Product features

Deep, repeatable security checks focused on real-world web and WordPress risks.

Automated security scanning

Security headers & HTTPS

Check for missing or misconfigured security headers, HTTPS redirects, and basic SSL issues that directly impact browser-side security.

  • HSTS, X-Frame-Options, X-Content-Type-Options, and more.
  • Misconfigurations surfaced in plain language.
  • Clear guidance on how to update your server or CDN config.
Cookie & session hygiene

Identify cookies that leak across HTTP, lack HttpOnly or SameSite protections, or reveal unnecessary information.

  • Detect missing Secure, HttpOnly, and SameSite flags.
  • Highlight cookies that are likely to be session identifiers.
  • Recommendations suitable for developers and non-technical owners.

WordPress-specific checks

Beyond generic HTTP checks, ThreatSpot is tuned for the realities of WordPress hosting.

Version & hardening

Detect common version disclosure patterns and weak default settings that make targeted attacks easier.

Configuration warnings

Catch directory listings, exposed readme files, and other information leaks that attackers routinely probe.

Plugin & theme risk (roadmap)

ThreatSpot is designed to pair with plugin and theme vulnerability intelligence, so you can see which components put your site at risk.

Compliance mapping

Turn scan results into framework-aligned controls with clear gaps and audit-ready evidence.

Compliance dashboard per scan

A dedicated compliance view summarizes alignment across frameworks and highlights the highest-impact gaps.

Framework alignment built-in

Mappings include OWASP ASVS, OWASP Top 10, CIS Benchmarks, and PCI DSS for common web and WordPress controls.

Gap-focused evidence

See which controls are not met, what they cover, and why they matter—ready to share with stakeholders and auditors.

Reporting & alerts

Turn technical findings into repeatable workflows and client-ready updates.

Executive-friendly dashboards

Letter grades and prioritized issue lists make it easy to communicate risk to non-technical stakeholders.

  • At-a-glance grade and trend over time.
  • Breakdowns across SSL, headers, CSP, cookies, and WordPress.
  • Guided views for less-technical audiences.
Email alerts & exports

Use scheduled scans and email alerts to stay ahead of regressions.

  • Alert when a site drops below a target grade.
  • Notify clients or internal teams when major issues appear.
  • Export PDFs for audits, board meetings, or client reports.

See ThreatSpot in action on your own site.

Start with a free account and run your first scan in a few minutes.