Comprehensive WordPress Site Security Audit
Your website’s security is critical. Insecure and poorly protected WordPress websites can damage your brand reputation, kill your SEO and have a huge impact on your bottom line revenues.
In other words, an insecure website can be used as a backdoor by hackers seeking to gain access to your website. And if malicious users find a vulnerability in your WordPress install, you can bet that they will exploit them.
This is where Malcure’s WordPress Security Audit comes into play!
When you sign-up for our WordPress security audit services, one of our security analysts will examine, detect and report on your website’s vulnerabilities. We will validate your website’s security posture against a 52-point security inspection list and provide a complete report which includes detailed recommendations for improving your site security. Our security audit report includes the following:
- Complete website scan (inspection of all the website files for malicious code)
- Make sure that the site is not listed on blacklists
- Review Google Transparency report
- Make sure that the database is free of malware and spam
- Ensure log files and phpinfo files are not publicly available
- Look for suspicious logins
- Make sure that the adequate log files are available
- Check if there are any potentially vulnerable files
- Is Google Search Console and Google Analytics set-up for the site
WordPress Core:
- To check if your site is using the latest version of WordPress
- Enable auto updates as and where needed
- Check if wp-config.php is secured
- Check if wp-admin file editing is disallowed
- Manually inspect all the files in your WordPress installation directory
Themes and Plugins:
- Review all the themes
- Review all the plugins, add-ons and extensions
- Check if all the themes and plugins are updated & actively maintained
- Make sure that theme core files are unmodified (child theme is used for modifications)
- Make sure that the active theme is actively maintained by developers
- Make sure all the active plugins used are actively maintained by developers
- Prepare a list on unused themes and plugins (for deletion)
- Prepare a list of vulnerable themes and plugins (for review)
- Check basic plugins for leaks and recommend stronger ones where required
- Review and inspect mu-plugins folder
- Inspect uploads folder for possible security threat
- Scan WordPress database for any malicious code
- Check the permissions of MySQL user
- Make sure that the tables are optimized
- Make sure that the database is optimized
- PhpMyAdmin version check
- Password audit for MySQL user
- Make sure that remote database access disabled
- Review all the user accounts and make sure that all the administrators are valid users with correct email addresses
- Perform a password audit and make sure that each user account is using a strong and unique ID and password
- Limit access to WP admin based on user roles
- Make sure there are no public transaction logs that decrease site security
- Review network administration for multisite install
- Ensure that hosting is reliable and secure
- Is the site using Linux Hosting
- Check if SSL is installed and configured correctly
- Review the file permissions
- Check which PHP and web server version is in use
- Make sure there are no suspicious cron jobs
- Strong CPANEL / Hosting / FTP Password
- Review website backups and backup settings to make sure there are adequate backups
- Make sure that backups are not accessible publicly
- Make sure that credit card information is not stored on site
- Page speed analysis of the website
- Review caching configuration
- Check if the site is using Web Application Firewall (WAF)
- Review the configuration of security and performance plugins (if any)
Malcure WordPress Security Audit
Not sure if your WordPress website is secure?
Book your WordPress security audit today! One of our seasoned security analysts will perform a detailed security audit of your website and recommend the security measures required to secure and bulletproof your site against potential vulnerabilities.