Triagis® Security Evaluation is a simple lite-weight plugin to analyze your current WordPress installation, server for security vulnerabilities.
WordPress can be easily secured by following a few best security practices. We check your server and WordPress installation for common security vulnerabilities, which you can then address right on the plugin page itself!
A default WordPress installation will expose your version. Hackers scan sites for exploits and always look for older versions that are still vulnerable. Use our suggestion to remove it
Most WordPress installations get hacked due to insecure folder permissions. World-writable (777) permissions invite other users to upload files to your server, making it highly vulnerable.
Most WordPress installations use a folder called wp-content and a subdirectory "uploads". If you want to make it a little more difficult for possible automated attacks to succeed you might want to consider changing your wp-content directory name. With our plugin you can do that with a few clicks. NOTE: This is intended for development environments and not production sites. We do not recommend to try this on your live sites.
On all servers that host WordPress sites you will have automated scans for a file called timthumb.php or a variation of other names that are targeting exactly this file. Why? Because timthumb.php is very easy to exploit if you set the wrong file and folder permissions. If your server is mis-configured, timthumb.php poses a significant threat to your site and server. That's why we recommend that beginners try to locate plugins that make use of this script and try to find alternatives. An alternative approach is to move the timthumb.php outside the public folders.
Planned for future versions is a dashboard widget with important information at a glance and additional security checks
Add improved way to check for TimThumb
For more info, check out the following articles and videos: