FAIR

Federated and Independent Repositories

BoonRisk – Site Security Check & Report

Plugin Banner

BoonRisk – Site Security Check & Report

by Boon Band

Download
Description

BoonRisk gives you a clear security and readiness report for your WordPress site. See exactly what security risks exist, why they matter, and what to do about them — all explained in plain language.

Safe & Read-Only: This plugin only reads your site configuration. It does not scan files, block traffic, or make any changes to your WordPress installation.

What You Get

  • Security Check Report — See your site’s security status: PHP version, WordPress updates, user settings, HTTPS, and 30+ configuration checks
  • Clear Explanations — Every finding explains “why this matters” and “what to do about it” in plain language
  • Prioritized Risks — Top risks ranked by impact so you know what to fix first
  • Printable Report — Professional HTML report you can view, print, or share directly from WordPress admin

What This Plugin Does NOT Do (100% Safe)

  • No file scanning — Does not scan your files or look for malware
  • No traffic blocking — Does not act as a firewall or block visitors
  • No site changes — Does not modify settings, files, or database
  • No active testing — Does not simulate attacks or run security scans
  • Read-only analysis — Only reads your configuration, never writes or changes anything

Who Is It For?

  • Site owners — Understand your security risks without technical expertise
  • Freelancers & agencies — Generate client-ready reports in minutes
  • Developers — Quick baseline check before or after deployments
  • Teams — Consistent security reporting across multiple WordPress sites

Free Security Check (No Account Required)

Run a complete security and readiness check instantly — 100% local, no data sent anywhere:

  • Overall Risk Level — Clear Low/Medium/High rating with explanation of what it means
  • Top Risks First — See your biggest security issues ranked by impact
  • 30+ Configuration Checks — WordPress updates, PHP version, HTTPS, user permissions, backups, 2FA, debug mode, and more
  • Action Plan — Every issue includes “why it matters” and “how to fix it”
  • Professional Report — Printable HTML report you can view in WordPress admin or share with your team

What you’ll learn: “Is my site at risk?” and “What should I fix first?”

100% Private: All checks run on your server. Nothing is sent externally. No account or email required.

Optional: Enhanced Reports (Web Dashboard)

Connect to the BoonRisk web dashboard for additional features (optional, requires free account):

  • Vulnerability Details — See known security issues for your installed plugins and themes
  • Severity Ratings — Understand how serious each risk is based on public security databases
  • Track Over Time — See how your site security improves (or changes) month over month
  • PDF Reports — Download professional reports to share with clients or management

Enhanced analysis answers: “Why is this a risk?” and “How serious is it based on known vulnerabilities?”

Note: The local security check is fully functional on its own. The web dashboard is completely optional.

How It Works

Local Mode (Default)

  1. Install and activate the plugin
  2. Go to BoonRisk Local Assessment
  3. Click Run Assessment Now
  4. View your Security Posture Summary and Top Risks
  5. Click View Full Report for a printable HTML report

All analysis happens on your server. Nothing is sent externally.

Cloud Mode (Optional)

  1. Go to BoonRisk Connect (Optional)
  2. Enter your API key
  3. Enable Cloud Analysis and PDF Reports

External API calls only happen when you explicitly request them.

Data Usage

Local Mode

In local mode, no data is sent externally. All checks run inside WordPress.

Cloud Mode (Optional)

When you run Cloud Analysis, the following is sent:

  • PHP and WordPress versions
  • Active plugin and theme names/versions
  • Configuration flags (debug mode, file editor status, etc.)

What you get in return:

  • Known vulnerability data for your installed plugins and themes
  • Severity context for identified risks
  • Historical trend data

What is never collected:

  • User data or personal information
  • Passwords or credentials
  • Post/page content
  • Database contents
  • File contents

Data is sent only when you click Run Cloud Analysis or Generate Report. No background transmission. No personal data is collected.

Privacy Policy

Read our full privacy policy at https://boonrisk.com/privacy

  1. Upload the plugin to /wp-content/plugins/boonrisk/ or install through WordPress plugins
  2. Activate through the ‘Plugins’ screen
  3. Navigate to BoonRisk Local Assessment
  4. Click Run Assessment Now — no setup required
  1. Security Posture Summary with risk level explanation

    Security Posture Summary with risk level explanation

Do I need to register to use this plugin?

No. Local assessment works immediately without any registration or API key.

What’s the difference between local and cloud analysis?

Local analysis runs entirely on your server and provides a complete security posture assessment. Cloud analysis (optional) adds known vulnerability data for your installed plugins and themes, severity ratings, and month-over-month tracking.

Does this plugin slow down my site?

No. The plugin is read-only and only runs when you trigger an assessment from the admin panel. It has no impact on frontend performance.

Is this a security plugin like Wordfence?

No. BoonRisk is a security posture assessment tool, not a protection tool. It explains your configuration and risks but does not block traffic, scan for malware, or auto-fix issues. It works alongside any existing security plugin.

Can I use this for client sites?

Yes. The printable HTML report is designed to be shared. Run an assessment, click View Full Report, and print or save as PDF directly from your browser. With the optional cloud dashboard you can also generate branded PDF reports.

Does this plugin make external connections?

Only when you explicitly click a button in Cloud Analysis (optional). Local assessment makes no external connections.

1.0.2

  • Added sanitize_callback for register_setting() compliance
  • Fixed text domain to match plugin slug for community translations

1.0.0

  • Initial public release
  • Local assessment mode (no registration required)
  • Security Posture Summary with human-readable risk level
  • Top Risks section prioritized by impact
  • 30 configuration checks across Security, Trust & Readiness
  • Printable HTML reports
  • Optional cloud integration for vulnerability intelligence
  • Read-only assessment with clear “what to do” guidance
Back to top