Run a FREE
WordPress or Joomla
Security Audit
Add your WordPress or Joomla site and get instant results. Our automated audit scans every single file in your webspace to find hacks, malware, and security issues. No waiting, no phone calls.
Three steps to a healthier site
Connect your site
Install our lightweight connector plugin on your WordPress or Joomla site. It takes about two minutes and requires no technical knowledge.
We audit every file
Our engine takes a complete snapshot of your webspace and checks every file against our threat database.
Explore with 60+ tools
Dig into your results with 60+ diagnostic tools built specifically for WordPress and Joomla sites.
What the audit finds
We don't just check your homepage for warnings. The audit inspects every file in your webspace.
Malware & Backdoors
Known malicious code injections, webshells, file uploaders, and obfuscated PHP backdoors that attackers leave behind to maintain access to your site.
Read more →Suspect Content Patterns
Hidden links, SEO spam, pharma hacks, Japanese keyword attacks, and other content injections that damage your reputation and search rankings.
Read more →Outdated & Vulnerable Software
WordPress core, Joomla, plugins, themes, and extensions running versions with known CVEs. This is how most sites get hacked.
Read more →File Integrity Issues
Modified core files, unexpected files in system directories, orphaned files from old plugins, and files that should not exist in a healthy installation.
Read more →Configuration Problems
Insecure file permissions, debug mode left enabled, exposed configuration files, and server settings that leave your site open to attack.
Read more →A real scan, not a surface check
Most "free security scanners" visit your homepage and check for obvious warnings. That catches maybe 5% of real threats. The other 95% are buried in files your visitors never see - deactivated plugins, uploaded scripts, modified core files, and backdoors sitting quietly in your /wp-content/ or /components/ directories.
Our audit connects directly to your server through a lightweight plugin and takes a full snapshot of every file in your webspace. Each file is analysed against our threat database, which has been refined over 12 years and more than a million audits.
- File-level scanning of your entire webspace, not just public pages
- Signature matching against known malware families and attack patterns
- Heuristic analysis to detect obfuscated code and zero-day threats
- WordPress and Joomla-aware: knows what files should and shouldn't exist
- Results delivered through an interactive dashboard, not a static report
See more screenshots →
Built for people who manage websites
One site or hundreds - the audit shows you exactly what state things are in.
Agencies
You manage dozens or hundreds of client sites. A hack on one site can spread across your portfolio. The audit gives you a security baseline for every site, and the dashboard lets your whole team monitor everything from one place.
Freelancers
You handle everything yourself - design, development, hosting, and security. The audit handles the security part so you can focus on the work that actually pays. Run it on a new client's site before you take over and know exactly what you're inheriting.
Site Owners
You run your own WordPress or Joomla site and want to make sure it's clean. Maybe your host flagged something suspicious, or your Google rankings dropped suddenly. The audit tells you exactly what's wrong and where to find it.
The audit is just the starting point
Most security tools hand you a report and leave you to figure out the rest. We give you the tools to actually fix what's wrong. After your audit completes, you get full access to the same dashboard agencies use to manage hundreds of sites.
From that dashboard you can apply updates across every site at once, schedule automated backups, set up real-time alerts for file changes and suspicious logins, and generate branded reports for your clients. If something goes wrong at 3am, you'll know about it before your client does.
Bulk updates
Update WordPress core, Joomla, plugins, and themes across all your sites in one go. No more logging into each site individually.
Real-time alerts
Get notified the moment a file changes, an admin logs in, or a plugin gets deactivated. You set the rules, we watch the sites.
Scheduled backups
Automated backup routines via Akeeba Backup and All-In-One Migration. If a backup fails, you get an alert straight away.
Client reports
White-label activity reports showing what you did, when, and why. Send them to clients automatically or download as HTML.
What our users say
Thank you so much for your fantastic tool. Without it, I would never have noticed the installation of the backdoor plugins so quickly, and the cleanup work is so much more efficient. Best regards. Doris
Read more reviews
I am not a developer nor web designer, I am purely self taught and have many gaps in my knowledge specifically on how to keep sites secure. mySites.guru has allowed me to not only secure my 7 sites and feel confident from potentially hacks but also illustrated areas I was completely unaware of. The ease of use is second to none and the cost is so insignificant to the peace of mind I now have. Could not recommend highly enough.
Read more reviews
So far moving from WP Umbrella to mySites.guru has been a very positive move . We have so much more control over each site, particularly the security, which was often lacking in WP Umbrella. The backup integration [That WP Umbrella has] was a big missing feature with mySites.guru , but as 99% of our sites are backed up from the server side, this wasn't really an issue. Phil has been incredibly responsive. When I asked if the feature to hide the mySites.guru plugin was available, he implemented it before we signed up . He then adjusted the one-click login to work with the 2fa plugin we use at our agency . I love how proactive the tool and developer are . My only complaint is that we need a short name as typing mySites.guru is tedious 😄
Read more reviewsCommon questions about the free audit
What does the free site audit check?
How is this different from a website security scanner?
Do I need a credit card to run the audit?
How long does the audit take?
Does it work with WordPress and Joomla?
What happens after the audit?
Will the audit slow down my website?
How many audits has mySites.guru completed?
Find out what's hiding in your site
Over a million audits completed since 2012. Yours takes about two minutes to set up, and it's completely free.
Add Your Site for Free →