Website security analysis

[jellied]

I've used Shieldsup and the like to scan a PC for any issues.
Is there something similar for checking a website? I've had some issues with a site I look after [written in Wordpress] and am concerned there's something not quite right in terms of permissions and the like..

Seems to be a wealth of paid for services which doesn't surprise me, but anything of a trust worthy and free nature out there?

[hubner]

How about http://www.siteadvisor.com/ ?

Enter address in box under "View a Site Report".

[jellied]

Nice - not seen that before.

It's not quite what I was after - more something to detect vulnerabilities for a website.

[vorsprung]

You could

• run a remote penetration test using a tool like Nessus

http://en.wikipedia.org/wiki/Nessus_(software)
Nessus has 80 wordpress specific "plugins" that detect flaws

• Or look at your policies and take an overview with OSSTMM (Open Source Security Testing Methodology Manual)

http://www.isecom.org/research/osstmm.html

• If you have root access to the server with wordpress on then you could do static testing of the files that make up the site

Sorry, I can't find any suitable programs to do this that are free

• Finally, there is a "security" plugin for wordpress

http://wordpress.org/extend/plugins/wp-security-scan/

[jellied]

brilliant - that's exactly what i needed. already found some loop holes.