Title: Steel Security &amp; Hardening – Site Audit Tools
Author: sweetwatermedia
Published: <strong>2026년 4월 28일</strong>
Last modified: 2026년 4월 28일

---

플러그인 검색

![](https://ps.w.org/steel-security/assets/banner-772x250.png?rev=3517816)

![](https://ps.w.org/steel-security/assets/icon-256x256.png?rev=3517818)

# Steel Security & Hardening – Site Audit Tools

 작성자: [sweetwatermedia](https://profiles.wordpress.org/sweetwatermedia/)

[다운로드](https://downloads.wordpress.org/plugin/steel-security.1.0.4.zip)

 * [세부사항](https://ko.wordpress.org/plugins/steel-security/#description)
 * [평가](https://ko.wordpress.org/plugins/steel-security/#reviews)
 *  [설치](https://ko.wordpress.org/plugins/steel-security/#installation)
 * [개발](https://ko.wordpress.org/plugins/steel-security/#developers)

 [지원](https://wordpress.org/support/plugin/steel-security/)

## 설명

Steel Security & Hardening – Site Audit Tools focuses on practical security hygiene
for WordPress administrators.

The free plugin provides:

 * on-demand security scans
 * risk summaries grouped by severity and category
 * checks for common WordPress hardening gaps
 * checks for exposed root-level artifacts such as `.env`, SQL dumps, `phpinfo` 
   files, and backup archives
 * a quarantine vault for operator-reviewed file isolation
 * uploads PHP execution blocking on supported server environments
 * manual guidance when automatic server hardening is not safely supported

This plugin is positioned as an auditing and hardening tool. It helps surface risk
and apply selected preventive controls, but it does not promise malware removal,
incident response, or complete server protection.

#### Included checks

The scan currently looks for items such as:

 * PHP error display exposure
 * `WP_DEBUG` and `debug.log` exposure
 * XML-RPC availability
 * author and REST user enumeration exposure
 * theme/plugin file editor availability
 * WordPress generator meta output
 * comments enabled by default
 * uploads PHP execution hardening status
 * root-level sensitive files and archives

#### Server-aware behavior

This plugin only auto-applies server config changes where it can do so in a scoped
and reversible way.

 * Apache and LiteSpeed: uploads PHP blocking is managed through a Steel Security-
   marked `.htaccess` block
 * IIS: uploads PHP blocking is managed through a Steel Security-marked `web.config`
   section
 * Nginx and unsupported environments: Steel Security provides manual guidance instead
   of claiming automatic protection

#### Pro companion

This plugin can work with a separate Pro companion plugin that adds features such
as scheduled scans, scan history, reports, and managed server-level controls such
as directory listing protection and baseline security headers. The free plugin remains
usable on its own.

## 설치

 1. Upload the plugin files to the `/wp-content/plugins/steel-security` directory, 
    or install the plugin through the WordPress plugins screen.
 2. Activate the plugin through the ‘Plugins’ screen in WordPress.
 3. Open `Steel Security` in wp-admin to review the dashboard, run a scan, and configure
    hardening controls.

## FAQ

### Does this plugin make remote calls?

The free plugin does not rely on a third-party service for core scanning or hardening,
and it does not require remote API calls for its free feature set.

### Does this plugin remove malware automatically?

No. This plugin is designed to audit, surface risk, and help with selective hardening
and operator-reviewed quarantine workflows. It should not be described as an automatic
malware removal tool.

### Will this plugin edit my server configuration?

Only for specific controls where the plugin can write a clearly delimited, reversible
block on supported servers. Unsupported environments receive manual guidance instead.

### What happens on uninstall?

The plugin removes its stored scan data, settings, and hardening rollback metadata.
Quarantine payloads are intentionally preserved so operators can review and handle
them manually.

## 후기

이 플러그인에 대한 평가가 없습니다.

## 기여자 & 개발자

“Steel Security & Hardening – Site Audit Tools”(은)는 오픈 소스 소프트웨어입니다.
다음의 사람들이 이 플러그인에 기여하였습니다.

기여자

 *   [ sweetwatermedia ](https://profiles.wordpress.org/sweetwatermedia/)

[자국어로 “Steel Security & Hardening – Site Audit Tools”(을)를 번역하세요.](https://translate.wordpress.org/projects/wp-plugins/steel-security)

### 개발에 관심이 있으십니까?

[코드 탐색하기](https://plugins.trac.wordpress.org/browser/steel-security/)는, [SVN 저장소](https://plugins.svn.wordpress.org/steel-security/)
를 확인하시거나, [개발 기록](https://plugins.trac.wordpress.org/log/steel-security/)
을 [RSS](https://plugins.trac.wordpress.org/log/steel-security/?limit=100&mode=stop_on_copy&format=rss)
로 구독하세요.

## 변경이력

#### 1.0.4

 * refreshed the free plugin release package for the latest WordPress.org submission

#### 1.0.3

 * finalized the WordPress.org review follow-up fixes, removed dormant Pro-only 
   local hardening code from Free, moved rollback metadata out of uploads, and refreshed
   the release package

#### 1.0.2

 * rebuilt the free plugin package after final WordPress.org review fixes and packaging
   updates

#### 1.0.1

 * clarified advisory-only handling for `DISALLOW_FILE_MODS` and excluded it from
   hardening posture scoring
 * moved managed directory listing and baseline security headers fully into the 
   Pro companion plugin
 * replaced hardening-page Pro placeholders with a contextual upgrade section
 * moved admin-page JavaScript to enqueued assets and tightened WordPress.org review
   compliance

#### 1.0.0

 * finalized WordPress.org-compliant free plugin naming and packaging
 * aligned Pro package naming to Steel Security Pro for clearer installs
 * refreshed the Steel Security logo asset in the admin header

#### 0.1.2

 * narrowed backup archive detection to avoid false positives from plugin files 
   in backup-related paths
 * improved first-scan dashboard messaging so new installs prompt for a scan instead
   of showing a misleading high-risk empty state
 * improved action button labels and tooltips for quarantine workflows
 * tightened uninstall cleanup for Free and Pro-owned data and rollback metadata

#### 0.1.1

 * refreshed release packaging
 * improved dashboard and scan presentation

## 기초

 *  버전 **1.0.4**
 *  최근 업데이트: **2개월 전**
 *  활성화된 설치 **20+**
 *  워드프레스 버전 ** 6.4 또는 그 이상 **
 *  다음까지 시험됨: **6.9.4**
 *  PHP 버전 ** 8.0 또는 그 이상 **
 *  언어
 * [English (US)](https://wordpress.org/plugins/steel-security/)
 * 태그:
 * [audit](https://ko.wordpress.org/plugins/tags/audit/)[hardening](https://ko.wordpress.org/plugins/tags/hardening/)
   [scanner](https://ko.wordpress.org/plugins/tags/scanner/)[security](https://ko.wordpress.org/plugins/tags/security/)
 *  [고급 보기](https://ko.wordpress.org/plugins/steel-security/advanced/)

## 평점

아직 제출된 리뷰가 없습니다.

[Your review](https://wordpress.org/support/plugin/steel-security/reviews/#new-post)

[모든  리뷰 보기](https://wordpress.org/support/plugin/steel-security/reviews/)

## 기여자

 *   [ sweetwatermedia ](https://profiles.wordpress.org/sweetwatermedia/)

## 지원

할 말 있으신가요? 도움이 필요하신가요?

 [지원 포럼 보기](https://wordpress.org/support/plugin/steel-security/)