CRA Guard

CRA Reporting Deadline: Sept 11, 2026

EU Cyber Resilience Act
Compliance for WordPress

Free compliance checklist, document generator, and education centre for WordPress plugin and theme developers. Pro tier adds automated SBOM, vulnerability scanning, and incident management.

167
days
02
hours
06
mins
00
secs
Download Free PluginRead the Guide
26
Compliance items
5
Document templates
0 → Compliant
In your WordPress admin

Everything you need for CRA compliance

The free tier gets you 80% compliant. Pro closes the gap with automation.

FreeForever free on WordPress.org
  • Setup wizard: Am I in CRA scope?
  • 26-item compliance checklist mapped to CRA articles
  • 5 document templates (VDP, incident plan, declaration)
  • security.txt generator + auto-installer
  • CRA education centre with article breakdowns
  • Compliance score dashboard (0–100)
ProFrom $59/year
  • SBOM generator (CycloneDX 1.5 JSON)
  • Vulnerability scanning via OSV.dev API
  • Incident centre with ENISA deadline timers
  • PDF compliance reports
  • Email alerts for new vulnerabilities
  • Multi-plugin tier gating (1/5/25 plugins)

Three steps to compliance

01

Install the plugin

Download CRA Guard from WordPress.org and activate it. No configuration files, no CLI tools, no external accounts.

02

Run the setup wizard

Answer 5–7 questions about your plugin. The wizard determines whether the CRA applies to you and which obligations you face.

03

Follow the checklist

Work through the 26-item compliance checklist, generate your documents, install security.txt, and watch your score climb to 100.

Simple, annual pricing

No monthly subscriptions. No per-scan fees. Pay annually and focus on compliance.

Free
$0
Unlimited (checklist only)
  • Setup wizard
  • 26-item checklist
  • 5 document templates
  • security.txt generator
  • Education centre
  • Compliance score
Download Free
Most Popular
Personal
$59/year
1 plugin
  • Everything in Free
  • SBOM generator
  • Vulnerability scanning
  • Incident centre
  • PDF reports
  • Email alerts
Get Personal
Developer
$119/year
5 plugins
  • Everything in Personal
  • Bulk dashboard
  • Priority support
  • 5 plugin licences
Get Developer
Agency
$239/year
25 plugins
  • Everything in Developer
  • White-label reports
  • Team access (3 seats)
  • Multisite support
  • 25 plugin licences
Get Agency

How CRA Guard compares

The only CRA compliance plugin with a free tier on WordPress.org and annual pricing.

FeatureCRA GuardResilienceWPComplianzManual
Free tier on WordPress.orgN/A
CRA-specific compliance checklist
SBOM generation (CycloneDX)
Vulnerability scanning
ENISA incident reporting
Document templates5 templatesLimitedGDPR only
Annual pricingFrom $59/yr$228–540/yr€59–399/yr$0 + time
WordPress.org listedYes (GDPR)N/A

Key CRA deadlines you cannot miss

Sept 11, 2026

Vulnerability reporting obligations

Manufacturers must report actively exploited vulnerabilities and severe incidents to ENISA within 24 hours, 72 hours, and 14 days.

Dec 11, 2027

Full CRA requirements

All CRA requirements take effect. Products must have SBOMs, conformity assessments, vulnerability handling processes, and security update mechanisms.

Fines: up to EUR 15,000,000

or 2.5% of total worldwide annual turnover, whichever is higher.

Start your CRA compliance journey today

Install the free plugin, run the wizard, and know exactly where you stand before the September 2026 deadline.

Download CRA Guard Free