🔐 Description

Sensitive Data Scanner is an advanced WordPress security tool that helps you identify and locate accidentally exposed sensitive information across your site. With privacy regulations like GDPR and CCPA becoming the norm, protecting sensitive data is more important than ever.

This plugin gives site admins, developers, agencies, and compliance teams the insights and tools they need to spot and mitigate risks before they turn into breaches.

🧰 Key Features

• 📄 Comprehensive Content Scanning: Posts, pages, and active theme files

• 🧠 Multiple Data Type Detection: Emails, phone numbers, API keys, credit cards, SSNs, passwords, JWT tokens, IPs

• 🚨 Smart Risk Assessment: Automatically categorizes results as High, Medium, or Low risk

• ⚡ Real-Time AJAX Scanning: Fast, non-blocking scan process with live feedback

• 🔗 Clickable Results: Instantly jump to edit affected posts/pages or files

• 📤 CSV Export: Export all results for audit and documentation purposes

• ⏰ Scheduled Scanning: Automatically monitor your site over time

• 📬 Email Alerts: Get notified when high-risk data is found

• 🧹 Data Retention Management: Clean old results automatically

• 🌐 Translation-Ready: Fully i18n compatible for multilingual support

🛡️ What It Scans For

🔴 High Risk Data

• API Keys & Tokens (Generic, AWS, Google, Stripe, GitHub)

• Credit Card Numbers (Visa, Mastercard, Amex, Discover)

• Social Security Numbers (US format)

• Passwords and Secret Keys

• JWT Authentication Tokens

🟡 Medium Risk Data

• Email Addresses

• JSON Web Tokens

🟢 Low Risk Data

• Phone Numbers (US format)

• IP Addresses

🎯 Perfect For

• 🛠️ Site Admins cleaning up exposed credentials or personal info

• 🕵️‍♂️ Security Auditors performing routine scans

• 📜 Compliance Teams validating privacy policy enforcement

• 👨‍💻 Developers scanning theme files and committed secrets

• 🏢 Agencies managing client sites

• 🛒 E-commerce Stores protecting payment-related information

🚀 How It Works

1. ✅ Install and activate the plugin

2. ⚙️ Configure your scan: Select content areas and data types

3. 🧪 Run your scan: See results live via AJAX-powered UI

4. 🔍 Review findings: All results are categorized and clickable

5. 📁 Export reports to CSV for compliance or team use

6. 🔄 Schedule future scans for hands-free monitoring

7. 📬 Receive email alerts on critical discoveries

🔒 Privacy & Security First

• 🧠 Local Processing: All scans are done on your server

• 🌐 No External Requests: Data is never sent outside your WordPress site

• 🗄️ Secure Storage: Scan results are stored safely in your database

• 🧼 Full Control: Retain or purge scan data anytime

• ✅ Best Practices: Follows WordPress coding and security standards

📊 Dashboard Highlights

• 📈 Live Progress Indicators

• 📋 Organized Results Table with risk color coding

• 🔗 Edit Links to jump directly to content or code

• 🧩 Contextual Information showing where data is found

• 📊 Quick Stats summarizing issues and severity

• 📤 Export Options for audit and compliance workflows

🧪 Installation

⚡ Automatic

1. Go to Plugins > Add New in your WordPress dashboard

2. Search for “Sensitive Data Scanner”

3. Click Install Now → Activate

💻 Manual

1. Download the ZIP file

2. Upload via Plugins > Add New > Upload Plugin

3. Activate through the Plugins screen

🚀 Get Started

1. Go to Data Scanner in your dashboard

2. Choose your scan settings

3. Click Start Scan

4. Review results → Take action → Export if needed

5. Schedule scans for continuous monitoring

❓ Frequently Asked Questions

🔐 Is my data sent to external servers?

No. All scans are performed locally. No external APIs or services are used.

🎯 How accurate are the scans?

The plugin uses advanced regex patterns tailored to each data type. Manual review is still recommended for full accuracy.

⚙️ Can I customize what data types to scan?

Yes — you can enable or disable each data type and choose what content areas to include.

📅 How often should I scan?

We recommend:

• Weekly for regular sites

• After major content/code updates

• Before launching new websites

• Monthly for low-change sites

Scheduled scans make this hands-free.

🚀 Will this slow down my website?

No. Scanning happens in the admin area and does not affect frontend performance.

📁 Can I export the results?

Yes — export to CSV anytime from the results dashboard.

🧾 What file types does it scan?

• WordPress Content: Posts and pages

• Theme Files: PHP, JS, CSS

• Future updates will include more file types and custom post types

✂️ How do I remove sensitive data?

• Click the provided Edit links

• Manually review and remove/secure the data

• Re-scan to confirm it’s resolved

🛡️ Is this plugin GDPR compliant?

Yes — all data stays on your server. For legal compliance, consult your legal team.

🧩 Can I scan custom post types?

Currently, only posts and pages are supported. CPT scanning is planned for a future release.