Run a FREE
WordPress or Joomla
Security Audit
Add your WordPress or Joomla site and get instant results. Our automated audit scans every single file in your webspace to find hacks, malware, and security issues. No waiting, no phone calls.
Three steps to a healthier site
Connect your site
Install our lightweight connector plugin on your WordPress or Joomla site. It takes about two minutes and requires no technical knowledge.
We audit every file
Our engine takes a complete snapshot of your webspace and checks every file against our threat database.
Explore with 60+ tools
Dig into your results with 60+ diagnostic tools built specifically for WordPress and Joomla sites.
What the audit finds
We don't just check your homepage for warnings. Here's what we look for across every file in your webspace.
Malware & Backdoors
Known malicious code injections, webshells, file uploaders, and obfuscated PHP backdoors that attackers leave behind to maintain access to your site.
Read more →Suspect Content Patterns
Hidden links, SEO spam, pharma hacks, Japanese keyword attacks, and other content injections that damage your reputation and search rankings.
Read more →Outdated & Vulnerable Software
WordPress core, Joomla, plugins, themes, and extensions running versions with known CVEs. This is how most sites get hacked.
Read more →File Integrity Issues
Modified core files, unexpected files in system directories, orphaned files from old plugins, and files that should not exist in a healthy installation.
Read more →Configuration Problems
Insecure file permissions, debug mode left enabled, exposed configuration files, and server settings that leave your site open to attack.
Read more →A real scan, not a surface check
Most "free security scanners" visit your homepage and check for obvious warnings. That catches maybe 5% of real threats. The other 95% are buried in files your visitors never see — deactivated plugins, uploaded scripts, modified core files, and backdoors sitting quietly in your /wp-content/ or /components/ directories.
Our audit connects directly to your server through a lightweight plugin and takes a full snapshot of every file in your webspace. Each file is analysed against our threat database, which has been refined over 12 years and more than a million audits.
- File-level scanning of your entire webspace, not just public pages
- Signature matching against known malware families and attack patterns
- Heuristic analysis to detect obfuscated code and zero-day threats
- WordPress and Joomla-aware: knows what files should and shouldn't exist
- Results delivered through an interactive dashboard, not a static report
See more screenshots →
Built for people who manage websites
Whether you look after one site or hundreds, the audit shows you exactly what state things are in.
Agencies
You manage dozens or hundreds of client sites. A hack on one site can spread across your portfolio. The audit gives you a security baseline for every site, and the dashboard lets your whole team monitor everything from one place.
Freelancers
You handle everything yourself — design, development, hosting, and security. The audit handles the security part so you can focus on the work that actually pays. Run it on a new client's site before you take over and know exactly what you're inheriting.
Site Owners
You run your own WordPress or Joomla site and want to make sure it's clean. Maybe your host flagged something suspicious, or your Google rankings dropped suddenly. The audit tells you exactly what's wrong and where to find it.
The audit is just the starting point
Most security tools hand you a report and leave you to figure out the rest. We give you the tools to actually fix what's wrong. After your audit completes, you get full access to the same dashboard agencies use to manage hundreds of sites.
From that dashboard you can apply updates across every site at once, schedule automated backups, set up real-time alerts for file changes and suspicious logins, and generate branded reports for your clients. If something goes wrong at 3am, you'll know about it before your client does.
Bulk updates
Update WordPress core, Joomla, plugins, and themes across all your sites in one go. No more logging into each site individually.
Real-time alerts
Get notified the moment a file changes, an admin logs in, or a plugin gets deactivated. You set the rules, we watch the sites.
Scheduled backups
Automated backup routines via Akeeba Backup and All-In-One Migration. If a backup fails, you get an alert straight away.
Client reports
White-label activity reports showing what you did, when, and why. Send them to clients automatically or download as HTML.
What our users say
Common questions about the free audit
What does the free site audit check?
How is this different from a website security scanner?
Do I need a credit card to run the audit?
How long does the audit take?
Does it work with WordPress and Joomla?
What happens after the audit?
Will the audit slow down my website?
How many audits has mySites.guru completed?
Find out what's hiding in your site
Over a million audits completed since 2012. Yours takes about two minutes to set up, and it's completely free.
Add Your Site for Free →