[ad_1] We all know that website security is super important. Yet, Sucuri Website Hacked 2018 Report showed that 90% of the websites they scanned were infected with one or more vulnerabilities. While the WordPress core team is working tirelessly to make WordPress websites more secure, you too need to take some actions to reinforce your website’s security. In this article, I will review WPSec and will share how it can help you secure your WordPress website from thousands of vulnerabilities. WPSec Review WPSec uses deep scan technology based on WPScan to check WordPress websites for potential vulnerabilities. In addition, the service tracks and updates its database with the latest bugs and security features to make the website vulnerability scanner more robust. You don’t have to be a cybersecurity expert to use WPSec. It comes with an easy-to-use dashboard that makes running regular scans really easy. We’ll take a closer look at the dashboard later in this review. Why Secure Your WordPress Website? It does not matter if you are running an eCommerce store or a personal blog; a hacked website can cause severe damage to your business revenue and reputation. This is because hackers can use your data and confidential information like emails and passwords. On top of that, they can even install malware that can further harm your website visitors or users. In worst-case scenarios, you might end up paying ransomware to hackers just to regain access to your website. If your website does not meet the minimum security requirements, Google can even blacklist your website to protect visitors from losing their data. So to make sure Google does not end up penalizing you and your website functions appropriately, you need to pay attention to the security and protection of your users. WPSec Features Although WPSec is not a WordPress plugin, it offers many features with its vulnerability scanner to protect your website from attackers with malicious intent. Deep Scan Technology The service uses an advanced vulnerability scanner based on WPScan and their custom mechanism to check WordPress websites for any vulnerabilities. They have an extensive database of 22,000+ known vulnerabilities for WordPress websites, and more discovered bugs and security features are added to this list frequently. All-in-one Dashboard If you are managing multiple websites, keeping track of all websites individually can be a real challenge. With WPSec’s all-in-one dashboard, you can keep an eye on all your websites from a single space. You just need to add the website once, and your website will automatically be scanned for vulnerabilities regularly. Article Continues Below Instant Scans Scanning websites for vulnerabilities on WPSec is pretty straightforward. You simply need to enter the website URL, and it will be scanned automatically. If you want, you can get access to the report for free on WPSec’s homepage. Automatic Scans Not just quick scans, if you want to check if your website is safe or not regularly, you can automate the scans, and all the websites in your accounts will get scanned based on the scan frequency you set. Push Notifications The service will tell you via emails and webhooks that you need to update your WordPress website. You do not even have to be logged in to receive push notifications. Advanced Reports Once you have scanned your website for possible vulnerabilities, you will get a report stating all the improvements. The reports are easy to understand and clearly mentions what is wrong and how you can fix the issue. No Load on Website Most website vulnerability testing tools are plugin-based, which requires them to be installed on the website to function. This can add unnecessary weight and slow down your websites. While the difference is not that huge, for high-traffic websites like eCommerce sites, even a 10-millisecond improvement can boost the conversion rate. Hands-On with WPSec In this section, I’ll give WPSec’s pro version a test run and will check out its various features. Let’s dive in! Since WPSec is not a WordPress plugin, you do not need to install it. With both free and premium versions, you get access to WPSec’s dashboard. For the premium version, the dashboard looks like this: A clean and minimal layout with important details about website security on the homepage along with a left navigation section allows you to open different tabs. Let’s check out each tab. Dashboard Here you get a quick overview of all your websites, such as secure and vulnerable websites, as well as total scans performed. You also get an onboarding tab that helps you with onboarding. The second tab shows collective data with a chart on how most websites are hacked. Lastly, you get a quick link to enable or manage push notifications. More on this later. Article Continues Below Manage Scans Manage scans tab shows the websites submitted to the scanning engine. You can even add more websites with the “Add WordPress Site +” button. For every website, you get information like name, URL, date added, last scan, status, and link to view the last report for every website. View Reports To check the security reports of your website scans, you need to check the View Reports tab. You will find a list of all reports in chronological order. If you want to see the report for a specific scan, just click on the version — Web, PDF, JSON. Schedule As the name says, this tab helps you set the scan schedule for your websites. You can select between daily, weekly, or monthly scan cycles. Status In the status tab, you can get information about the checks and backend uptime. In addition, all new vulnerabilities added and bugs addressed gets added here. API Most probably, you wouldn’t be visiting this tab that often, but if you want to receive notifications about your websites’ security problems, you can set them up here. You can directly integrate them yourself, or you can use apps like Zapier or Slack to receive the JSON webhooks. Adding a New Website for Scheduled Scans Adding
Continue reading