This documentation is specific to the Accessibility Checker WordPress plugin. Security practices are subject to change and may vary depending on configuration and usage.
General Security Overview
At Equalize Digital, we integrate security into every phase of the product lifecycle. We follow a Secure Software Development Lifecycle for Accessibility Checker and all associated add-ons/extensions. In addition, internal systems and user access are managed under the Least Privilege Access principle, ensuring that everyone has only the permissions required for their role. We also have an Incident Response and Threat Monitoring system, which covers both our web presence and the Accessibility Checker product to swiftly detect and address any potential issues. We adhere to strict Data Encryption and Protection practices to maintain customer privacy and security. All accessibility scan data processed by Accessibility Checker is stored locally within the hosting environment of the website where it is installed.
Data Handling & Storage
Types of Data Processed
Accessibility Checker scans and processes front-end data from the websites on which it is installed. This information is used to identify, remediate, and prevent accessibility errors. Most scan-related data is stored in a custom database table on the host website, while other data such as plugin settings and post-specific metadata is stored using standard WordPress database tables like wp_options and wp_postmeta.
Opt-In Data and Usage Tracking
When users explicitly opt in via the welcome screen or plugin settings to provide feedback or receive updates, limited non-sensitive data may be transmitted to Equalize Digital. This may include plugin version, site URL, general platform details (such as WordPress and PHP versions), days active, and optional UTM parameters (e.g., utm_source) used to understand how users discover and interact with the plugin. This data is used strictly for internal purposes such as improving product support and adoption, and it is not associated with accessibility scan results or any personal data from the website content.
Sensitive or Regulated Data
If Accessibility Checker is used on an intranet, membership site, or any website that displays user-specific or sensitive information on the front end, that content may be stored during the scanning process if it appears within HTML elements that trigger accessibility issues. This can include personally identifiable information (PII) or regulated data such as protected health information (PHI) under HIPAA, depending on how the site is built. For example, if a person’s name is wrapped in a heading tag of the wrong level, that name may be stored in an “Incorrect Heading Order” error.
Accessibility Checker does not intentionally collect or store regulated data. Any sensitive content captured during the scan is incidental and based solely on what is publicly output by the website. It is the responsibility of the site owner to ensure that any such data is handled in accordance with applicable privacy or security regulations.
Orphaned Data and Cleanup
Captured code snippets are stored locally in the site’s database and are automatically removed when the related accessibility issue is resolved and the page is re-scanned. However, in certain cases, data may become temporarily or permanently orphaned due to changes outside of the plugin’s control. For example, if a post is deleted or moved to a different post type without being re-scanned, related issue data may no longer be associated with a visible page. Site owners are encouraged to periodically re-scan affected content when making structural changes to their website, such as switching post types or deleting pages. This helps ensure that Accessibility Checker’s data remains current and accurate. In a future release a clean-up process is planned for identifying and removing orphaned issue records automatically.
Plugin Update Checks
When the plugin checks for updates, it sends limited non-personal metadata to the Equalize Digital licensing server to verify the license and determine if an update is available. This includes details such as the site URL, plugin version, WordPress and PHP versions, license key (for paid versions), and whether beta updates are enabled. This data is used solely for update delivery and license validation and is not linked to any scan results or personal information.
Encryption and Transmission
Accessibility Checker follows the WordPress recommended plugin security practices, including secure handling of stored data. It also respects server-level SSL/TLS configurations and uses HTTPS for external communications where applicable.
User Authentication and Access
As a WordPress plugin, Accessibility Checker integrates with the native user role and permissions management systems that WordPress provides. In addition, there are settings specific to our software that allow for the restriction of certain capabilities within Accessibility Checker itself based on a user’s role.
Compliance & Legal Standards
While Accessibility Checker currently does not hold any formal security compliance certifications, we remain deeply committed to the security of our software and its users. Equalize Digital practices continuous improvement through assessing, documenting, and responding to risks as they emerge, through updated policies, procedures, and practices.
Accessibility Checker is an active participant in the Patchstack Vulnerability Disclosure Program, and we maintain a publicly available vulnerability reporting policy on GitHub to ensure that any weaknesses are addressed quickly and transparently.
Protection Against Threats
To guard against cyber threats such as malware or unauthorized access to sensitive systems, Accessibility Checker employs multiple layers of defense:
- Proactive Monitoring: Our team actively follows security updates and announcements related to WordPress CMS so we can preemptively make Accessibility Checker more resilient against emerging security concerns.
- Automated Scanners, Linters, and Tests: Our development process integrates automated tools that rigorously enforce coding standards and security protocols.
- Strict Release Policies: Every software update undergoes automated testing and code review to reduce the risk of introducing vulnerabilities. Updates are only deployed when they meet our internal quality and security standards.
- Multi-Factor Authentication for Releases: Our update system requires multiple points of verification before an update can go out, ensuring that only authorized and secure updates are released.
While we follow industry best practices and employ multiple layers of defense, no system is completely immune to all potential threats. We encourage website owners to adopt additional security measures appropriate for their hosting environment and risk profile. See the next section “End User Responsibilities” for more details.
End User Responsibilities
End users also play a key role in protecting their own websites. We recommend the following general best practices for all WordPress users:
- Consider Additional Security Tools: Leverage reputable security plugins or web application firewalls to further defend against emerging threats.
- Maintain Up-to-Date Software: Regularly update WordPress core, plugins, and themes to benefit from the latest security patches.
- Adopt Strong Authentication Measures: Use robust, unique passwords and enable two-factor authentication where available.
- Evaluate Your Plugins: Periodically review installed plugins, removing any that are outdated or unnecessary, to reduce potential security vulnerabilities.
- Implement Regular Backups: Frequently back up your website to ensure that you can quickly recover in the event of a security incident.
Disclaimer: Equalize Digital is responsible only for the Accessibility Checker plugin and its official add-ons. Third-party plugins, themes, custom code, or content may introduce vulnerabilities that fall outside the scope of Accessibility Checker’s functionality or support. This document is provided for informational purposes only and does not constitute a warranty or legal advice.
