WordPress Security Audit

Do you run the popular CMS WordPress? Are you looking to have your WordPress security tested?

Due to its popularity WordPress has become a common target for cyber criminals, and if you don’t keep on top of your WordPress security you are at risk of being hacked.

Introducing our WordPress Security Audit service.

What can we do to help?

  • We will audit your WordPress installation, check your file and directory permissions on your web server.
  • A full blackbox wordpress pen test will be performed against the target host. You can review how a wordpress pentesting works by visiting our home page.
  • WordPress plugins security will be checked, looking for known weaknesses that exist in certain plugin versions.
  • WordPress pages and custom pages will be checked for vulnerabilities that match the OWASP top 10, and if found, we will advise how to fix any issues we uncover
  • We have access to fast WordPress security scanners and analysis tool which will check your website for vulnerabilities.
  • Custom rules will be added to filter new and emerging WordPress threats. We monitor the latest security vulnerabilities to stay ahead of the bad guys and implement fixes before they get to your site.
  • A full audit / WordPress penetration test report will be supplied for your WordPress website, to show you how you can improve security and fix security issues.


WordPress Security Auditing tasks we can perform:

  • Install and correctly configure a web application firewall to actively scan and protect your WordPress installation.
  • Check your site with McAfee/Google/Blacklist checks for known suspicious activity or malware.
  • Setup alerts, so your website admin receives notifications of suspicious activity, allowing you to proactively defend your website, and ban malicious users or bots.
  • Setup a backup solution (if required) to ensure you have regular database and file backups taken of your site.
  • Configure or setup SSL (if required) so all the traffic between your website and its users is encrypted and secure.
  • Add enhanced .htaccess rules to filer known WordPress attack methods.
  • Add an extra layer of security to the WordPress administration area /wp-admin.
  • Check your WordPress core for correct permissions.
  • Check your WordPress plugins for correct permissions.
  • Check your WordPress theme is up to date and the core files have not been modified.
  • Ensure your WordPress core is updated to the latest version, along with any plugins.
  • Audit your WordPress plugins for known vulnerabilities.
  • Audit your user accounts within WordPress, ensure redundant accounts are removed and passwords are strong.
  • Check your web server and ensure your WordPress hosting is secure.
  • Setup your web server logging correctly.

With all of the above information you will get the best WordPress security and learn best practice WordPress security techniques and how to secure your WordPress site. You may also be interested in our Secure WordPress Hosting services.

If you are interested in getting your WordPress site security checked, contact us for a quote.