Securing the plugins that
power the open web
Every open-source WordPress plugin deserves a professional security audit. We provide them for free — the same 49-layer engine agencies pay £149/month for.
Everything Pro users get. For free.
No trial period. No credit card. No catch. Just better security for open-source WordPress.
Pro-tier 49-layer audit
Wordfence CVEs, PHPCS, PHPStan, secret detection, PHP compat, and 4 AI engines
8 audits per month
Run security audits on every release — free forever
"Secured by" badge
Verified badge for your README, wp.org listing, and website
AI fix prompts included
Every finding includes AI-generated fix prompts for Claude and ChatGPT — copy, paste, and resolve
Four steps to free audits
Enter your plugin slug
We auto-verify against WordPress.org in seconds
We confirm eligibility
Free, GPL, 100+ installs — checked automatically
Run your first audit
Same pro-tier engine with 49 verification layers
Get your badge
Leave a review, unlock your "Secured by" badge
49 verification layers, every audit
The same comprehensive engine used by agencies and enterprise teams.
Eligibility requirements
We designed the program for genuinely free plugins that serve the WordPress community.
Listed on WordPress.org
Your plugin must be in the official WordPress.org repository
100% free — no premium version
No paid upgrades, pro versions, or freemium models
GPL-licensed (or compatible)
Any GPL-compatible license (GPL-2.0, GPL-3.0, MIT, etc.)
100+ active installations
Shows your plugin is used by real WordPress sites
One plugin per account
Focus your free audits on your most important project
Check your plugin's eligibility
Enter your WordPress.org plugin slug to see if you qualify.
Why we do this
WordPress powers 43% of the web. Over 60,000 free plugins extend it for millions of users. Most of these plugins never receive a professional security audit — their developers are volunteers, indie makers, and small teams who can't afford £500+ per review.
We built WP HealthKit to make enterprise-grade security accessible to everyone. The Open Source Program is our way of giving back to the ecosystem that makes WordPress possible.
Apply for Free AccessFrequently asked questions
What counts as 'free only'?
Your plugin must not have a premium, pro, or paid version — from you or anyone else. Freemium plugins with a paid upgrade don't qualify. Plugins accepting donations are fine.
How long does approval take?
If your plugin passes all automated checks (wp.org listed, 100+ installs, GPL, no premium indicators), you're approved instantly. Otherwise, manual review takes up to 48 hours.
What happens if I add a premium version later?
Your Open Source Program access will be revoked. You can upgrade to a paid plan at any time to continue auditing.
Can I use this for themes?
Not yet — the Open Source Program is currently for plugins only. Theme support is planned.
How do I get the badge?
After your first audit, leave a review for WP HealthKit on WordPress.org or G2. Once verified, your 'Secured by WP HealthKit' badge activates.
What exactly do you check?
The same 49 verification layers as paid tiers: Wordfence CVE database, Composer dependency audit, secret detection, PHP compatibility, PHPCS coding standards, PHPStan type safety, plus 4 AI engines covering security, quality, accessibility, and AI-generated code patterns.