---
title: "Comprehensive WordPress Site Security Audit"
date: 2019-11-05
author: "Shiv"
featured_image: "https://malcure.com/wp-content/uploads/2019/11/wordpress-security-audit-by-malcure-scaled.jpg"
---

# Comprehensive WordPress Site Security Audit

Your website’s security is critical. Insecure and poorly protected WordPress websites can damage your **brand reputation**, *kill your SEO* and have a huge impact on your ***bottom line revenues***.

In other words, an insecure website can be used as a backdoor by hackers seeking to gain access to your website. And if malicious users find a vulnerability in your WordPress install, you can bet that they will ***exploit*** them.

**This is where Malcure’s WordPress Security Audit comes into play!**

![WordPress Security Audit Services by Malcure](https://malcure.com/wp-content/uploads/2019/08/wordpress-security-audit-by-malcure.jpg)When you sign-up for our WordPress security audit services, one of our security analysts will examine, detect and report on your website’s vulnerabilities. We will validate your website’s security posture against a **52-point security inspection** list and provide a complete report which includes detailed recommendations for improving your site security. Our security audit report includes the following:

### <a>Basic Overview of your Website’s Security</a>

- Complete website scan (inspection of all the website files for malicious code)
- Make sure that the site is not listed on blacklists
- Review Google Transparency report
- Make sure that the database is free of malware and spam
- Ensure log files and phpinfo files are not publicly available
- Look for suspicious logins
- Make sure that the adequate log files are available
- Check if there are any potentially vulnerable files
- Is Google Search Console and Google Analytics set-up for the site







### <a>Complete Review of your WordPress Installation</a>

**WordPress Core:**- To check if your site is using the latest version of WordPress
- Enable auto updates as and where needed
- Check if wp-config.php is secured
- Check if wp-admin file editing is disallowed
- Manually inspect all the files in your WordPress installation directory

**Themes and Plugins:**

- Review all the themes
- Review all the plugins, add-ons and extensions
- Check if all the themes and plugins are updated &amp; actively maintained
- Make sure that theme core files are unmodified (child theme is used for modifications)
- Make sure that the active theme is actively maintained by developers
- Make sure all the active plugins used are actively maintained by developers
- Prepare a list on unused themes and plugins (for deletion)
- Prepare a list of vulnerable themes and plugins (for review)
- Check basic plugins for leaks and recommend stronger ones where required
- Review and inspect mu-plugins folder
- Inspect uploads folder for possible security threat







### <a>Ensuring the Security of your Database</a>

- Scan WordPress database for any malicious code
- Check the permissions of MySQL user
- Make sure that the tables are optimized
- Make sure that the database is optimized
- PhpMyAdmin version check
- Password audit for MySQL user
- Make sure that remote database access disabled







### <a>Administrative Security</a>

- Review all the user accounts and make sure that all the administrators are valid users with correct email addresses
- Perform a password audit and make sure that each user account is using a strong and unique ID and password
- Limit access to WP admin based on user roles
- Make sure there are no public transaction logs that decrease site security
- Review network administration for multisite install







### <a>Hosting Issues</a>

- Ensure that hosting is reliable and secure
- Is the site using Linux Hosting
- Check if SSL is installed and configured correctly
- Review the file permissions
- Check which PHP and web server version is in use
- Make sure there are no suspicious cron jobs
- Strong CPANEL / Hosting / FTP Password
- Review website backups and backup settings to make sure there are adequate backups
- Make sure that backups are not accessible publicly
- Make sure that credit card information is not stored on site







### <a>Review Website's Speed &amp; Performance</a>

- Page speed analysis of the website
- Review caching configuration
- Check if the site is using Web Application Firewall (WAF)
- Review the configuration of security and performance plugins (if any)







## Malcure WordPress Security Audit

**Not sure if your WordPress website is secure?**

Book your WordPress security audit today! One of our seasoned security analysts will perform a detailed security audit of your website and recommend the security measures required to secure and bulletproof your site against potential vulnerabilities.

  $497.00 – Purchase Now → [Review Your Order →](https://malcure.com/about-malcure/checkout/)      Added to cart