Test 1 – WordPress version
Bad: Your WordPress Version is out of date.
Keeping the WordPress core up to date is one of the most important aspects of keeping your site secure. If vulnerabilities are discovered in WordPress and a new version is released to address the issue, the information required to exploit the vulnerability is almost certainly in the public domain. This makes old versions more open to attacks
Test 2 – WordPress configuration
Bad: Your WordPress configuration file is accessible from the Internet.
Keeping the website wp-config file hidden from outside of your network makes it harder for hackers to compromise your database.
Test 3 – Username still admin
Good: The WordPress default username of ADMIN has been changed.
It’s important to change the WordPress username from its default setting of Admin. Leaving it as Admin means that potential hackers have only to guess the password.
Test 4 – Installation file still exists.
Bad: The WordPress install file is still in its default location.
There have been several cases where attackers have used the install file to create access to the database. Its important to remove or move this file.
Test 5 – Upgrade script still exists
Bad: The WordPress upgrade file is accessible from outside.
There have been several cases where attackers have used the Upgrade file to create access to the database. Its important to remove or move this file.
Test 6 – Readme file still exists
Bad: The WordPress Readme file is accessible from the Internet.
The readme.html file reveals to a potential attacker the exact version name of WordPress you are using. This means it would be easy for them to identify weaknesses in your version and use them to compromise your website.
Test 7 – Uploads directory exists
Bad: The WordPress uploads folder is readable from the Internet.
The Uploads folder contains images and files that are maintained using the media section within WordPress. Leaving this open to the outside means that attackers could steal access to hidden files. This would also be a copyright risk.
Test 8 – Malware check
Good: This site is considered safe by Google.
Google maintains a directory of sites that may have been hacked or compromised and are hosting malware or dangerous code used in phishing attacks. Its important to ensure that your site is listed as safe, or it may be removed from Google’s search engine.