Plugins DatabasePlugins Database logo
Back to plugins
Homepage WordPress

Actions

DownloadAuthor pageSee on WordPress

Plugin info

Total downloads: 93
Active installs: 0
Total reviews: 0
Average rating: 0
Support threads opened: 0
Support threads resolved: 0 (0%)
Available in: 1 language(s)
Contributors: 1
Last updated: 10/9/2025 (83 days ago)
Added to WordPress: 10/9/2025 (0 years old)
Minimum WordPress version: 6.6
Tested up to WordPress version: 6.8.3
Minimum PHP version: 8.0

Maintenance & Compatibility

Maintenance score

Actively maintained • Last updated 83 days ago

59/100

Is Sajjetti – AI Audit abandoned?

Likely maintained (last update 83 days ago).

Compatibility

Requires WordPress: 6.6
Tested up to: 6.8.3
Requires PHP: 8.0

Ratings

0
0
0
0
0See all reviews

Developers

Sajjetti (Owner)1

Languages

Similar & Alternatives

Explore plugins with similar tags, and compare key metrics like downloads, ratings, updates, support, and WP/PHP compatibility.

Security Checker for Themes
Rating 5.0/5 (1 reviews)Active installs 0
Compare
The Code Registry – Code Backup & Intelligence
Rating 5.0/5 (1 reviews)Active installs 0
Compare
Hook Locator
Rating 0.0/5 (0 reviews)Active installs 0
Compare
See more alternatives to Sajjetti – AI Audit

Description

Sajjetti – AI Audit is a security-first code scanner for WordPress plugins and themes.
It performs static analysis of PHP, HTML, CSS, and JS files to detect vulnerabilities,
performance issues, and coding standard problems before they become real risks.

Privacy by design
– Nothing runs automatically; all scans are triggered manually by the site owner.
– Files are analyzed statically — never executed.
– Remote analysis is disabled by default. No code leaves your site until you explicitly enable “Allow remote analysis” in Settings.
– When enabled, selected file contents are sent securely over HTTPS to the Sajjetti API. Analysis data is temporary and discarded after results are returned.
– Complies with WordPress.org privacy and consent guidelines.

What it helps you find
– Security: unescaped output, missing nonces and capability checks, unsafe file operations, risky SQL patterns, and other common vulnerabilities.
– Performance: expensive loops, heavy queries, oversized assets, and inefficient patterns that slow down page loads.
– Code quality and compatibility: deprecated APIs, version-specific pitfalls, and conflicts with WordPress coding standards.

Optional AI assistance
When remote analysis is enabled, the Sajjetti API provides AI-powered suggestions with context-specific recommendations.
Results are presented with file-by-file drill-down, risk levels, and actionable insights. Human review is always recommended before making changes.

Key Features

  • Detects vulnerabilities, warnings, and performance issues
  • Provides optional AI-assisted analysis with actionable suggestions
  • Offers file-by-file drill-down and detailed reports
  • Built with a security-first design, including VIP-compliant validation and sanitization

Security Considerations

  • All scans are user-initiated; nothing runs automatically.
  • File contents are analyzed statically (never executed).
  • REST endpoints require capability checks and nonces.
  • All external requests use HTTPS with nonce and referer validation.
  • Uninstall removes plugin data (options and tables) cleanly.
  • All user-facing strings are escaped and translatable.

Pricing and API Access

The plugin includes a small allowance of free scans.
Additional scans require an API key, available through a paid subscription.

Privacy

When you initiate a scan with remote analysis enabled, this plugin may transmit selected file contents (Base64-encoded PHP, HTML, CSS, and JS), limited file metadata (filename, relative path, size, cryptographic hash such as SHA-256), your site IP address and URL (for license validation), and your Sajjetti API username to the Sajjetti API for static analysis. No WordPress user account data, passwords, or database content is transmitted or stored. Temporary analysis data is deleted after results are returned. For details, see the included privacy.md file.

Remote analysis is disabled by default. Scans cannot start until the site owner explicitly enables Allow remote analysis in Settings.

External services

This plugin connects to the Sajjetti Hub API (https://sajjetti.ai) to validate license status,
manage usage limits, upload code snippets for analysis, and fetch audit results.

Data sent:
– License key and username when validating or checking usage.
– Website URL and IP address when validating usage.
– Selected PHP/JS/CSS source files when submitting for auditing.

Data returned:
– License type and remaining file quota.
– Audit results (security, performance, and code quality insights).

Legal & Privacy:
– Terms of Service: https://sajjetti.ai/terms-of-service/
– Privacy Policy: https://sajjetti.ai/privacy-policy/

Installation

  1. Upload the plugin folder to /wp-content/plugins/ or install via Plugins > Add New.
  2. Activate the plugin via the WordPress Plugins menu.
  3. Go to Audit > New Scan to trigger your first scan.
  4. (Optional) Enter your Sajjetti API key under Settings for additional scans.
  5. Enable Allow remote analysis in Settings > API Credentials to send code for analysis.

Frequently Asked Questions

What information is sent to the Sajjetti API?

When you start a scan with remote analysis enabled, the following data is transmitted:
– Selected file contents (Base64-encoded PHP, HTML, CSS, and JS)
– Your website IP address and URL (for API license validation)
– Your Sajjetti API username (account identifier, not your WordPress username)
– File metadata: filename, file type, file size, and internal scan identifiers

No WordPress user account data, passwords, or database content is transmitted.

When does this plugin send data to external servers?

Only when you start a scan and have enabled Allow remote analysis in Settings > API Credentials. If remote analysis is disabled, nothing is sent.

What happens if the Sajjetti API is unavailable?

Remote analysis scans will not run and no files will be sent. You will see an error in the admin UI and can retry later. Your settings and scan history remain intact.

Does this plugin automatically upload files?

No. All scans are user-triggered. Nothing is sent unless you manually start a scan with remote analysis enabled.

Are my files executed on your servers?

No. Analysis is static only. Files are never executed, only analyzed for patterns and potential issues.

Do you store my files or data?

No. Transmitted data is used only for analysis and is deleted after results are returned.

Why do you need my site IP address and URL?

They are used to validate that your API license is authorized for your website. This helps prevent unauthorized use of API credentials.

Review feed

No reviews available

Screenshots

  1. Plugins screen before activation (plugin listed, not yet active).

    Plugins screen before activation (plugin listed, not yet active).

  2. Welcome modal after activation offering the guided tutorial (overlay starts).

    Welcome modal after activation offering the guided tutorial (overlay starts).

  3. Tutorial step: open Settings from the Audit menu (overlay with arrow).

    Tutorial step: open Settings from the Audit menu (overlay with arrow).

  4. Tutorial step: Settings > API Credentials – Username field (overlay with arrow).

    Tutorial step: Settings > API Credentials – Username field (overlay with arrow).

  5. Tutorial step: Settings > API Credentials – API Key field (overlay with arrow).

    Tutorial step: Settings > API Credentials – API Key field (overlay with arrow).

  6. Tutorial step: New Scan – menu entry highlight (overlay with arrow).

    Tutorial step: New Scan – menu entry highlight (overlay with arrow).

  7. Tutorial step: Step 1 – choose scan type (Plugin/Theme) (overlay with arrow).

    Tutorial step: Step 1 – choose scan type (Plugin/Theme) (overlay with arrow).

  8. Tutorial step: Scan history – menu entry highlight (overlay with arrow).

    Tutorial step: Scan history – menu entry highlight (overlay with arrow).

  9. Tutorial step: Scan history – overview (no scans yet) (overlay with arrow).

    Tutorial step: Scan history – overview (no scans yet) (overlay with arrow).

  10. New Scan – Step 1: Type selector (form view).

    New Scan – Step 1: Type selector (form view).

  11. New Scan – Step 2: Select the item to scan (plugin chosen).

    New Scan – Step 2: Select the item to scan (plugin chosen).

  12. New Scan – Step 3: Overview with selected plugin and Start Scan.

    New Scan – Step 3: Overview with selected plugin and Start Scan.

  13. New Scan – Step 4: Scanning in progress with progress bar.

    New Scan – Step 4: Scanning in progress with progress bar.

  14. New Scan – Step 5: Scan complete with View Scan button.

    New Scan – Step 5: Scan complete with View Scan button.

  15. Scan details – File list with Optimization/Warning/Critical/AI Status columns.

    Scan details – File list with Optimization/Warning/Critical/AI Status columns.

  16. File details – AI analysis results with findings, risk, and recommendations.

    File details – AI analysis results with findings, risk, and recommendations.

  17. Scan history – Completed scan row with counts and status.

    Scan history – Completed scan row with counts and status.

  18. New Scan – Consent warning shown when remote analysis is disabled.

    New Scan – Consent warning shown when remote analysis is disabled.

Changelog

1.0.0

  • Initial release
  • Static code analysis for PHP, HTML, CSS, and JS files
  • Security, performance, and code quality detection (with optional AI assistance)
  • Secure API integration with license validation
  • File-by-file detailed reporting with actionable recommendations
Back to plugins