Website Security Audits2021-05-20T20:06:52+00:00

Website Security Audit Services

Call us today

We can help you meet and exceed your digital marketing goals.

Call us today

Secure your website and protect data, revenue and reputation.

Website Security Audit Services

Strengthen your website’s security posture to mitigate the risk of security breaches, lost data and damaged reputation.

periscopeUP’s website security audit service focuses on detection, protection, prevention and overall performance. We do our best to ensure your website is as secure as possible, however it is important to understand that website security is not “one and done”. Hackers are always advancing and shifting their techniques, that’s why it’s essential to frequently audit your site in order to continually identify and remedy any weaknesses.

Top down view of laptop and modern workstation.
  • WordPress Security
  • Hosting Security
  • Database Security
  • User Security
WordPress Security

WordPress must be kept up-to-date or it may pose a security risk. If a hacker gains access to your website, they could steal IP, sales data, customer information and passwords, install malware on your site or even distribute malware to users. During this portion of the security audit we:

  • Install current version of WordPress.

  • Enable auto updates where needed.

  • Disallow wp-admin file editing.

  • Delete any themes and plugins that are not needed.

  • Employ strong and unique passwords and IDs for each admin account.

  • Update all themes that are maintained.

  • Perform a WordPress Slats and Keys check.

Harden WordPress according to the following process:
  • Disable the file editor in plugins and themes.

  • Disable automatic plugin installation.

  • Reset WordPress Keys and Salts.

  • Enforce strong passwords.

  • Limit the number of allowed WordPress login attempts.

  • Implement two-factor authentication.

General Website Security

The security of your website can directly impact your business reputation and ability to attract and maintain customers. During this portion of the security audit we:

  • Gain a basic overview of our website’s security posture.

  • Ensure your site is free of malware.

  • Verify your site is blacklist free and not at any risk of being blacklisted.

  • View Google’s transparency report.

  • Uncover any suspicious logins.

  • Ensure log files and php are not publicly available.

Admin User Security

Administrative or privileged accounts have the ability to make changes to your website or system. Any compromise to these accounts could result in attacks gaining access to your website or network. During this portion of the security audit we:

  • Ensure all administrators are valid users with correct email addresses.

  • Limit access to WordPress admin.

  • Remove any inactive admins or users.

  • Encourage use of admin roles.

  • Employ strong and unique passwords and IDs for each admin account.

  • Ensure there are no public transaction logs that could decrease site security.

  • Check the security of FTP accounts.

Website Theme and Plugin Security

By keeping website themes and plugins up-to-date, you’ll make your site less vulnerable to breaches and hacks. During this portion of the security audit we:

  • Ensure no theme has been altered (e.g. child themes used).

  • Install and activate security plugin. (Recommended: iThemes Security Pro)

  • Perform an analysis of all unused themes and plugins and make recommendations for deletion.

  • Ensure non-maintained themes are not used.

  • Verify that all active plugins are maintained by developers.

Website Hosting Security

Keeping your website hosting secure is essential for ensuring there is no unauthorized activity or network intrusions. During this portion of the security audit we:

  • Verify that there are adequate backups of the site.

  • Ensure hosting is reliable and secure.

  • Employ a strong hosting panel password.

  • Utilize a strong FTP password.

  • For sites that are not currently utilizing HTTPS, procure a SSL certificate.

  • Ensure there is no credit card information stored on the website.

We also offer these additional website security services:

Ongoing WordPress Maintenance Add-On

On a monthly basis, verify that WordPress core, plugins and themes are up-to-date. Also, check security logs and ensure latest security patches are installed.

Plugin Troubleshooting

If you are facing an issue with a security plugin or any other plugins, we can provide assistance billed on an hourly basis.

PCI Compliance Add-On

We offer a Payment Card Industry (PCI) compliance audit add-on to our standard website security audit service for those businesses that take online credit card payment. This add-on audit focuses on the following items. These must be shared with your payment processor and bank to earn PCI Compliance status. Additionally, this information must be sent quarterly in order to remain in good standing.

  • Determine appropriate merchant level.

  • Administrate self-assessment questionnaire.

  • Select and setup an approved scanning vendor.

  • Check and validate secure sockets layer (SSL) certificate.

  • Setup and require more verification details for customer payments.

  • Check that plugins and tools are PCI-Compliant.

Check for security policies and training:
  • Software updates.
  • Security patches.
  • Antivirus protection.
  • Malware scanning.
  • Train employees on how to properly manage payment information.

Your website is vital to your business, so it’s important to ensure it is secure from potential threats. An unhealthy website will result in reduced performance and increased vulnerability security breaches which can lead to the misuse of your sensitive information and damage your company’s reputation.

We can provide digital marketing expertise that contributes to top-line revenue growth at a fraction of the cost of hiring a full-time employee. Call us at 443.475.0787 or fill out the form below for a free consultation.


Related Services

Get the latest marketing tips & hacks from periscopeUP in your inbox.

Read Latest Posts