WordPress Security, Reviewed From the Outside
WordPress powers over 40% of the web — and is the most targeted CMS by attackers. Our passive WordPress Security Check identifies publicly visible risks without logging into your site, installing plugins, or performing any intrusive testing.
What We Check
Every WordPress Security Check covers these areas. Designed for site owners and agencies who need to demonstrate security diligence.
Version Detection
Identify the WordPress version from public indicators. Outdated versions are the #1 attack vector for WordPress sites.
Plugin Enumeration
Detect publicly visible plugins from readme files, generator tags, and page source. Old or abandoned plugins introduce vulnerabilities.
Admin Panel Exposure
Check if wp-admin, wp-login, and XML-RPC are publicly accessible. These are common brute force and attack targets.
Configuration Review
Verify security-related configuration from public headers and responses. Detect common misconfigurations that leak information.
Sensitive File Check
Check for exposed wp-config backups, .git directories, backup archives, and debug.log files that could reveal credentials or structure.
Hardening Guidance
Practical WordPress hardening advice based on what we find. Focused on the highest-impact changes that protect your site.
Built for Agencies and Freelancers
If you manage WordPress sites for clients, our reports are designed to be client-ready deliverables.
Client-Ready Reports
Share the PDF report directly with your clients. It's written in business language they can understand, with your agency branding space.
Demonstrate Due Diligence
Show clients you take security seriously with a professional third-party assessment. Good for contracts and renewals.
Identify Upsell Opportunities
Findings from the report can inform your maintenance and security service offerings. Data-driven recommendations carry weight.
Save Time
Instead of manually checking each client site, get a professional assessment in days. Focus on fixing issues, not finding them.
Pricing
WordPress Security Check is part of the Website Trust & Security Snapshot: Starter (299€) and Standard (499€).
Know What Attackers Can See
Most WordPress attacks start with reconnaissance. Our passive review shows you what's publicly visible — before someone else finds it.