Website Security Audit (WordPress/PCI)

Why Perform a Security Audit?

Your website is vital to your business, so it’s important to ensure it is secure from potential threats. An unhealthy website will result in reduced performance and increased vulnerability security breaches which can lead to the misuse of your sensitive information and damage your company’s reputation.

periscopeUP’s website security audit service focuses on detection, protection, prevention and overall performance. We do our best to ensure your website is as secure as possible, however it is important to understand that website security is not “one and done”. Hackers are always advancing and shifting their techniques, that’s why it’s essential to frequently audit your site in order to continually identify and remedy any weaknesses. Below is a summary of our Basic Website Security Audit as well as our website security add-ons.

Basic Website Security Audit

– starting at $1,500 per WordPress site*

General Website Security

The security of your website can directly impact your business reputation and ability to attract and maintain customers. During this portion of the security audit we:

  • Gain a basic overview of our website’s security posture.
  • Ensure your site is free of malware.
  • Verify your site is blacklist free and not at any risk of being blacklisted.
  • View Google’s transparency report.
  • Uncover any suspicious logins.
  • Ensure log files and php are not publicly available.

Website Theme and Plugin Security

By keeping website themes and plugins up-to-date, you’ll make your site less vulnerable to breaches and hacks. During this portion of the security audit we:

  • Ensure no theme has been altered (e.g. child themes used).
  • Install and activate security plugin. (Recommended: iThemes Security Pro)
  • Perform an analysis of all unused themes and plugins and make recommendations for deletion.
  • Ensure non-maintained themes are not used.
  • Verify that all active plugins are maintained by developers.

WordPress Security

WordPress must be kept up-to-date or it may pose a security risk. If a hacker gains access to your website, they could steal IP, sales data, customer information and passwords, install malware on your site or even distribute malware to users. During this portion of the security audit we:

  • Install current version of WordPress.
  • Enable auto updates where needed.
  • Disallow wp-admin file editing.
  • Delete any themes and plugins that are not needed.
  • Update all themes that are maintained.
  • Perform a WordPress Slats and Keys check.
  • Harden WordPress according to the following process:
    • Disable the file editor in plugins and themes.
    • Disable automatic plugin installation.
    • Reset WordPress Keys and Salts.
    • Enforce strong passwords.
    • Limit the number of allowed WordPress login attempts.
    • Implement two-factor authentication.

Admin User Security

Administrative or privileged accounts have the ability to make changes to your website or system. Any compromise to these accounts could result in attacks gaining access to your website or network. During this portion of the security audit we:

  • Ensure all administrators are valid users with correct email addresses.
  • Limit access to WordPress admin.
  • Remove any inactive admins or users.
  • Encourage use of admin roles.
  • Employ strong and unique passwords and IDs for each admin account.
  • Ensure there are no public transaction logs that could decrease site security.
  • Check the security of FTP accounts.

Website Hosting Security

Keeping your website hosting secure is essential for ensuring there is no unauthorized activity or network intrusions. During this portion of the security audit we:

  • Verify that there are adequate backups of the site.
  • Ensure hosting is reliable and secure.
  • Employ a strong hosting panel password.
  • Utilize a strong FTP password.
  • For sites that are not currently utilizing HTTPS, procure a SSL certificate.
  • Ensure there is no credit card information stored on the website.

We also offer these additional website security services:

PCI Compliance Add-On

We offer a Payment Card Industry (PCI) compliance audit add-on to our standard website security audit service for those businesses that take online credit card payment. This add-on audit focuses on the following items. These must be shared with your payment processor and bank to earn PCI Compliance status. Additionally, this information must be sent quarterly in order to remain in good standing.

  • Determine appropriate merchant level.
  • Administrate self-assessment questionnaire.
  • Select and setup an approved scanning vendor.
  • Check for security policies and training:
    • Software updates
    • Security patches
    • Antivirus protection
    • Malware scanning
    • Train employees on how to properly manage payment information
  • Check and validate secure sockets layer (SSL) certificate.
  • Setup and require more verification details for customer payments.
  • Check that plugins and tools are PCI-Compliant.

Ongoing WordPress Maintenance Add-On

On a monthly basis, verify that WordPress core, plugins and themes are up-to-date. Also, check security logs and ensure latest security patches are installed.

Plugin Troubleshooting

If you are facing an issue with a security plugin or any other plugins, we can provide assistance billed on an hourly basis.

*Fee structure is based on complexity of site and required turnaround time.

CONTACT US

Would you like a Free Consultation?
Call (443) 475-0787 or Contact Us.

CONTACT US