Skip to main content
FREE

WordPress Maintenance Audit

Our WordPress Maintenance Audit checks your website’s health, security, performance, and scalability, evaluating code, theme, plugins, and overall architecture.

FREE WordPress webite audit overview.

Our WordPress Maintenance Audit Service offers a thorough health check for the backend of your website, designed to enhance its security, performance, and scalability. This service includes a detailed evaluation and analysis of your site’s code, themes, plugins, and overall architecture. Our expert team conducts these comprehensive reviews to pinpoint any potential issues or areas for improvement, ensuring your WordPress site operates at its optimum level and is poised for future growth. This proactive approach not only identifies existing vulnerabilities but also provides actionable insights and recommendations to fortify and enhance your website’s functionality

WordPress security audit checklist.

  • 1
    Update Check
  • WordPress Core: Verify that the WordPress core is up-to-date.

  • Plugins and Themes: Check for updates on all installed plugins and themes to ensure they are running the latest versions.

  • 2
    Update Check
  • Administrator Accounts: Review all administrator accounts to ensure only authorized users have admin privileges.

  • Username and Password Strength: Check the strength of all user passwords, especially administrators. Recommend strong passwords where necessary.

  • Unused Accounts: Identify any accounts that are no longer active or needed.

  • 3
    File Permissions Review
  • Ensure that file permissions are correctly set for directories and files (e.g., directories at 755 and files at 644) to prevent unauthorized access or changes.

  • 4
    Review Security Settings
  • SSL Check: Ensure that SSL is implemented correctly across the entire site for secure connections

  • Database Prefix: Check the default WordPress database prefix to reduce the risk of SQL injection attacks.

  • Firewall and Security Plugins: Verify security plugins installed and are configured properly. Security plugins that enhanced protection are Akeeba Admin, Wordfence, Sucuri, or iThemes Security.

  • 5
    Check for Malware and Backdoors
  • Scan for Malware: basic scan for malware, viruses, and other malicious code.

  • Backdoor Checks: Check for unusual or suspicious files that might be used to regain access to the site.

  • 6
    Review wp-config.php File
  • Security Keys: Ensure that security keys and salts are present and regenerated if necessary to enhance encryption of user data.

  • File Location: check the wp-config.php file location (this should be placed in a non-public directory to reduce the risk of access).

  • 7
    Audit .htaccess for Security Enhancements
  • Check security rules in the .htaccess file, such as protecting system files, disabling directory browsing, and restricting PHP execution in sensitive directories.

  • 8
    Plugins and Themes Security Review
  • Nulled Plugins/Themes: check there are no nulled plugins or themes installed, as they are common sources of malware.

  • Unused Plugins/Themes: Check plugins or themes that are not actively being used to minimise potential entry points for hackers.

  • 9
    Logs Review
  • Examine logs for suspicious activity such as repeated failed login attempts, unusual admin activity, or unexpected changes in file sizes or types.

  • 10
    Backup and Recovery Check
  • Check if there are regular backups of the website (files and database) and that a reliable recovery process is in place.

  • 11
    Backup and Recovery Check
  • Document all findings during the audit.

  • Prepare a security audit report that outlines issues found and recommendations.
Please fill out the information below, and our team will begin the process of assessing your website. This will help us understand your needs and identify opportunities for improvement.
Please enable JavaScript in your browser to complete this form.
Name
Is there anything specific you would like us to focus on during the evaluation, such as security, performance, or SEO?
Dive deep with a detailed review of your site’s code, themes, plugins, and overall architecture.