🔍 Google Blacklisting & Public Site Reputation

What exactly are we checking?

We scan your public-facing domain(s) against trusted security reputation databases, including:

• Google Safe Browsing
  
• VirusTotal
  

We also validate DNS records for inconsistencies that may indicate hijacking, parking, or redirection to malicious infrastructure.

Why this matters to your business:

If your site is flagged as unsafe—even incorrectly—modern browsers will display alarming red warnings to your users. This often happens silently, without alerting the website owner.

A blacklisting can result from:

• Malware or phishing payloads injected via outdated plugins
  
• Poorly secured third-party scripts
  
• Compromised subdomains
  
• Inherited hosting or DNS misconfigurations
  

The risk?

Loss of organic traffic, SEO rankings, and most importantly, user trust.

Even partners and advertisers may pull away from sites that show malware or phishing warnings.

Real Impact Example:

A client approached after a steep drop in organic traffic. It was found that their site had been flagged on Google Safe Browsing due to a malicious script in a forgotten plugin directory. Resolving the issue and re-submitting to Google restored traffic and reputation—but only after measurable business loss.

From The SEOSLY Blog:

"Your task, as a website owner or an SEO, is to make sure that your website is safe for its users and does not contain malware... If that happens, your website will become invisible for most internet users."

👉 Read More

🧱 Plugins, CMS, WordPress & Framework Checks

What exactly are we checking?

We identify your website’s underlying technologies and architecture, including:

• CMS platforms (e.g., WordPress, Joomla, Drupal)
  
• Frameworks and back-end languages (e.g., Laravel, Django, Node.js)
  
• Installed plugins, themes, and modules
  
• Version fingerprints for core components
  
• Known vulnerabilities (CVEs) based on version data
  

We flag:

• Outdated plugins or themes
  
• Abandoned extensions
  
• Known exploits publicly listed but unpatched
  

Why this matters to your business:

Your CMS and plugins form the foundation of your website—and are among the most targeted elements by attackers.

If a plugin or component hasn’t been updated recently, it may contain known vulnerabilities that allow attackers to:

• Gain unauthorised admin access
  
• Deface your site or redirect users to malicious domains
  
• Inject malware, cryptominers, or phishing kits
  
• Exfiltrate customer data or internal content
  

These attacks are often automated, meaning you can be targeted just for being online with vulnerable software.

Real Impact Example:

During a Full Scan, we discovered a client using an outdated WordPress contact form plugin that had a public remote code execution (RCE) exploit. An attacker could have executed malicious code on the server—an issue that would’ve gone undetected without scanning the stack.

From the SiteLock Blog:

"Hackers don’t need to discover new vulnerabilities themselves—they simply exploit publicly disclosed flaws in outdated plugins... It’s only a matter of time before malicious actors take advantage."

👉 Read More

🔓 Open Ports & Exposed Services

What exactly are we checking?

We scan your domain and connected infrastructure for open ports and services, including:

• HTTP(S), FTP, SSH, SMTP, POP3, MySQL, RDP, and more
• Misconfigured or outdated services running publicly
• Remote desktop or admin interfaces exposed to the internet
• Unintended third-party tools like test environments or staging servers

We assess both expected and unexpected exposures and identify:

• Unsecured admin panels
• Public access to internal dashboards
• Forgotten tools or services left running
• Weak service banners that reveal software versions

Why this matters to your business:

Open ports are like unlocked doors on your network.

While some are necessary, others—when left exposed or misconfigured—invite brute-force attempts, bot scans, and exploit kits.

Cybercriminals use automated tools to continuously scan IPs for these vulnerabilities. If they find:

• An exposed database? They’ll try default credentials.
• A misconfigured SSH port? They’ll brute-force logins.
• An open file server? They’ll crawl it for sensitive data.
  

Even if these services aren’t actively used by your team, if they’re online, they can be targeted.

From the Bitsight Blog:

"Open ports are the building block of internet communication and in themselves are not a security risk. However, hackers can use vulnerable, unpatched, misconfigured, or infected underlying services in conjunction with open ports to move laterally across the network and gain access to sensitive data. For example, the notorious WannaCry ransomware attack spread through ports that were mistakenly left open."

👉 Read More

🧠 Code & Security Headers

What exactly are we checking?

We analyse your website’s HTTP response headers and underlying codebase to ensure it follows modern security best practices. This includes:

Presence of essential HTTP security headers:

• Content-Security-Policy (CSP)
• HTTP Strict Transport Security (HSTS)
• X-Content-Type-Options
• X-Frame-Options
• X-XSS-Protection

As well as:

• Detection of insecure or missing configurations
• Identification of visible server technologies via response headers
• Inspection for sensitive debug or error outputs

Our tools highlight gaps that could allow attackers to manipulate your site’s content, hijack sessions, or extract information via the browser.

Why this matters to your business:

Security headers are your browser’s frontline defence — they control how your site is loaded and displayed. Without them, even safe-looking pages can be vulnerable to:

• Cross-Site Scripting (XSS) - Injected scripts that steal login sessions
• Clickjacking - Tricking users into clicking hidden or disguised elements
• MIME-type sniffing - Letting browsers misinterpret file types, leading to downloads of malicious code
• Session hijacking - Stealing authentication tokens

Headers also reduce the risk of sensitive information being leaked through server responses, which attackers use to fingerprint and plan targeted attacks.

From the Loginradius Blog

"As you know, nowadays too many data breaches are happening, many websites are hacked due to misconfiguration or lack of protection. These security headers will protect your website from some common attacks like XSS, code injection, clickjacking, etc. Additionally these headers increases your website SEO score."

👉 Read More

🌐 WHOIS / DNS / SPF / DMARC Checks

What exactly are we checking?

We perform a detailed scan of your domain configuration and public records to verify:

• WHOIS records: Ownership details, registrar info, privacy settings
• DNS settings: A, MX, CNAME, TXT, and NS records
• SPF (Sender Policy Framework): Prevents spoofed emails pretending to be from your domain
• DKIM (DomainKeys Identified Mail): Ensures email integrity and authenticity
• DMARC (Domain-based Message Authentication, Reporting & Conformance): Tells mail servers how to handle failed SPF/DKIM checks
• DNSSEC (Domain Name System Security Extensions): Protects against DNS hijacking or manipulation
  

We also check for common issues like:

• Missing or overly permissive SPF records (e.g. v=spf1 +all)
• No DMARC policy (or weak enforcement)
• DKIM keys that are too short or improperly implemented
• MX records pointing to outdated or unused servers
  

Why this matters to your business:

If your DNS settings aren’t properly configured, attackers can impersonate your business via email, hijack domain traffic, or intercept sensitive communications.

Without SPF/DKIM/DMARC, your emails are far more likely to:

• Be spoofed by phishing actors
• Get flagged or quarantined by spam filters
• Never reach your customers or partners
  

And outdated WHOIS or DNS data leaves the door open for:

• Domain hijacking
• Reputation loss
• Failed domain renewals or legal disputes
  

Real Impact Example:

A law firm unknowingly had no DMARC record and an SPF policy allowing any server to send on their behalf. Their domain was used in a phishing campaign that targeted their own clients. Fixing it took minutes—but the reputational damage lasted months.

From the CloudFlare Blog:

"SPF, DKIM, and DMARC help authenticate email senders by verifying that the emails came from the domain that they claim to be from. These three authentication methods are important for preventing spam, phishing attacks, and other email security risks."

👉 Read More

🕵️ Credential Exposure

What exactly are we checking

We investigate whether your business or team credentials have appeared in known data breaches or are unintentionally exposed via:

• Public breach dumps (via Have I Been Pwned API & other dark web sources)
• Common credential leak repositories
• Email/password combinations associated with your domain
• Team member names, login portals, or roles visible on public pages (About, Contact, Careers, etc.)
• Exposed test accounts or default admin usernames (e.g. admin, test, user)
  

We also review how your login forms and employee contact pages are structured, to determine:

• If attackers can easily map your team & attempt targeted attacks (spear phishing)
• If login portals expose usernames on error (e.g. “incorrect password” vs. “incorrect username or password”)
• Whether your business domain is actively listed in any breach-as-a-service forums
  
  

Why this matters to your business:

Credential leaks are often silent threats. If just one employee reuses a breached password—or if attackers can guess login names based on public staff pages—they can:

• Gain admin access through brute-force or credential stuffing
• Send fraudulent emails that appear legitimate (e.g. CFO asking for a payment)
• Access cloud storage, email inboxes, or internal systems
• Escalate to full account takeover or ransomware
  

Even a single leaked credential reused across services can lead to catastrophic outcomes if not caught early.

Real Impact Example:

A small ecommerce store had their site admin’s credentials compromised in a previous unrelated breach. The attacker reused the leaked email/password combo and gained backdoor access, silently injecting card skimmers into the checkout page.

From the CloudSecurityAllianceBlog:

“Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for account takeover attacks, exposing organizations to breaches, ransomware, and data theft.”

👉 Read More