Main Support

What is included in the Vulnerability Scan?

The goal of website security is to minimize the risk of intrusion and attack. While a "zero-risk" website does not exist on the internet, identifying and minimizing risk should be the bedrock of your security policies and practices. 

The Vulnerability Scan in Watchful is an on-demand tool that performs 6 types of audits related to the security of your site. Thus, this tool will help you assess risk, and give you advice on mitigating the risk factors it identifies. 

Results from each vulnerability scan are stored and can be reviewed and repeated as needed. This lets you monitor your risk factors over time. Below we will dig into the details of each of the following tools:

  • Configuration audit - a website best practices scan for WordPress & Joomla
  • Core Integrity audit - a filesystem integrity scan for core files
  • Permissions audit - file & folder permissions scan
  • Signature Scan - deep, server-side scan of the entire the filesystem for common malware signatures
  • Malware scanner - frontend scan for common malwares
  • Blacklist scanner - checking if domains are blacklisted

Configuration audit/best practices

This audit checks for many of the well-known best-practices for PHP-based content management systems such as WordPress and Joomla. Below is a sample result of this audit. If a problem is detected with the website configuration or server, information on how to fix the issue is displayed.

sample cms configuration server details

 Best practices

Below you'll find the full list of best-practices for both Joomla and WordPress included in this audit. 

checkmark

Security best practiceWordPressJoomla
Disable Debug Notices / Debug Mode checkmark checkmark
Use Strong Database Passwords checkmark checkmark
Configure robots.txt for search engine indexing checkmark checkmark
Check for known admin username exists. checkmark checkmark
Check for .HTACCESS or web.config file. checkmark checkmark
Check for known database table prefix checkmark checkmark
Remove additional CMS installations checkmark checkmark
Check for FTP credentials in config file N/A checkmark
Check for Session Length over 15 minutes N/A checkmark
Disable Open Comments in the K2 component N/A checkmark
Enable Search Engine Friendly URLs x checkmark
Disable Error reporting x checkmark
Disable Magic quotes x checkmark
Enable mod_zlib x checkmark
Enable mod_xml x checkmark
Disable Register Globals x checkmark
Remove Akeeba Kickstart x checkmark
Limit maximum execution time of php x checkmark
Remove installation directory x checkmark
Check for strong Admin Passwords x checkmark
Enable GZIP page compression x checkmark
Enable caching x checkmark
Check for changes to configuration file x checkmark
Disable Guest registration x checkmark
Remove debug log file checkmark x
Disable browsing of uploads folder checkmark x
Remove deactivated plugins checkmark x
Remove deactivated themes checkmark x
Remove default readme.html checkmark x
Use secure permission on configuration file checkmark x
Apply any theme updates checkmark x
Limit information displayed on failed login attempts checkmark x
Disable database debug mode is enabled checkmark N/A
Remove PHP version info from headers checkmark N/A
Remove WordPress version from meta tags checkmark N/A
Check security keys and salts checkmark N/A

Core Integrity audit

This audit checks if any of the files distributed in the core WordPress or Joomla packages have been modified or are missing. As shown below, the path to any missing or modified files is shown so it can be replaced with an original copy.

sample core filesystem integrity

Permissions audit

For most PHP-based CMS like WordPress and Joomla, files and folders should be set to specific permissions that allow for a combination of public accessibility on the web with editing restricted to users with appropriate privileges. System administrators refer to these permissions with the following codes:

  • 0644 — permissions for individual files
  • 0755 — permissions for folders

The File & Folder Permissions audit checks every file and folder in your WordPress or Joomla installation to make sure the permissions match this list. Any files or folders with permissions that do not match are flagged and listed in the audit results.

The preview below shows the result when file and folder permissions are set properly. 

sample file folder permissions

Signature scan

The Signature Scan is a deep, inside-out scan that looks for common malware signatures and suspicious code. If any suspicious code is found, the files and suspicious pattern will be displayed as shown in the sample below.

Note: False-positives are common with signature scanners. Please check with the relevant software vendor if you have any questions about suspicious files identified by the malware scan.

sample malware scanner

Malware scan

The Malware scan is scans the frontend of your website for common malwares, malicious javascript, blackhat SEO and more. In general, the following items are scanned:

  • Website malware
  • Injected spam
  • Website defacements
  • Internal server errors

Here is a preview of the results:

vulnerability scan malware results

Blacklist scan

The Blacklist scan will check to see if any of your sites are blacklisted and thus marked unsafe. Blacklisted sites are very problematic for site owners and should be avoided at all costs.  

The following blacklist services are checked by Watchful: 

  • Google Safe Browsing
  • McAfee
  • Sucuri Labs
  • ESET
  • PhishTank
  • Yandex
  • Opera

Scan Retention Times

Results from vulnerability scans are saved for different lengths of time depending on the type of plan:

  • Free plan - 7 days
  • Legacy plan - 30 days
  • Premium plan - 90 days