WordPress security posture check — PASSIVE hygiene assessment from public signals: detects WordPress, flags version disclosure (generator tag, readme.html), xmlrpc.php exposure, user enumeration, uploads directory listing, login exposure, missing security headers, and HTTPS. Returns a 0-100 posture score with prioritized remediation. Flags security practice, not exploitable vulnerabilities — no CVE matching, no intrusion. For site owners and authorized auditors. ?url=