WPSec Review: Comprehensive WordPress Vulnerability Website Scanner

We all know that website security is super important. Yet, Sucuri Website Hacked 2018 Report showed that 90% of the websites they scanned were infected with one or more vulnerabilities. While the WordPress core team is working tirelessly to make WordPress websites more secure, you too need to take some actions to reinforce your website’s security.

In this article, I will review WPSec and will share how it can help you secure your WordPress website from thousands of vulnerabilities.

WPSec Review

WPSec uses deep scan technology based on WPScan to check WordPress websites for potential vulnerabilities. In addition, the service tracks and updates its database with the latest bugs and security features to make the website vulnerability scanner more robust.

You don’t have to be a cybersecurity expert to use WPSec. It comes with an easy-to-use dashboard that makes running regular scans really easy. We’ll take a closer look at the dashboard later in this review.

Why Secure Your WordPress Website?

It does not matter if you are running an eCommerce store or a personal blog; a hacked website can cause severe damage to your business revenue and reputation. This is because hackers can use your data and confidential information like emails and passwords. On top of that, they can even install malware that can further harm your website visitors or users.

In worst-case scenarios, you might end up paying ransomware to hackers just to regain access to your website.

If your website does not meet the minimum security requirements, Google can even blacklist your website to protect visitors from losing their data. So to make sure Google does not end up penalizing you and your website functions appropriately, you need to pay attention to the security and protection of your users.

WPSec Features

Although WPSec is not a WordPress plugin, it offers many features with its vulnerability scanner to protect your website from attackers with malicious intent.

Deep Scan Technology

The service uses an advanced vulnerability scanner based on WPScan and their custom mechanism to check WordPress websites for any vulnerabilities. They have an extensive database of 22,000+ known vulnerabilities for WordPress websites, and more discovered bugs and security features are added to this list frequently.

All-in-one Dashboard

If you are managing multiple websites, keeping track of all websites individually can be a real challenge. With WPSec’s all-in-one dashboard, you can keep an eye on all your websites from a single space. You just need to add the website once, and your website will automatically be scanned for vulnerabilities regularly.

Instant Scans

Scanning websites for vulnerabilities on WPSec is pretty straightforward. You simply need to enter the website URL, and it will be scanned automatically. If you want, you can get access to the report for free on WPSec’s homepage.

Automatic Scans

Not just quick scans, if you want to check if your website is safe or not regularly, you can automate the scans, and all the websites in your accounts will get scanned based on the scan frequency you set.

Push Notifications

The service will tell you via emails and webhooks that you need to update your WordPress website. You do not even have to be logged in to receive push notifications.

Advanced Reports

Once you have scanned your website for possible vulnerabilities, you will get a report stating all the improvements. The reports are easy to understand and clearly mentions what is wrong and how you can fix the issue.

No Load on Website

Most website vulnerability testing tools are plugin-based, which requires them to be installed on the website to function. This can add unnecessary weight and slow down your websites. While the difference is not that huge, for high-traffic websites like eCommerce sites, even a 10-millisecond improvement can boost the conversion rate.

Hands-On with WPSec

In this section, I’ll give WPSec’s pro version a test run and will check out its various features. Let’s dive in!

Since WPSec is not a WordPress plugin, you do not need to install it. With both free and premium versions, you get access to WPSec’s dashboard.

For the premium version, the dashboard looks like this:

A clean and minimal layout with important details about website security on the homepage along with a left navigation section allows you to open different tabs. Let’s check out each tab.

Dashboard

Here you get a quick overview of all your websites, such as secure and vulnerable websites, as well as total scans performed. You also get an onboarding tab that helps you with onboarding. The second tab shows collective data with a chart on how most websites are hacked. Lastly, you get a quick link to enable or manage push notifications. More on this later.

Manage Scans

Manage scans tab shows the websites submitted to the scanning engine. You can even add more websites with the “Add WordPress Site +” button. For every website, you get information like name, URL, date added, last scan, status, and link to view the last report for every website.

View Reports

To check the security reports of your website scans, you need to check the View Reports tab. You will find a list of all reports in chronological order. If you want to see the report for a specific scan, just click on the version — Web, PDF, JSON.

Schedule

As the name says, this tab helps you set the scan schedule for your websites. You can select between daily, weekly, or monthly scan cycles.

Status

In the status tab, you can get information about the checks and backend uptime. In addition, all new vulnerabilities added and bugs addressed gets added here.

API

Most probably, you wouldn’t be visiting this tab that often, but if you want to receive notifications about your websites’ security problems, you can set them up here. You can directly integrate them yourself, or you can use apps like Zapier or Slack to receive the JSON webhooks.

Adding a New Website for Scheduled Scans

Adding a new website is pretty straightforward. Just head over to the Manage Scans tab and then click on the ‘Add WordPress Site +’ button. Give your website a name — this can be the domain name — and then enter the website URL. Next, agree to terms of use by clicking on the checkbox and click ‘Add Site To Scans’.

Your website is successfully added, and WPSec will start scanning the website based on the scan cycle you have selected. If you wish to change this cycle, you can do it from the schedule tab.

Pricing and Plans

WPSec’s plans are pretty straightforward, and in fact, it comes with a free version as well.

With the free version, you get one WordPress scan location, a limit of upto 20 scan reports, fully automated weekly scans, access to the WPSec dashboard, and reports along with monthly scans.

If you want to go for the premium version, you can get it for € 29 per month. For this price, you get full access, unlimited WordPress scan locations, unlimited scan reports, email notifications, automated weekly scans, advanced dashboard & reports, feature to integrate APIs — webhooks, and scans option for daily, weekly, and even monthly scans. If you go for the annual plan, it costs € 290 per year.

Regarding payment mode, you can pay with Stripe, PayPal, or even with any popular Cryptocurrency. This is relatively unique and deserves to be mentioned. Just thinking about protecting websites from hackers by paying in Dogecoin puts a smile on my face. :)

Final Takeaway

WPSec is based on the technology of WPScan with additional features. It is one of the most robust databases, which is manually curated for almost eight years and has a record of nearly 23 thousand vulnerabilities.

It is trusted by many popular services like Kinsta, Jetpack, and even Godaddy. WPSec makes this functionality easier to manage with its dashboard, which makes this tool perfect for non-developers.

If you are on the fence about signing up for the paid plan, give the free version a test run and check how your website does in their website scanning engine. You will get a good idea about how your website is doing and if it is hosting any vulnerabilities.

You can scan your website here: Scan with WPSec Free Scanner

If you are interested in purchasing the pro version, you can check out the pricing and plans here.

What security measures do you have in place to protect your websites from hackers and attackers? Do you use a similar service to WPScan or WPSec to learn about potential threats? Tell us in the comment section!