Vulnerability Assessment

Vulnerability Assessment checks your WordPress site's configuration, file permissions, and software versions against security best practices. It flags risky settings and outdated components, then gives you a risk score with remediation steps.

This feature does not query an external CVE database. All checks run locally against your environment.

Why Vulnerability Assessment Matters

Most WordPress compromises trace back to preventable issues: misconfigured settings, outdated software, or overly permissive file access. Finding these before an attacker does is the most practical step you can take.

Outdated plugins and themes are the most common entry point for attacks
Misconfigured settings (debug mode, file editing, default prefixes) are actively exploited
EOL software (PHP, MySQL, WordPress core) no longer receives security patches

Vulnerability Assessment gives you a unified view of configuration gaps, outdated components, and permission issues — without requiring security expertise.

Diagnostic Categories (7 Categories, 20 Items)

1. WordPress Configuration (6 items)

Check Item	CWE Reference	Description
Debug Mode	CWE-215	`WP_DEBUG` enabled in production
File Editing	CWE-732	Admin-panel plugin/theme editing enabled
Table Prefix	CWE-89	Default `wp_` prefix in use
Security Keys	CWE-330	Weak or missing wp-config.php secret keys
HTTPS Enforcement	CWE-319	Admin panel not forcing HTTPS
XML-RPC	CWE-799	XML-RPC endpoint enabled

2. File Permissions (2 items)

Check Item	CWE Reference	Description
wp-config.php Permissions	CWE-732	Overly permissive access to config file
.htaccess Permissions	CWE-732	.htaccess is world-writable

3. Database (1 item)

Check Item	CWE Reference	Description
Suspicious Tables	CWE-459	Leftover backup or temporary tables (backup_, tmp_, old_)

4. User Security (3 items)

Check Item	CWE Reference	Description
Admin User	CWE-798	Default "admin" username still in use
Admin Count	CWE-250	Too many administrator accounts
User Enumeration	CWE-200	Usernames exposed via `/?author=N` URLs

5. Plugins (2 items)

Check Item	CWE Reference	Description
Plugin Updates	CWE-1104	Plugins with available updates
Inactive Plugins	CWE-1059	Inactive plugins still installed

6. Themes (2 items)

Check Item	CWE Reference	Description
Theme Updates	CWE-1104	Themes with available updates
Unused Themes	CWE-1059	Unused themes still installed

7. Server Environment (4 items)

Check Item	CWE Reference	Description
WordPress Core	CWE-1104	Outdated WordPress version
PHP Version	CWE-1104	End-of-life PHP version in use
jQuery Version	CWE-1104	Outdated jQuery bundled with WordPress
MySQL/MariaDB	CWE-1104	End-of-life database version in use

Score Calculation

Scores are calculated by deducting from a perfect 100 points. Each item is weighted according to its risk level.

Risk Level	Deduction	Color
Critical	-15 to -20 points	🔴 Red
High	-8 to -12 points	🟠 Orange
Medium	-4 to -6 points	🟡 Yellow
Low	-1 to -3 points	🟢 Green

Running the Assessment

Navigate to SentinelSecurity → Vulnerability Assessment
Click the Run Assessment button
Results for each category are displayed in accordion format

Each check item displays:

Status Icon: ✅ Safe / ⚠️ Warning / ❌ Critical
Summary: Description of the detected state
Impact: Potential damage if this risk is exploited
Remediation: Specific steps to fix the issue

Priority-Based Remediation

You do not need to fix everything at once. Address issues in the following priority order:

🔴 Critical: Fix immediately (WordPress core, PHP/MySQL version updates, disable debug mode)
🟠 High: Within one week (plugin updates, file editing disabled, security keys updated)
🟡 Medium: Within one month (change table prefix, remove inactive plugins and unused themes)
🟢 Low: At next scheduled maintenance

Regular Assessment Recommendations

We recommend re-running the assessment at the following times:

After WordPress core updates
After adding or updating plugins and themes
After server environment changes
Monthly routine checks