Why is Your WordPress CMS Security Check Important
55.9% of vulnerabilities came from plugins.
Over 90,978 attacks happening per minute on both big and small WordPress sites
84% of all security vulnerabilities on the internet are the result of Cross-Site Scripting or XSS attacks.
Most of the casual bloggers start thinking about site security only after they get into first problems and majority of websites get hacked from entirely preventable issues, like not keeping things updated or using insecure passwords.
The majority of hacking attempts are made by bots, and you may be able to prevent hacker bots attacks by hiding your WordPress paths: wp-content, wp-include, plugins, themes, etc.
Just by changing the main paths, you may be able to protect your website against things like brute-force attacks, SQL-injection, and requests to your PHP files.
The test includes checking for updated plugins, themes and different files and functions which are known to hold security breaches.
Web Version vs Plugin Version
WordPress Security Check
What we will check
- wp-login path
- wp-admin path
- wp-content/plugins
- wp-content/themes
- wp_config.php file is writable
- license.txt files
- readme.html files
- wp-config file
- XML-RPC access
- WordPress Prefetch https://s.w.org
- REST API discovery
- Powered by WordPress
- PHP Version
- Mysql Version
- WordPress Version
- Backend under SSL
- WP Debug Mode
- DB Debug Mode
- Script Debug Mode
- Display_errors PHP directive
- User 'admin' as Administrator
- Spammers can easily signup
- Outdated Plugins
- Not Updated Plugins
- Version Incompatible Plugins
- Outdated Themes
- Database Prefix
- Salts and Security Keys valid
- WordPress dDatabase Password
- MySql Grant All Permissions
- install.php file are accessible
- upgrade.php file are accessible
- Author URL by ID access
Plugin Version
Detect any breach and weakness in your website using Hide My WordPress Ghost Plugin