This analysis checks your WordPress security from the outside, without needing server access or installing any plugin. It simulates what an attacker can discover about your site using the same techniques that automated scanners use.

It evaluates 6 categories with over 30 checks: SSL certificate, mixed content and HTTPS; HTTP security headers; WordPress information exposure (version, users, default files, visible plugins, suspicious scripts, robots.txt directives); login and access protection; exposed sensitive files (backups, debug.log, .env, .git, wp-cron.php); and domain reputation across blacklists (Spamhaus, Barracuda, SpamCop, SURBL).

The score is out of 100 points with a grade from A+ to F. Each detected issue includes a specific recommendation to fix it, and it shows which ones can be directly resolved by the Vigilant plugin.