Test 1 – WordPress version
Bad: Your WordPress Version is out of date.
Keeping the WordPress core up to date is one of the most important aspects of keeping your site secure. If vulnerabilities are discovered in WordPress and a new version is released to address the issue, the information required to exploit the vulnerability is almost certainly in the public domain. This makes old versions more open to attacks
Test 2 – WordPress configuration
Bad: Config file is viewable externally
Keeping the website wp-config file hidden from outside of your network makes it harder for hackers to compromise your database.
Test 3 – Username still admin
Bad: Username is set as admin
It’s important to change the WordPress username from its default setting of Admin. Leaving it as Admin means that potential hackers have only to guess the password.
Test 4 – Installation file still exists.
Bad: Install file is viewable externally
There have been several cases where attackers have used the install file to create access to the database. Its important to remove or move this file.
Test 5 – Upgrade script still exists
Bad: Upgrade file is viewable externally
There have been several cases where attackers have used the Upgrade file to create access to the database. Its important to remove or move this file.
Test 6 – Readme file still exists
Bad: Readme file is viewable externally
The readme.html file reveals to a potential attacker the exact version name of WordPress you are using. This means it would be easy for them to identify weaknesses in your version and use them to compromise your website.
Test 7 – Uploads directory exists
Bad: Uploads file is viewable externally
The Uploads folder contains images and files that are maintained using the media section within WordPress. Leaving this open to the outside means that attackers could steal access to hidden files. This would also be a copyright risk.
Test 8 – Malware check
Good: This site is considered safe by Google.
Google maintains a directory of sites that may have been hacked or compromised and are hosting malware or dangerous code used in phishing attacks. Its important to ensure that your site is listed as safe, or it may be removed from Google’s search engine.