I recently used a couple of online website security tools that are worth looking at if you have a small business website.
Both tools provide a high level summary the anyone can understand – “high risk”, “medium risk” and “low risk”. However, understanding the specifics behind the risks will require an IT professional – as such, if you are interested in securing your website, I recommend you ask your IT professional to use these tools (after all, the tools are free) – and if your IT professional cannot explain the results, get a new IT professional!
Sucuri checks a site for viruses on your website and potential vulnerabilities created from out of date software.
The test has to be manually run, and is as simple as putting your website address into their online tool at https://sitecheck.sucuri.net.
To get automated regular tests a paid plan is required, starting at $16.99 per month for scanning every 12 hours.
As you can see from the below test results, Securi provides something called a website firewall that is used to protect against certain types of external attacks – for example, traffic that is obviously attempting to compromise your website will automatically be blocked – this isn’t something the average small business will need, but if your website is being overloaded with malicious traffic, it will prove invaluable.
ScanMyServer is by far the most comprehensive free vulnerability scanner I have come across.
To use the setup you, or your trusted IT professional, will need to add some code to your website.
ScanMyServer will then do a daily check for free. Have a read of their FAQ for more details.
The below test results show the extent of the testing performed – as you can see, I have no “high” issues. “low issues” can be comfortably ignored. “medium issues” may need action, and this is where you need an IT professional to interpret if action is actually required.
It is important to note, that often vulnerabilities can be introduced due to installing a plugin, as an example, have a read of this. As such, a vulnerability check should always be part of a post plugin instal evaluation.