Fenerly
← Back to homeExample — not live data
Harbor LegalAt risk
43
43/ 100

Blended from internal plugin checks + the external scan.

Per-check breakdown

Sec

38 / 100
  • https_enforcedThe site is served over a secure HTTPS connection.

    HTTPS encrypts traffic between visitors and your site. Without it, data can be read or tampered with in transit, and browsers flag the site as “not secure.”

    Technical detail

    Checked via is_ssl() / the site URL scheme. Fix: install a TLS certificate (most hosts offer free Let's Encrypt), then set the WordPress Address + Site Address to https://.

    false
    0/40
  • debug_mode_offWP_DEBUG is disabled, as it should be in production.

    Debug mode prints internal error details that can leak paths and code information to visitors. It's a development tool that should be off on a live site.

    Technical detail

    Checks the WP_DEBUG constant. Fix: set define('WP_DEBUG', false) in wp-config.php for production (use a staging site for debugging).

    Read the full spec ↗
    false
    0/20
  • outdated_pluginsHow many installed plugins have updates pending.

    Outdated plugins are the most common way WordPress sites get hacked — known vulnerabilities get patched in updates that haven't been applied.

    Technical detail

    Reads WordPress's cached update counts (no extra request). 0 outdated = full points; the score steps down as the count rises. Fix: update plugins from Dashboard → Updates; remove ones you don't use.

    9
    0/25

Ops

38 / 100
  • wp_cron_firingWordPress's scheduled-task runner is working.

    WP-Cron runs your site's scheduled jobs (publishing posts, sending emails, plugin tasks, and our own health heartbeat). If it isn't firing, those jobs silently never run.

    Technical detail

    Checked via wp_next_scheduled('fenerly_send_heartbeat'). If false, WP-Cron is broken — often because DISABLE_WP_CRON is set without a real system cron replacing it. Fix: add a server cron hitting wp-cron.php every few minutes, or remove DISABLE_WP_CRON.

    Read the full spec ↗
    false
    0/30
  • php_supportedThe site runs a PHP version that still gets security fixes.

    PHP is the language WordPress runs on. Old versions stop receiving security patches, leaving the site exposed and often slower.

    Technical detail

    Passes on PHP 8.1+. PHP 8.0 reached end-of-life 2023-11 and 7.x is long EOL. Fix: ask your host to upgrade PHP (usually a one-click setting in the hosting panel).

    Read the full spec ↗
    7.4.33
    0/30

This is an illustration. Sign in to connect your own sites.