Skip to main content
WP HealthKit

Securing the plugins that
power the open web

Every open-source WordPress plugin deserves a professional security audit. We provide them for free — the same 49-layer engine agencies pay £149/month for.

43%
of the web runs WordPress
60K+
free plugins
49
verification layers

Everything Pro users get. For free.

No trial period. No credit card. No catch. Just better security for open-source WordPress.

Pro-tier 49-layer audit

Wordfence CVEs, PHPCS, PHPStan, secret detection, PHP compat, and 4 AI engines

8 audits per month

Run security audits on every release — free forever

"Secured by" badge

Verified badge for your README, wp.org listing, and website

AI fix prompts included

Every finding includes AI-generated fix prompts for Claude and ChatGPT — copy, paste, and resolve

Four steps to free audits

01

Enter your plugin slug

We auto-verify against WordPress.org in seconds

02

We confirm eligibility

Free, GPL, 100+ installs — checked automatically

03

Run your first audit

Same pro-tier engine with 49 verification layers

04

Get your badge

Leave a review, unlock your "Secured by" badge

49 verification layers, every audit

The same comprehensive engine used by agencies and enterprise teams.

Wordfence CVEs
Secret Detection
PHP Compat
PHPCS Standards
Security AI
Quality AI
Accessibility AI
PHPStan Types
Dependency Audit
AI Code Safety

Eligibility requirements

We designed the program for genuinely free plugins that serve the WordPress community.

Listed on WordPress.org

Your plugin must be in the official WordPress.org repository

100% free — no premium version

No paid upgrades, pro versions, or freemium models

GPL-licensed (or compatible)

Any GPL-compatible license (GPL-2.0, GPL-3.0, MIT, etc.)

100+ active installations

Shows your plugin is used by real WordPress sites

One plugin per account

Focus your free audits on your most important project

Check your plugin's eligibility

Enter your WordPress.org plugin slug to see if you qualify.

Why we do this

WordPress powers 43% of the web. Over 60,000 free plugins extend it for millions of users. Most of these plugins never receive a professional security audit — their developers are volunteers, indie makers, and small teams who can't afford £500+ per review.

We built WP HealthKit to make enterprise-grade security accessible to everyone. The Open Source Program is our way of giving back to the ecosystem that makes WordPress possible.

Apply for Free Access

Frequently asked questions

What counts as 'free only'?

Your plugin must not have a premium, pro, or paid version — from you or anyone else. Freemium plugins with a paid upgrade don't qualify. Plugins accepting donations are fine.

How long does approval take?

If your plugin passes all automated checks (wp.org listed, 100+ installs, GPL, no premium indicators), you're approved instantly. Otherwise, manual review takes up to 48 hours.

What happens if I add a premium version later?

Your Open Source Program access will be revoked. You can upgrade to a paid plan at any time to continue auditing.

Can I use this for themes?

Not yet — the Open Source Program is currently for plugins only. Theme support is planned.

How do I get the badge?

After your first audit, leave a review for WP HealthKit on WordPress.org or G2. Once verified, your 'Secured by WP HealthKit' badge activates.

What exactly do you check?

The same 49 verification layers as paid tiers: Wordfence CVE database, Composer dependency audit, secret detection, PHP compatibility, PHPCS coding standards, PHPStan type safety, plus 4 AI engines covering security, quality, accessibility, and AI-generated code patterns.