Reformed IT
01158 244 824Request a callback
Free tool

WordPress security audit.

WordPress is the most-attacked platform on the web, and most break-ins come through exposed logins, open XML-RPC and out-of-date plugins. Scan your site for the issues attackers look for first — we'll email you the full report.

Audit your site

Enter your site to scan it for common WordPress risks.

We check the public endpoints attackers probe first. You'll see a headline straight away; the full report — every issue and how to fix it — is emailed to a verified address on your domain.

The audit only checks the public, unauthenticated pages your site already serves to every visitor. It doesn’t log in, change anything, or store your results — the report goes only to a verified address on your domain.
Why it matters

The WordPress mistakes attackers count on.

Exposed usernames

WordPress will happily hand out your admin login names via the REST API and author pages — that's half of every login solved for the attacker.

Open XML-RPC

xmlrpc.php lets attackers test thousands of passwords in a single request and bounce DDoS traffic through your site. Most sites don't need it.

Out-of-date core & plugins

Outdated plugins are the single most common way WordPress sites are compromised. Each one is code on your site that has to be kept patched.

Common questions

Your WordPress audit, explained.
Start here

Let's talk.
We'll be straight.

Tell us a bit about your business and what's on your mind. We'll have a straight conversation about your IT — what you've got, what we'd do differently, and whether we're the right fit for each other.

  • A human picks up on the first call
  • No pitch deck — just a proper conversation
  • We'll tell you honestly if we're not the right fit
No spam. We use your details once.