Perform a security scan to determine vulnerabilities

scan your site as part of your website maintenanceNew website vulnerabilities are being found all the time. Use one of the readily available scanning services to keep up to date.

I use a great scanning service from Sucuri to check my website whenever I do maintenance.

This article is part of a series on regular website maintenance that you can do yourself.

Sucuri offer free site scanning that will check your site for malware, blacklisting status, and out-of-date software. This free service requires you to visit their site and enter the name of the website you want to scan.

You can also subscribe to their much more extensive and automated service that will check your site regularly so that you know as soon as possible if there is a problem.

The things I look at in the scanning report are:

  1. Are all the high level security checks green
  2. Look at all the links that were detected and scanned and make sure that they are valid. If you use YouTube or some of the facebook social media plug-ins you will see some odd URLs that are actually fine
  3. Check in Website Details that you are not giving away more information than you intended about the internal layout of your website – you may need to adjust your php settings if this happens
  4.  Check the JavaScript on your site is only what you have put there and nothing has been added without your knowledge
  5. Check the blacklist status – A particularly interesting one here is the list of IP addresses that are known to host Malware. If you use shared hosting there is a chance you may innocently appear here and it would then be time to have a chat with your hosting provider to get moved to a different IP address!
  6. If anything is a problem is it highlighted in red and gets special attention until it can be fixed and a rescan done.

As a rule you should not provide any information about the internal structure of your website. There are many ways of hiding this information or making it harder to discover. This is usually referred to as ‘hardening’ your website and the server it sits on. One of my favourite uses of this scan by an external party is that it is independent and they stay up to date of new vulnerabilities and out of date software as specialists in the field.

You may also find it useful to look at security scanning plug ins for WordPress. These tools are able to perform additional checks on the individual files that make up your website and check that they have the correct permissions. Examples of these include WordPress BulletProof Security and WordPress Antivirus.

Check my website maintenance summary page for other articles and ideas on keeping your website safe and secure.