BoonRisk gives you a clear security and readiness report for your WordPress site. See exactly what security risks exist, why they matter, and what to do about them — all explained in plain language.
Safe & Read-Only: This plugin only reads your site configuration. It does not scan files, block traffic, or make any changes to your WordPress installation.
What You Get
- Security Check Report — See your site’s security status: PHP version, WordPress updates, user settings, HTTPS, and 30+ configuration checks
- Clear Explanations — Every finding explains “why this matters” and “what to do about it” in plain language
- Prioritized Risks — Top risks ranked by impact so you know what to fix first
- Printable Report — Professional HTML report you can view, print, or share directly from WordPress admin
What This Plugin Does NOT Do (100% Safe)
- No file scanning — Does not scan your files or look for malware
- No traffic blocking — Does not act as a firewall or block visitors
- No site changes — Does not modify settings, files, or database
- No active testing — Does not simulate attacks or run security scans
- Read-only analysis — Only reads your configuration, never writes or changes anything
Who Is It For?
- Site owners — Understand your security risks without technical expertise
- Freelancers & agencies — Generate client-ready reports in minutes
- Developers — Quick baseline check before or after deployments
- Teams — Consistent security reporting across multiple WordPress sites
Free Security Check (No Account Required)
Run a complete security and readiness check instantly — 100% local, no data sent anywhere:
- Overall Risk Level — Clear Low/Medium/High rating with explanation of what it means
- Top Risks First — See your biggest security issues ranked by impact
- 30+ Configuration Checks — WordPress updates, PHP version, HTTPS, user permissions, backups, 2FA, debug mode, and more
- Action Plan — Every issue includes “why it matters” and “how to fix it”
- Professional Report — Printable HTML report you can view in WordPress admin or share with your team
What you’ll learn: “Is my site at risk?” and “What should I fix first?”
100% Private: All checks run on your server. Nothing is sent externally. No account or email required.
Optional: Web Dashboard
Connect the plugin to the BoonRisk web dashboard for additional capabilities (optional, requires free account):
- Surface Scan — External scan of your site’s public-facing security headers, SSL configuration, and exposed services
- Vulnerability Intelligence — Known CVEs matched to your installed plugins and themes with severity ratings
- Continuous Monitoring — Automatic daily checks with alerts when your security posture changes
- Track Over Time — See how your site security improves (or changes) month over month
- PDF Reports — Download professional reports to share with clients or management
Note: The local security check is fully functional on its own. The web dashboard is completely optional.
Learn more at boonrisk.com
How It Works
Local Assessment (Default)
- Install and activate the plugin
- Go to BoonRisk → Local Assessment
- Click Run Assessment Now
- View your Security Posture Summary and Top Risks
- Click View Full Report for a printable HTML report
All analysis happens on your server. Nothing is sent externally.
Web Dashboard (Optional)
- Create a free account at boonrisk.com
- Go to BoonRisk → Connect (Optional)
- Enter your API key
- Send your assessment to the dashboard for vulnerability intelligence, surface scan, and monitoring
External API calls only happen when you explicitly request them.
Data Usage
Local Assessment
In local mode, no data is sent externally. All checks run inside WordPress.
Web Dashboard (Optional)
When you send data to the dashboard, the following is transmitted:
- PHP and WordPress versions
- Active plugin and theme names/versions
- Configuration flags (debug mode, file editor status, etc.)
What you get in return:
- Known vulnerability data for your installed plugins and themes
- Surface scan results for public-facing security
- Severity context for identified risks
- Historical trend data and monitoring alerts
What is never collected:
- User data or personal information
- Passwords or credentials
- Post/page content
- Database contents
- File contents
Data is sent only when you click Send to Dashboard or enable automatic daily sync. No personal data is collected.
Privacy Policy
Read our full privacy policy at https://boonrisk.com/privacy