en_US
en_US fr_FR
Blog
Wiki
Customer portal

WordPress security audit

Your dedicated WordPress cyber security service

WordPress is the world's most popular CMS. This makes it a prime target for hackers. So owning a WordPress site demands the utmost vigilance when it comes to security.

What would happen to your business if your site redirected visitors to fraudulent or malicious sites? If your site was blacklisted for your visitors? What if spam was sent out in your name, or the e-mail addresses of all your users and customers ended up in the wild, sold to hackers?

Yet WordPress website designers are generally unaware of the security aspects of the CMS they deploy and use every day.

Find out how a WordPress security expert can secure your website.

Hackers attack all WordPress sites all the time. 🏴‍☠️

Whether your site is big or small, hackers share lists of websites and program bots to test for security holes and take over your site as soon as it becomes vulnerable.

Without appropriate safety measures, it's only a matter of time before your site is hacked and your online image could be seriously damaged.

Yet many rules and best practices exist for securing and protecting your site.

Be proactive: protect yourself now!

Having started out as a system administrator for a web hosting company, I'm familiar with all the security practices involved in providing secure web services. I offer my unique skills to protect your website and your company's brand image.

The main objectives of my intervention

  • Detecting security vulnerabilities before hackers do
  • Identify and implement remedial solutions

Key points of security analysis

  • Audit server security from the outside and inside when possible (dedicated server, virtual server, etc.)
  • Verification of all known vulnerabilities in your version of WordPress and the plugins/themes you use
  • Identification and elimination of backdoors and any traces of hacking
  • Verification of more than 20 WordPress security points
  • Clear, detailed recommendations for remedying problems

Additional safety measures

  • Two-factor authentication
  • Automatic backup of your site

The three LRob "pluses

1) A relevant, "no bullshit" audit

Here, we don't waste time on pointless considerations, but rather on concrete, effective solutions.

Example: Many audits will rate as "critical" the fact that ports 22 (SSH), 80 (HTTP), 443 (HTTPS) are open, which doesn't provide any useful information, especially as ports 80 and 443 must be open for your site to be accessible. The problem is not whether a port is open or closed, but whether the application listening on these ports is secure or not. If the SSH port is open: does the server allow login via SSH key only, or via password? Via which SSH encryption algorithm (secure or not)? If SSH login via password is authorized, is the password complexity policy sufficiently high, and is an anti-bruteforce solution applied on the server? These are the more pertinent questions that are audited here.

2) Analysis from all sides

Because the final level of security is that of the weakest link in the chain, the entire chain from domain name to application, server and host is analyzed.

An external penetration test is carried out to determine flaws in both your scripts and the server.
Much more rarely, an internal test is performed. This means that your site's files and scripts are analyzed to ensure that 100% finds any known vulnerabilities, and if the server is accessible via SSH, its configuration and security are also checked.

3) Long-term remediation is proposed

Being aware of security concerns is a good start. Correct remediation is even better. There's no need to send and forward 15 e-mails between different service providers: I suggest you take charge of remediation directly by hosting your site on a server designed for WordPress and applying all the necessary adjustments to your WordPress site.

I can also maintain your site for the long term, while making sure that I'm alerted on a daily basis and can pro-actively remedy any security flaws that may be revealed for your site and the scripts it uses. This is done via my Webmastering including the 0 hack guarantee: I'm so sure your site won't be hacked that if it is, I'll get it back up and running, identify the source of the hack, and secure it.

0 sites hacked under my supervision since 2017! 💪

Coming from the world of system administration, I have complete mastery of the server chain, and that's just as well, because this is where security begins. I repair and protect sites with a hacking recidivism rate of 0% since 2017. And to stay on top of things, I'm constantly updating my knowledge of security vulnerabilities and best remediation practices.

Contact me at now to secure your site.

Please enable JavaScript in your browser to complete this form.
Your name
I'll determine your personality based on your email provider, but no matter what, you'll stay in my heart.
Phone number, postal address, Discord, Twitter, WhatsApp, etc.

Is your site already hacked?

In this case, all is not lost: I can repair your hacked WordPress site.

Repairing and securing hacked WordPress websites