=== Folder Auditor & Site Lock === Contributors: wpfixit Donate link: https://www.wpfixit.com Tags: security, folder permissions, site lock, file permissions Requires at least: 5.0 Tested up to: 6.8 Requires PHP: 7.4 Stable tag: 2.7 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Audit your site for unused or orphaned folders. == Description == **Folder Auditor & Site Lock** helps WordPress administrators keep their installations clean, secure, and transparent. Over time, orphaned plugin or theme folders can accumulate in your wp-content directory. These may represent abandoned code, leftover files after updates, or even hidden backdoors. **SITE LOCK - Only found here!** The easiest way hacked can do harm to your site is by adding or changing files that you are using. This plugin allows you to lock all folders and files to make them read only and stop anyone from adding, removing or changing any physical folder or file present in your WordPress installation. This plugin scans the following directories: - WordPress Root (main installation folder) - wp-content Folder (wp-content/) - Plugins Folder (wp-content/plugins/) - Themes Folder (wp-content/themes/) - Uploads Folder (wp-content/uploads/) - htaccess files It then compares what s actually on disk with what WordPress *knows about* in its admin screens, surfacing **unused or orphaned folders** that you can safely investigate or remove. **Key Features** - Finds plugin folders not listed on the Plugins screen (hidden or orphaned). - Detects missing plugin folders referenced by active or installed plugins. - Lists top-level folders and files in key WordPress directories. - Fully lock all folders and files to make them read only - Zero configuration required install, activate, and audit. == Installation == 1. Upload the plugin files to the /wp-content/plugins/folder-auditor directory, or install via the WordPress Plugins screen directly. 2. Activate the plugin through the **Plugins** screen in WordPress. 3. Navigate to **Tools > Folder Auditor** to begin auditing your site. == Frequently Asked Questions == = Why do I need this plugin? = Hidden or leftover folders can sometimes indicate incomplete uninstalls or even malicious code. This plugin helps you identify them. = Does it automatically delete orphaned folders? = No. Folder Auditor is strictly an auditing tool. It shows you what exists so you can make informed decisions. = Will this slow down my site? = No. All operations run only when you open the Tools > Folder Auditor screen. Nothing runs on the frontend. = Does it work on multisite? = Currently designed for single-site installs. Multisite support may be added in the future. == Screenshots == 1. **Dashboard tab** showing score and all folder issues present on your site. 2. **Main tab** for auditing your root WordPress install directory. 3. **Content tab** for auditing your wp-content directory. 4. **Plugins tab** potentially hidden or orphaned plugin directories. 5. **Themes tab** for auditing your themes directory. 6. **Uploads tab** for auditing your uploads directory. 7. **htaccess tab** for auditing your htaccess files. 8. **Security tab** for locking down your site. == Changelog == = 2.7 = * Fixed security header defaults = 2.6 = * Fixed bulk ignore and delete functions = 2.5 = * Added security area to lock folders and files and set security headers = 2.0 = * New UI = 1.3.1 = * Improved plugin header and descriptions. * Added Author URI and GPL license URI. * Enhanced escaping for better security compliance. = 1.3.0 = * Added auditing of wp-content and WordPress root folder. * Improved error handling for unreadable directories. = 1.2.0 = * Added uploads and themes auditing. * Improved plugin rows to match Plugins screen exactly. = 1.0.0 = * Initial release. Added plugin folder auditing. == Upgrade Notice == = 2.7 = Fixed security header defaults = 2.6 = Fixed bulk ignore and delete functions = 2.5 = Added security area to lock folders and files and set security headers = 2.0 = New UI = 1.3.1 = Improved plugin metadata, compliance with WordPress security standards, and better overall description. Update recommended.