Your WordPress is exposed. The question is how much.

I'll check it in 24-48h and send you a report with what's there. Start free.

01 · Why this matters

You don't need to be a big target to get attacked.

90% of WordPress sites have a vulnerability they don't know about. Old plugin, exposed admin user, files that shouldn't be reachable.

Bots scan the entire internet looking for vulnerable patterns. They don't hack you because you sell a lot: they hack you because you exist.

A compromised site drops in Google, loses transactional email, scares clients away and can become legally liable if it leaks data.

It's much cheaper to find out in time than to fix later.

02 · Two levels

You start free. If you want more, we move to the complete one.

Free

External audit

I analyze your site from outside, like an attacker would. Without logging into your dashboard or installing anything.

  • XML-RPC and common attack vectors
  • User enumeration
  • HTTP security headers
  • Exposed files and directories
  • SSL/TLS certificate
  • WordPress fingerprint
  • Email report within 24-48h
Request for free
Complete

Internal audit

With temporary dashboard access I check what you can't see from outside: plugins, permissions, configuration, database.

  • Everything in the external
  • Plugins and themes: outdated and orphaned versions
  • Admin users, roles and suspicious emails
  • WordPress settings: open registration, debug, pingbacks…
  • Malicious content in posts and suspicious files in uploads
  • Database health: size, tables, overhead
  • Professional PDF report with score and remediation guide
Request quote View sample report (PDF)

03 · Start free

Leave me the URL. I'll send you the report in 24-48h.

No commitment, no cost, no prior sign-up. If you want me to fix what I find, we talk. If not, the report is yours.

04 · How it works

Three steps. Not one more.

1. Give me the URL

The external only needs the address. The internal needs temporary dashboard access (revoked when done).

2. I analyse your website

Passive and non-intrusive checks. Your site keeps running normally, your clients don't notice a thing.

3. You get the report

In 24-48h: what was found, the risk level and how to fix it. Without gratuitous jargon.

05 · Frequently asked questions

What they ask me before giving me the URL.

What's the difference between the external and internal audit?

The external audit is what anyone curious can see about your site from the Internet: ports, headers, exposed users, detectable versions. The internal audit requires access to the dashboard and reviews what can't be seen from outside: plugins with CVEs, permissions, configuration, database. The external audit finds plenty, but the internal one finds the things that hurt the most.

Is the external audit really free?

Yes, no fine print and no signing up for any newsletter. I do it because it works as an introduction: if the report convinces you, it often turns into a job to fix things. And if not, you keep the information.

Do I have to install anything?

For the external audit, no. For the internal one, just a temporary admin user (which you cancel when we're done). I don't install plugins or leave anything behind.

How long does it take?

Between 24 and 48 business hours.

What if you find serious issues?

I explain them with context: what it is, what risk it poses, what priority to give it. If you want me to fix it, that's a separate quote. If you'd rather do it yourself or with your team, the report has everything you need.

Can the audit break anything?

No. The tests are passive. I don't inject anything, I don't force anything. Your site keeps working just the same.

What are you waiting for?

Start with the free one. If we need to go deeper, we'll see then.

Request free audit

Want continuous protection afterwards? Maintenance plans →

Does your website comply with the Accessibility Act? Accessibility Audit →