I built a free public REST API to check CRA compliance for WordPress plugins and Rust crates

gritzon — Tue, 14 Apr 2026 11:18:29 +0000

The problem

The EU Cyber Resilience Act deadline is September 11, 2026 — 150 days away.

Developers need a simple way to check if their WordPress plugins or
Rust crates are compliant — without installing anything or reading
through JSON files.

What I built

CRA Compliance API — a free public REST API built with PHP 8.4
and Symfony 8.0.

Three endpoints, zero authentication required:

Example response

{
  "slug": "woocommerce",
  "name": "WooCommerce", 
  "version": "10.6.2",
  "cra_status": "ok",
  "issues": [],
  "checked_at": "2026-04-14T11:04:34+00:00"
}

Status values

ok — no issues
warning — not updated in 6+ months
risk — not updated in 12+ months
unknown — cannot determine status

Try it now

Check WooCommerce:
https://web-production-8ad02.up.railway.app/api/check/plugin/woocommerce

Check an old abandoned crate:
https://web-production-8ad02.up.railway.app/api/check/crate/rustc-serialize

What's next

Add WPScan vulnerability data
Add rate limiting
Add caching with Redis

GitHub: https://github.com/gritzon/cra-api

Free and open source. Feedback welcome!

I built a free WordPress plugin to help with EU Cyber Resilience Act compliance

gritzon — Mon, 13 Apr 2026 12:48:32 +0000

The problem

The EU Cyber Resilience Act (CRA) deadline is September 11, 2026 —
less than 5 months away.

After that date, WordPress plugin developers and site owners in the EU
must follow formal vulnerability handling procedures. Non-compliant
products can be removed from the EU market. Fines reach up to
€15 million or 2.5% of global annual turnover.

Most WordPress site owners have no idea which of their plugins are
outdated or have known vulnerabilities.

What I built

CRA Scanner — a free WordPress plugin that scans your active
plugins and shows a clear compliance status for each one.

It checks:

When each plugin was last updated (6+ months = warning, 12+ = risk)
Known vulnerabilities via WPScan API — filtered to show only issues affecting your current installed version, not historical ones
Whether PHP version requirements are declared

The result is a simple dashboard:

![CRA Scanner screenshot]

Why I built it

I couldn't find a simple free tool that just scans your plugins and
gives you a clear picture. Most solutions are either paid, overly
complex, or focused on documentation rather than actual plugin health.

Get it

GitHub: https://github.com/gritzon/cra-scanner-wp
WordPress.org: pending review (submitted April 2026)

Free and open source under GPL-2.0.

Feedback welcome

This is v0.2.0 — early but functional. If you try it and find issues
or have suggestions, open an issue on GitHub or drop a comment below.

DEV Community: gritzon

I built a free public REST API to check CRA compliance for WordPress plugins and Rust crates

The problem

What I built

Check API status

Check WordPress plugin

Check Rust crate

Example response

Status values

Try it now

What's next

I built a free WordPress plugin to help with EU Cyber Resilience Act compliance

The problem

What I built

Why I built it

Get it

Feedback welcome