So what exactly is Penetration Testing?


The deeper you get into web site security the more complicated it gets. Penetration testing is the skill of attacking a web site, system or network to identify vulnerabilities that might be exploited to gain access to the web site, its contents and to even access other web sites hosted on the same server.


In simple terms, we become the hacker in order to protect your web site.


Penetration testing typically is either performed with full knowledge of the system (‘white box’), to allow finding as many vulnerabilities as possible, or by simulating a real attack without any knowledge of the system (‘black box’).


Why do it?


So why should you get your web site tested regularly? If you have a simple blog site, with some holiday snaps on it, I doubt I would worry too much either. But if you are running a popular ecommerce or business-critical site that is hacked then not only will there be the inconvenience of downtime for an indetermintate time but under the revised GDPR regulations you may have to report data loss.


Its not a one time tick box exercise either. Regular penetration testing has key benefits:



Recommended Penetration Testing


To start with you can help yourself by keeping your WordPress site updated including the WordPress core, themes and plugins.

Ensure your passwords are sufficiently complex.

Ensure your site is backed up regulary.


For peace of mind we offer the following testing plans. The prices shown are indicative and will vary depending upon your particular environment.


Why not just use a free scanning website?


There are a few sites offering free Wordpress scans, albeit for a limited time, that are great for scanning Wordpress sites. While these can reveal vulnerabilities with your Wordpress theme or plugin they stop there. If you keep your core Wordpress, Themes and Plugins upto date the risk is already reduced and a free scan will probably just confirm as much. That's great for peace of mind. However Wordpress is only a small part of the web site hosting environment and a Wordpress scan is omly the tip of the iceberg.


We take it further and test the web hosting stack includkng the Webserver settings, MySQL/SQL injection, PHP, Crossite Scripting, session hijacking and more. A hacker will not stop at Wordpress, they go way deeper looking for the tiniest of cracks and that's all they need.