WP Security Plugin

WP Security Plugin is a WordPress security and code intelligence plugin built to help developers and site owners understand what is happening inside a WordPress environment. It scans site files, content, media, plugins, URLs, and findings, then visualizes those relationships through an interactive graph-based dashboard.

The plugin combines malware scanning, code-quality review, media auditing, root/config checks, and exposure analysis into a single admin experience. Instead of only showing raw scan results, it helps users trace issues back to affected files, plugins, indicators, and connected site relationships.

A key part of the project is the Cytoscape.js-powered graph explorer, which turns scan results into connected nodes and edges. This makes it easier to isolate suspicious files, understand where findings come from, and review how different parts of the site relate to each other.

The scanner system includes checks for suspicious PHP patterns, obfuscation, risky functions, duplicate code, large functions, missing media metadata, exposed files, REST/AJAX exposure, and other WordPress-specific risks. Optional deeper scanning can also be supported through tools like YARA, ClamAV, Maldet, and AST analysis.

Performance and usability were major parts of the build. The graph experience was optimized with caching, focused finding views, visible-node layouts, deferred rendering, and dirty-state tracking so larger WordPress environments remain easier to inspect.

The result is a WordPress admin tool that brings security visibility, code intelligence, and graph-based investigation into one dashboard for developers, maintainers, and site owners.

GitHub Repo: https://github.com/tm-const/wp-intelligence-graph

Test Environment: https://playground.wordpress.net/

Tools: WordPress, JavaScript, PHP