Title: Sajjetti – AI Audit Author: Sajjetti Published: 9 ตุลาคม 2025 Last modified: 9 ตุลาคม 2025 --- Search plugins ![](https://ps.w.org/sajjetti-audit/assets/banner-772x250.png?rev=3375862) ![](https://ps.w.org/sajjetti-audit/assets/icon-256x256.png?rev=3375862) # Sajjetti – AI Audit By [Sajjetti](https://profiles.wordpress.org/sajjetti/) [Download](https://downloads.wordpress.org/plugin/sajjetti-audit.1.0.0.zip) * [Details](https://th.wordpress.org/plugins/sajjetti-audit/#description) * [Reviews](https://th.wordpress.org/plugins/sajjetti-audit/#reviews) * [Installation](https://th.wordpress.org/plugins/sajjetti-audit/#installation) * [Development](https://th.wordpress.org/plugins/sajjetti-audit/#developers) [Support](https://wordpress.org/support/plugin/sajjetti-audit/) ## Description Sajjetti – AI Audit is a security-first code scanner for WordPress plugins and themes. It performs static analysis of PHP, HTML, CSS, and JS files to detect vulnerabilities, performance issues, and coding standard problems before they become real risks. **Privacy by design** – Nothing runs automatically; all scans are triggered manually by the site owner. – Files are analyzed statically — never executed. – Remote analysis is disabled by default. No code leaves your site until you explicitly enable “Allow remote analysis” in Settings. – When enabled, selected file contents are sent securely over HTTPS to the Sajjetti API. Analysis data is temporary and discarded after results are returned. – Complies with WordPress.org privacy and consent guidelines. **What it helps you find** – Security: unescaped output, missing nonces and capability checks, unsafe file operations, risky SQL patterns, and other common vulnerabilities.– Performance: expensive loops, heavy queries, oversized assets, and inefficient patterns that slow down page loads. – Code quality and compatibility: deprecated APIs, version- specific pitfalls, and conflicts with WordPress coding standards. **Optional AI assistance** When remote analysis is enabled, the Sajjetti API provides AI-powered suggestions with context-specific recommendations. Results are presented with file-by-file drill-down, risk levels, and actionable insights. Human review is always recommended before making changes. ### Key Features * Detects vulnerabilities, warnings, and performance issues * Provides optional AI-assisted analysis with actionable suggestions * Offers file-by-file drill-down and detailed reports * Built with a security-first design, including VIP-compliant validation and sanitization ### Security Considerations * All scans are user-initiated; nothing runs automatically. * File contents are analyzed statically (never executed). * REST endpoints require capability checks and nonces. * All external requests use HTTPS with nonce and referer validation. * Uninstall removes plugin data (options and tables) cleanly. * All user-facing strings are escaped and translatable. ### Pricing and API Access The plugin includes a small allowance of free scans. Additional scans require an API key, available through a paid subscription. ### Privacy When you initiate a scan with remote analysis enabled, this plugin may transmit selected file contents (Base64-encoded PHP, HTML, CSS, and JS), limited file metadata( filename, relative path, size, cryptographic hash such as SHA-256), your site IP address and URL (for license validation), and your Sajjetti API username to the Sajjetti API for static analysis. No WordPress user account data, passwords, or database content is transmitted or stored. Temporary analysis data is deleted after results are returned. For details, see the included privacy.md file. Remote analysis is disabled by default. Scans cannot start until the site owner explicitly enables Allow remote analysis in Settings. ### External services This plugin connects to the Sajjetti Hub API (https://sajjetti.ai) to validate license status, manage usage limits, upload code snippets for analysis, and fetch audit results. Data sent: – License key and username when validating or checking usage. – Website URL and IP address when validating usage. – Selected PHP/JS/CSS source files when submitting for auditing. Data returned: – License type and remaining file quota. – Audit results (security, performance, and code quality insights). **Legal & Privacy:** – Terms of Service: https://sajjetti.ai/terms-of-service/ – Privacy Policy: https://sajjetti.ai/privacy-policy/ ## Screenshots * [[ * Plugins screen before activation (plugin listed, not yet active). * [[ * Welcome modal after activation offering the guided tutorial (overlay starts). * [[ * Tutorial step: open Settings from the Audit menu (overlay with arrow). * [[ * Tutorial step: Settings > API Credentials – Username field (overlay with arrow). * [[ * Tutorial step: Settings > API Credentials – API Key field (overlay with arrow). * [[ * Tutorial step: New Scan – menu entry highlight (overlay with arrow). * [[ * Tutorial step: Step 1 – choose scan type (Plugin/Theme) (overlay with arrow). * [[ * Tutorial step: Scan history – menu entry highlight (overlay with arrow). * [[ * Tutorial step: Scan history – overview (no scans yet) (overlay with arrow). * [[ * New Scan – Step 1: Type selector (form view). * [[ * New Scan – Step 2: Select the item to scan (plugin chosen). * [[ * New Scan – Step 3: Overview with selected plugin and Start Scan. * [[ * New Scan – Step 4: Scanning in progress with progress bar. * [[ * New Scan – Step 5: Scan complete with View Scan button. * [[ * Scan details – File list with Optimization/Warning/Critical/AI Status columns. * [[ * File details – AI analysis results with findings, risk, and recommendations. * [[ * Scan history – Completed scan row with counts and status. * [[ * New Scan – Consent warning shown when remote analysis is disabled. ## Installation 1. Upload the plugin folder to /wp-content/plugins/ or install via Plugins > Add New. 2. Activate the plugin via the WordPress Plugins menu. 3. Go to Audit > New Scan to trigger your first scan. 4. (Optional) Enter your Sajjetti API key under Settings for additional scans. 5. Enable Allow remote analysis in Settings > API Credentials to send code for analysis. ## FAQ ### What information is sent to the Sajjetti API? When you start a scan with remote analysis enabled, the following data is transmitted: – Selected file contents (Base64-encoded PHP, HTML, CSS, and JS) – Your website IP address and URL (for API license validation) – Your Sajjetti API username (account identifier, not your WordPress username) – File metadata: filename, file type, file size, and internal scan identifiers No WordPress user account data, passwords, or database content is transmitted. ### When does this plugin send data to external servers? Only when you start a scan and have enabled Allow remote analysis in Settings > API Credentials. If remote analysis is disabled, nothing is sent. ### What happens if the Sajjetti API is unavailable? Remote analysis scans will not run and no files will be sent. You will see an error in the admin UI and can retry later. Your settings and scan history remain intact. ### Does this plugin automatically upload files? No. All scans are user-triggered. Nothing is sent unless you manually start a scan with remote analysis enabled. ### Are my files executed on your servers? No. Analysis is static only. Files are never executed, only analyzed for patterns and potential issues. ### Do you store my files or data? No. Transmitted data is used only for analysis and is deleted after results are returned. ### Why do you need my site IP address and URL? They are used to validate that your API license is authorized for your website. This helps prevent unauthorized use of API credentials. ## Reviews There are no reviews for this plugin. ## Contributors & Developers “Sajjetti – AI Audit” is open source software. The following people have contributed to this plugin. Contributors * [ Sajjetti ](https://profiles.wordpress.org/sajjetti/) [Translate “Sajjetti – AI Audit” into your language.](https://translate.wordpress.org/projects/wp-plugins/sajjetti-audit) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/sajjetti-audit/), check out the [SVN repository](https://plugins.svn.wordpress.org/sajjetti-audit/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/sajjetti-audit/) by [RSS](https://plugins.trac.wordpress.org/log/sajjetti-audit/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.0.0 * Initial release * Static code analysis for PHP, HTML, CSS, and JS files * Security, performance, and code quality detection (with optional AI assistance) * Secure API integration with license validation * File-by-file detailed reporting with actionable recommendations ## Meta * Version **1.0.0** * Last updated **6 เดือน ago** * Active installations **Fewer than 10** * WordPress version ** 6.6 or higher ** * Tested up to **6.8.5** * PHP version ** 8.0 or higher ** * Language * [English (US)](https://wordpress.org/plugins/sajjetti-audit/) * Tags * [audit](https://th.wordpress.org/plugins/tags/audit/)[code analysis](https://th.wordpress.org/plugins/tags/code-analysis/) [performance](https://th.wordpress.org/plugins/tags/performance/)[scanner](https://th.wordpress.org/plugins/tags/scanner/) [security](https://th.wordpress.org/plugins/tags/security/) * [Advanced View](https://th.wordpress.org/plugins/sajjetti-audit/advanced/) ## Ratings No reviews have been submitted yet. [Your review](https://wordpress.org/support/plugin/sajjetti-audit/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/sajjetti-audit/reviews/) ## Contributors * [ Sajjetti ](https://profiles.wordpress.org/sajjetti/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/sajjetti-audit/) ## Donate Would you like to support the advancement of this plugin? [ Donate to this plugin ](https://buymeacoffee.com/sajjetti)