Skip to main content
The WordPress Toolkit includes a built-in security scanner that checks your installation against common vulnerabilities and misconfigurations.

Running a Security Check

1

Go to WordPress

Log in to Plesk and click WordPress in the left sidebar.
2

Open Security

Click on your WordPress installation, then click the Security tab.
3

Run the Check

Click Check Security. The Toolkit will scan your installation and display a list of findings.
4

Apply Fixes

Review the results. Click Fix next to individual issues, or Fix All to apply all recommended changes at once.

What the Security Check Covers

Common items the Toolkit checks and can fix automatically:
  • WordPress version is up to date
  • Debug mode is disabled
  • File permissions are correct
  • Directory browsing is disabled
  • The default admin username is not in use
  • WordPress admin area is protected

Additional Recommendations

  • Keep WordPress, plugins, and themes updated — see Managing Updates
  • Use a strong, unique password for your WordPress admin account
  • Install only plugins and themes from reputable sources
  • Remove inactive plugins and themes
Our servers run Imunify360, which provides server-level malware scanning and protection across all hosted sites. This complements but does not replace WordPress-level hardening.