open menu icon
close menu icon
Welcome to Janric Website Design Southport
feature icon

Is Your WordPress Site Exposed? Get a Professional "Zero-Access" Security Review.

Most WordPress hacks happen through "low-hanging fruit"—obvious vulnerabilities that hackers spot before you do. The problem? Most security plugins only look inside your site. This service looks at the site the way a hacker would, explains where the weaknesses (risks) are and shows you the simple steps to close these doors.

I provide a Non-Intrusive WordPress Security Audit that identifies critical vulnerabilities from an external perspective — no admin passwords or sensitive login details required.

Why a "Zero-Access" Review?

Traditional security audits require you to hand over the "keys to the kingdom." My process is different. I analyze your site from the outside, exactly how a malicious bot or hacker would, ensuring your privacy remains 100% intact while uncovering the gaps they plan to exploit.

Does this work?

It's estimated that approximately 99% of all WordPress sites hacked use one (often more) of the vulnerabilities I am looking at. Close these and you have closed the door on hackers. In many cases this is enough to send the opportunistic hacker on to another site before they even launch an attack.

What I Check in Your Security Review

My 25-point external inspection covers the most common entry points for WordPress attacks:

  • SSL & Encryption Health: Is your data transmission truly secure, or is there a "Mixed Content" leak?

  • Version Exposure: Are you broadcasting your WordPress, PHP, or theme versions to the public? (A roadmap for hackers).

  • Exposed Sensitive Files: Checking for public access to files that shouldn't be public that hackers often use - for example most sites give away their list of user ids/

  • RSS & API Leaks: Is your User ID or site structure being leaked through the REST API or RSS feeds?

  • Directory Browsing: Can strangers browse your /wp-content/uploads/ folder like a personal file explorer?

  • Header Security: Are your "Security Headers" (XSS protection, HSTS) configured to block browser-based attacks?

How It Works: Simple, Safe, and Fast

Step Action Benefit
1. Site URL You provide your website address. No passwords or plugin installs needed.
2. External Scan I perform a manual and automated review. Zero downtime or impact on site speed.
3. Risk Report You receive a PDF of "Red Flag" items. Clear, actionable steps to fix issues.

Frequently Asked Questions

What do we typically find and report?

Most sites 'straight out of the box' leak the list of userids. Many years ago (when I first started using WordPress) everyone used 'Admin', but then it was realised that hackers knew the userid and only had to guess the password. So now Admin is not used, but this leak then gives the list of userids. By closing this leak hackers must guess BOTH userid & password - a lot more difficult.

On top of this there's also a feature of WordPress that allows hackers to submit hundreds of userid / password attempts in one go to see if any work. If just one works they get back the admin cookie and are logged on. This bypasses any security on your login form!

Our answer to the above - we've written and published a simple (free) security hardening plugin that you can use. There are others available if you prefer, we tell you what to look for, but ours just does what it's supposed to without the bloat of an 'all in one' security that secures areas you don't need, e.g. shopping baskets, payment areas etc.

Do you need my WordPress login?

No. My service is entirely non-intrusive. I never ask for your admin username, password, or FTP credentials. The check is performed as a hacker would see the site.

Who is this best for?

Most WordPress sites aren't hacked because of the site, but because you use WordPress and the hacker wants your admin. This security audit is aimed at the vast bulk of websites that fit this description - so sites that don't have secure data in the background. Blogs, brochure sites etc where the hacker just wants in on your admin. We can run the audit for sites which store customer details, payment records etc, but the audit will not cover the extra security of those areas as that requires login details for technical reasons.

Can’t I just use a free plugin for this?

Plugins are great, but they often have "blind spots." and you need to know which to use. They can't tell you if your server is leaking a backup file or if your API is exposing your staff's usernames to the public. My review catches the "operational leftovers" that plugins miss.

What happens if you find a problem?

You will receive a detailed report with prioritized fixes. You can then pass this to your developer or use it yourself as a checklist to harden your site yourself. It details the fixes step by step so that anyone can apply the fixes. We have even written our own WordPress Security Plugins to fix the main issues we always find.

Our Guarantee

If we don't find anything to fix we'll refund 50% of your payment. We're that confident we'll find faults in almost every wordpress site that we look at (that's from experience!).

Secure Your Reputation Today

A hacked website doesn't just lose data; it loses customer trust and SEO rankings. Don't wait for a "Site Ahead Contains Malware" warning from Google.