Show HN: Vulnerability scans for WordPress. No installation or code required. (opens in new tab)

Would cool to have some kind of free trial. Even if it did something like:

  6 vulnerabilities found

  Wordpress Core vX.x:
   1. CVS0001 - click here to resolve
   2. CVS0002 - click here to resolve
   3. CVS0003 - sign up to resolve

  Wordpress Plugins:
  - W3 Cache vX.x
    1. CVS0004 - click here to resolve

  - Jetpack vX.x
    1. CVS0005 - click here to resolve
    2. CVS0006 - sign up to resolve
 
  - ...

You get two Wordpress core fixes and two plugin fixes for free. The rest you have to pay for.

It would be a good on-boarding process. It get to see that there are indeed vulnerabilities, and I get a few solutions provided for free, but to resolve the rest I need to sign up.

As someone with a single WordPress personal site the starter level is too expensive. Have you considered a per resolution fee? I.e. You find five vulnerabilities with my site. I pay $X.XX per fix?

Have you ever used McAfee Secure (formerly known as HackerSafe)? Security scanning service for websites, looks for 1000's of different vulnerabilities, rates by severity, provides a badge. It's actually quite extensive (and not cheap), but it would be worth researching and seeing what you can emulate.

Their reputation is such that the credit-card vendors trust their results for PCI compliance testing ... a major thing in e-commerce and online payment.

I believe a special filename & contents is required somewhere, to prove you do indeed own the site you're scanning.

Perhaps you're not interested in competing with them yet, but it's something to consider.

The fact that this is funded by Google bug bounties is really impressive.

I'll tell you right now, this is something we'd use. I manage a ton of WordPress sites, adn they are always getting hacked. Not root level server hacks, but annoying database link injections and redirects.

Some other really nasty attacks going on especially with the latest patch that fixed the XMLRPC hack which wrecked thousands of sites.

Would love to see more information on your site about what exactly it does, what access it needs (is it a plugin) and what actions can be taken both proactive and reactive.

Very useful and very cool!

Anyone else getting a request to connect with a client SSL certificate? I'm unsure why it's asking for it.

As a non-technical WP user with a couple of sites - this is great.

I could easily see people building there own business off of this service.

I will set up a test and see what the interest is in my local market.

There are so many angles to try.

Nice little marketing project for my evening hours.

Hi everyone, this is the MVP I have been working on. It's almost 5am in the UK right now and I just wanted to launch as soon as possible and stop procrastinating (and waiting for my A-level results). It's funded entirely by my Google bug bounties, so thank you Google. I have not done any design stuff for it yet -- the site is very bare bones but functional.

Current solutions to vulnerability scanning such as WPscan are good but not user-friendly -- which is what I believe what WordPress users want. I've already got my first 5 customers prior to launch that wanted this product which I think is a good start, hopefully there is a market for this stuff.

I would love to hear any sort of feedback.

I'd try this, but if I could sign up without entering credit card details.

Is there a mirror? Site seems down ...