATES

Certificate validity, supported versions (TLS 1.2/1.3), weak ciphers, expiration dates.

02 / SECURITY HEADERS

HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy. Detects missing or misconfigured.

03 / EXPOSED PATHS

Public .env, public phpMyAdmin, directory indexes, backup files exposed, version-control leaks.

04 / WORDPRESS-SPECIFIC

Visible WP version, exposed user enumeration, XML-RPC status, REST users endpoint, weak login flows.

05 / MALWARE SIGNATURES

Web shells, common backdoors, obfuscated PHP/JS payloads, malicious redirects in HTML.

06 / DNS & EMAIL

SPF, DKIM, DMARC records. Domain age. Email security posture (deliverability risk).

07 / OPEN PORTS

FTP (21), SSH (22), SMTP (25), and other ports exposed publicly when they shouldn't.

08 / HOST METADATA

Server fingerprinting, exposed software versions, technology stack leakage.

09 / CONTENT INTEGRITY

Suspicious JS in HTML, hidden iframes, base64 redirects, cryptojacking patterns.

10 / BASELINE DRIFT

Comparison vs. last scan. Detects sudden changes (new files, modified versions, removed protections).

WORDPRESS PLUGIN

Free plugin with real auto-mitigation

Not just notifications. The plugin acts on threats automatically, in milliseconds, with zero clicks from you.

πŸ”’

Auto-quarantine

PHP files appearing in /uploads/ are moved to a quarantine folder (with Deny from all) before they can execute.

🚫

IP auto-block

10 failed logins in 10 minutes β†’ IP blocked for 4 hours. Blocks fire before WordPress even boots, saving resources.

πŸ›‘οΈ

One-click hardening

5 standard hardening actions (DISALLOW_FILE_EDIT, XML-RPC off, security headers, etc.) applied with one button + reversible.

🦠

Vulnerability scanner

Daily comparison of your plugins/themes/WP core against a curated CVE database. Get alerts on known-vulnerable versions installed.

πŸ“Š

File Integrity Monitor

SHA256 hashing of every file. Hourly scan. Alerts on any unexpected change in critical paths.

πŸ””

SaaS integration

Optional: connect the plugin to your nudayosh.com dashboard. All your sites in one place, alerts to Slack/Discord/n8n (Agency plan).

⬇ Download plugin (37 KB)

Version 0.3.0 Β· WordPress 5.5+ Β· PHP 7.4+ Β· GPLv2

PLANS

Three plans. Free always free.

Free

€0

forever

  • βœ“ 1 domain
  • βœ“ 5 scans / day
  • βœ“ Score 0-100 report
  • βœ“ Plugin with 1 WP site
  • βœ“ Auto-quarantine + IP blocking
  • βœ— Watchlist (monitoring)
  • βœ— Deep Scan SFTP
Recommended

Pro

€29/mo

+ VAT

  • βœ“ 3 domains
  • βœ“ 100 scans / day
  • βœ“ Watchlist every 6h
  • βœ“ Plugin up to 3 sites
  • βœ“ Full auto-mitigation
  • βœ“ Deep Scan SFTP + DB Scan
  • βœ“ Email alerts
  • βœ“ 90-day history

Agency

€99/mo

+ VAT

  • βœ“ 25 domains
  • βœ“ Unlimited scans
  • βœ“ Watchlist every 1h
  • βœ“ Unlimited WP sites
  • βœ“ Full auto-mitigation
  • βœ“ Webhooks β†’ Slack/Discord/n8n
  • βœ“ Multi-client panel with labels
  • βœ“ 1 professional manual cleanup/month
  • βœ“ 1-year history
See full pricing β†’