In Q3 of 2016, Sucuri reported that WordPress again led all content management systems with the number of hacked websites. WordPress alone claimed ownership of 74% of all detected infections and vulnerabilities.
Ugh. That’s always a huge let-down. With people already looking for reasons not to use WordPress or hearing horror stories about this very thing, news like this makes it seem like the platform is inherently insecure (which it’s not).
But here’s the thing: with so many eyes on WordPress due to its overwhelming popularity over other CMS, it will continue to be the target of hackers. It’s just something we have to expect at this point. And that’s why we shouldn’t be asking “Is WordPress Secure?” but more “What can I do to make my WordPress site more secure?”
Enacting a security plan is essential, of course. And utilizing a variety of firewalls, security plugins, antivirus software, and more will help. But you should also look outside of WordPress for assistance in keeping your site safe. An online security scanner will give you an extra set of eyes to sweep through your site and alert you to any potential pitfalls within it.
7 Free Online Security Scanners to Check Your WordPress Site
Your security audit process already includes a deep-dive internal security scan with a plugin like Defender–which is absolutely necessary. You’ll need that if you want to see deep down inside the guts of your site and hosting environment. An online scanner, on the other hand, will take care of the superficial scan of your site for malicious content, code, or other hidden entities just waiting to wreak havoc on it.
It will look for problems like:
- Unauthorized backlinks, ads, or redirects
- Unauthorized use of bandwidth (like hotlinks)
- Infected code, plugins, themes
- And more.
Since you’re already spending money on a secure host, a premium security plugin, antivirus or malware software, and more, there’s no need to spend any more on an online security scanner to help you check your WordPress site for vulnerabilities. Many of these are available for free and require little more than entering your site’s URL into a field.
Here are 7 awesome online scanner tools you should consider using:
The best part about using a security scanner like Hacker Target’s is that it was specifically built to inspect the more troublesome elements on a WordPress site. So, you’ll find analyses here for plugins and themes as well as other particularly weak areas of websites.
Your free website analysis will include the following:
- WordPress version updates needed
- WordPress plugin updates needed
- User ID enumeration issues
- Directory indexing enabling
Scanurl’s online scanner tool is a very simple one. The tool itself will provide you with few details on your site’s security, including:
- Whether anyone has marked your site as “unsafe”
- Whether it passed the Google Safe Browsing test
- Whether PhishTank has a file on your site
- Whether Web of Trust has any negative ratings on your site
In addition, the bottom of the scanner provides links to other security scanning resources. So, if you’re curious to see what smaller, more targeted reports from places like Norton, McAfee, and VirusTotal have to say, you can get those here in the resource aggregation list.
Here’s the thing about the Sucuri security scanner: you’re not going to get many details out of it. You’ll get a very high-level overview regarding:
- Outdated WordPress version
- Issues with (or a lack of) firewall
- Domain blacklisting status across a variety of security authorities (e.g. Google, Norton, et al.)
- A list of links found on your site (in case there’s something you didn’t put there)
- List of scripts (again, worth checking in case you don’t recognize any of them)
But Sucuri is a trusted entity in the world of security and is a good place to start. If any issues are detected here, they’ll be sure to point you in the right direction.
SiteGuarding.com works similarly to the other online scanners on this list. However, there’s something really nice about the interface in which the results are displayed. Even a novice WordPress user should be able to use this tool and understand where their site’s problem areas are.
Specifically, SiteGuarding.com will call out:
- Outdated WordPress
- Online blacklisting against your site
- Firewall detection
- Internal link analysis
- List of plugins, themes, and scripts for verification
This online scanner from UpGuard is great because it handles online security analysis in a sort of gamification format. You’ll receive a security score based on how your website performs a number of factors like:
- Having an SSL certificate
- Domain registration protection
- Phishing or malware detection
- Server information exposure
- SPF enabled
- And more
This WordPress-specific vulnerability scanner targets your plugins and themes, so if you suspect you have issues there, this will point you in the right direction. It does also provide details on things like outdated versioning, the robots.txt file, and oddities found in your site’s header. However, the bulk of the analytics you’ll receive from this tool speak directly to the quality and status of your WordPress plugins and themes.
The security vulnerability results you receive from this online scanner remind me of what you’ll get with Hacker Target. However, there are three key differences here, and I think these will make a world of difference for WordPress developers really trying to dig into any issues they’re encountering with security. The three additional pieces of information you’ll receive are:
- Internal links
- iFrames links
With this information included in your analysis, you’ll be able to more quickly detect anything that doesn’t belong on your site that you might not otherwise notice.
There’s a lot of work that’s required of you in order to keep your WordPress site safe. Luckily, you can offload most of the monitoring work to security plugins like Defender as well as free online vulnerability scanners like the ones mentioned above. By utilizing a reliable set of tools to keep an eye on your site, you’ll more effectively (and quickly) be able to handle security issues as they arise.
Why 100 is NOT a Perfect Google PageSpeed Score (*5 Min Watch)
Learn how to use Google PageSpeed Insights to set realistic goals, improve site speed, and why aiming for a perfect 100 is the WRONG goal.
- WordPress vulnerabilities