Gravityscan, keeping WordPress sites safe

If your website, in common with roughly 25% of all websites, is running WordPress then it’s pretty much certain that it’s being constantly attacked. WordPress is to hackers what raw meat is to jackals because unless sites are assiduously maintained, they quickly become vulnerable to a huge number of exploits.

The root cause of this vulnerability is WordPress’ ecosystem of complex core software augmented by thousands of third party developers whose themes and plugins are often buggy and not quickly (or often, never) updated to fend off known security problems. Add to that many site owners being slow to update their core WordPress installation and you have an enormous and easily discovered collection of irresistible hacking targets.

One of my favorite defenses against WordPress hackers is an excellent plugin called Wordfence which I covered back in 2015 in Wordfence plugin secures WordPress sites; solves job from hell. Since then Wordfence has become even more sophisticated and effective and, in fact, it’s so good that I’d say it’s essential to maintaining the security of any WordPress installation. Moreover, given that there’s a free version and the premium version is priced starts at a very reasonable $99 per year per site, it’s hard to imagine why any WordPress site owner wouldn’t use it.

So, the Wordfence people haven’t been idle over the last couple of years and a week ago the company launched a new Web-based service, Gravityscan, which delivers vulnerability and malware scanning not just for WordPress sites but also for Magento, Joomla, Drupal, and vBulletin installations. The service automatically discovers what’s running on your site then checks for plugins and extensions and evaluates potential security issues. The press release also explains: