There are well over 7,5 million WordPress blogging attacks every hour so the likelihood of your site being attacked is almost guaranteed. Scanning your site for vulnerabilities, however, can help you fight these attacks effectively.
Scanning your site will show you how vulnerable your site is to attacks so you can take steps to further protect your blog. So how do you do a security scan? Fortunately, there are some fantastic tools and plugins available, which we'll cover in this tutorial.
Is your site vulnerable to an attack?
It's too easy to think that you will never be attacked, that your site is safe from hackers. After all, who really cares about your little blog ? Especially when your site is not so popular after all?
The truth is, all WordPress sites are likely to be vulnerable, and you can not claim to be immune. If your site has personal information, an attacker could use it and exploit it to hack all your other accounts (And sites), especially if you use the same passwords on all these sites. I'm talking about social media accounts, bank accounts, your whole life may be compromised because of the vulnerability of your not so popular blog.
And even if your site does not have any personal information (which usually is not the case), Hackers can use your site to serve their own cause (use as a spam broadcast network). And you will see your blog suspended for excessive and abnormal traffic.
The most likely scenario: Your companyaccommodation suspends your website which therefore becomes unavailable until you convince your host that your website is doing well. This procedure can take a month, are you. Can you really afford to wait that long?
WordPress is secure as long as you install recent updates.
Sometimes the flaw does not depend on WordPress, it could come from:
- Low passwords
- The use of "admin" or "administrator" as username
- Plugins or vulnerable themes
- Using the default values to name your prefixes from the database tables
- Incorrect file permissions
- From editing themes and plugins enabled
- The failure of the computer or server
- Important unprotected files
With 73% of vulnerable sites, there is a good chance your site is included. How can you be sure that your site is really not vulnerable?
How to scan your accommodation WordPress
There are many tools that are not free, but allow you to analyze your site online. All you need to do is provide the link to your blog to perform the scan:
- WordPress Security Scan - Checks basic vulnerabilities in your WordPress site. Advanced scans are available with a premium upgrade.
- Sucuri SiteCheck - Your WordPress site can be checked for known malware, the status of blacklists, errors and if your site is dated.
- Acunetix - Provides you with scans for network vulnerabilities, it doesn't just do for WordPress and requires free registration for a 14 day trial.
- Scan My Server - You can get a detailed report of your site vulnerabilities once you register and provide a backlink to your site to verify your property and you are not a hacker.
- WPScan - A vulnerability scanner for self-hosted sites that is free for personal use. You can also get a paid license for commercial use.
- Unmask Parasites - You can check if your site has already been hacked or if there is spam or any other unwanted material.
- Norton Safe Web - similar to the scanner above, you can check if your site has already been compromised.
Perform advanced scans with WordPress plugins
For more detailed analyzes of your site, you can install a plugin that allows you to know what are the vulnerabilities that are found on your website. These plugins are updated regularly and work well on the unique installations of WordPress, but they work on a multisite network, provided they are installed individually per site.
1- Total Security
Download
Total Security monitors your site for vulnerabilities. When they show up you are notified right away so you can take action. While you aren't able to apply many important vulnerability fixes, this is a great scanner with detailed reports.
2 - Vulnerability Alerts
This plugin is not able to fix all the issues on your site, but it can detect issues on some files on your site as well as any plugins or themes you have installed. The results are not too detailed, but often include links where you can find more information about the vulnerability that was detected.
This plugin can also send you notifications when problems are detected.
3 - Vulnerable Plugin Checker
Although the Vulnerable Plugin Checker plugin does not scan files or themes on your site, it only checks the plugins you use to find vulnerabilities and security concerns. It also sends email notifications if problems are detected.
You will not be able to solve anything with this plugin, but the analyzes are also automated and performed twice a day to maximize the threat discovery potential quickly.
That's all for this little guide on analyzing your WordPress blog. I hope you will find some useful advice there.
