What is a Website Hygiene Scan?
Most businesses are used to having regular website vulnerability scans performed, especially if that business happens to be a financial institution, but have you heard of a website hygiene scan? Most have not, and they really should!
A website hygiene scan is a routine security assessment that identifies vulnerabilities, malware, outdated software, and misconfigurations to protect a site from cyber threats. By simulating attacks, these scans help maintain security posture, ensuring user trust and compliance, often covering issues like broken links, weak encryption, and OWASP Top Ten risks, according to CISA.
What is a Website Vulnerability Scan?
A website vulnerability scan is an automated security process that crawls a website to identify potential weaknesses in its code, configuration, or application logic, such as SQL injection or cross-site scripting (XSS). These tools, often using techniques like DAST (Dynamic Application Security Testing), simulate attacks to detect vulnerabilities and help prevent data breaches, ensuring compliance with regulations like GDPR or PCI DSS, according to Pentest Tools.
And What is the Difference?
A website hygiene check and a vulnerability scan are both essential security measures, but they differ significantly in focus, depth, and purpose. In short, a website hygiene check is a broad, preventative “check-up” of general maintenance and security basics, while a vulnerability scan is a targeted, technical search for known, exploitable security flaws.
Website Hygiene Scan (Website Health Check)
Website hygiene focuses on the overall “wellness” and maintenance of your website. It is often broader than security alone, aiming to keep the site functioning properly and securely.
Goal: Maintain functionality, performance, and basic security best practices.
What it checks:
- Broken links and 404 errors: Finding dead ends.
- SSL Certificate Status: Ensuring HTTPS encryption is active and valid.
- Outdated Software: Checking if CMS (WordPress, Joomla, etc.) plugins are outdated.
- Performance: Loading speed and Core Web Vitals (SEO).
- Malware/Blacklisting: Checking if the site is infected or flagged by Google.
- Frequency: Frequently (monthly or weekly).
Vulnerability Scan
A vulnerability scan is a specialized, automated, and technical assessment focused specifically on finding security weaknesses that hackers could exploit.
Goal: Identify known vulnerabilities to prevent breaches.
What it checks:
- Missing Patches: Identifying software that needs security updates.
- Misconfigurations: Finding weak passwords, open ports, or insecure server settings.
- OWASP Top 10: Testing for vulnerabilities like SQL injection, cross-site scripting (XSS), and insecure authentication.
- Database Vulnerabilities: Checking for improperly secured data stores.
- Types: External (public-facing) and Internal (behind the firewall).
In Practice:
A hygiene check tells you that you are running an old version of WordPress (a hygiene issue). A vulnerability scan tells you that the old version of WordPress has a specific vulnerability allowing a hacker to take over your site (a critical vulnerability).
Kristen’s Koncepts Protects You!
Our Maintenance & Updates package already covers 99% of your Website Hygiene Scan, without having to subscribe to a separate service! The only areas that Maintenance & Updates does not handle are the SEO-focused topics of SEO Strength, Core Web Vitals, and 404 Error Recovery, although these are included in our SEO and Marketing packages.
Key Website Hygiene Scan Areas Covered In Maintenance & Updates Service
- Vulnerability Checks: We automatically use a Vulnerability Checker to scan all child sites for vulnerable themes and plugins, leveraging the WPScan Vulnerability Database.
- Database Cleanup: We automatically remove overhead, such as post revisions, transients, and spam comments on a weekly basis. In addition, databases and tables are error-checked and optimized on a weekly basis.
- Uptime & Health Monitoring: We utilize UptimeRobot to keep track of site performance to external visitors, SSL strength and expiry date, domain expiry dates, uptime and downtime. We are automatically notified of any downtime so that we can begin immediate remediation measures.
- Update Management: We ensure all site cores, plugins, and themes are updated on a daily basis.
- Security Scanning: We utilize WordFence Pro to scan for malware and provide real-time protection against multiple types of threats.
- Loading Speed & Core Vitals: We use Google Analytics and SiteKit to track loading speed on different devices, traffic flows, and 404s.
- Malware/Blacklisting: WordFence Pro alerts us within hours of a site being listed in any monitored malware list or blacklist, so we can begin remediations immediately.
- Website Health Check: There is a rather comprehensive website health check built into WordPress that alerts to most issues covered in a hygiene scan, allowing us to check the issues and resolve them directly within WordPress as a core feature.
- Website Filesystem & Database Backups: These are automatically performed every day on the website. Maintenance & Updates subscribers have differential backups performed daily, with full backups performed weekly. The server also performs separate, full server snapshots on a nightly basis.