One scan price. No hidden extras. No annual contracts.
The scan chain is built in Go and runs with goroutine-based concurrency for fast, efficient coverage. Every run is then checked manually for false positives and delivered as a professional PDF report. One-off scans are available — but most clients choose monthly coverage: passive checks run daily, critical findings are reported immediately, and a consolidated PDF is delivered each month.
GDPR Review
For businesses that need to understand their GDPR and privacy posture without a full security review.
- ✓ Cookie handling and consent patterns
- ✓ Privacy policy visibility and quality check
- ✓ Third-party embed and data flow analysis
- ✓ External data risk indicators
- ✓ Professional PDF report with findings
Security Scan
Most popularA full passive external security review — attack surface, web exposure, SSL, email hygiene, and verified findings.
- ✓ Go-powered scan engine with goroutine concurrency
- ✓ Subdomain and DNS surface mapping
- ✓ Cloudflare exposure and host enumeration
- ✓ SSL posture, headers, and web exposure checks
- ✓ nuclei + ZAP passive issue detection
- ✓ Email hygiene — SPF, DKIM, DMARC
- ✓ Manual false-positive filtering
- ✓ Critical findings reported immediately
- ✓ Monthly PDF report with remediation order
Security + GDPR
The complete review — full security scan plus GDPR and privacy posture in a single report. Save €39 vs buying separately.
- ✓ Everything in Security Scan
- ✓ Full GDPR and privacy review
- ✓ Cookie consent and policy gap analysis
- ✓ Third-party data flow risk indicators
- ✓ Monthly combined PDF report — security and compliance in one document
Why scan regularly?
Plugins update. Configs drift. Monthly visibility matters.
A clean bill of health today doesn't mean next month. WordPress plugins, third-party scripts, DNS changes, and new misconfigurations appear continuously. Most SMB breaches happen not because a business was initially vulnerable — but because something changed and nobody noticed.
A monthly cadence catches that drift earlier. At this price point, daily passive checks with immediate critical alerts and one clear monthly PDF is a small cost compared with even a short incident window.
Plugin vulnerabilities
A plugin updated by its developer can introduce a new exposure. You won't know unless something is checking from the outside.
Configuration drift
SSL renewals lapse, headers get removed during deployments, new subdomains get left exposed. Small changes accumulate.
Third-party risk
Scripts, analytics, and embedded tools change. A third party you embedded two years ago may now be a risk you're not aware of.
Reputation cost
For SMBs, a breach isn't just a technical problem. Lost client trust and the reputation damage it carries often outlast the incident itself.
Common questions
What people usually ask before getting in touch.
Do you need access to my website or servers?
No. Every scan is passive and runs entirely from the outside. All I need is the domain name — no credentials, no SSH access, nothing installed.
Will the scan affect my site's performance or uptime?
No. Passive scanning observes what is publicly visible — it doesn't hammer endpoints or attempt exploitation. Your site will not notice the scan running.
Can I get a one-off scan rather than committing to monthly?
Yes. All scans are priced per report with no contract. Many clients start with a one-off, then move to monthly coverage with daily passive checks, immediate critical alerts, and one PDF report each month.
How long does a scan take?
The scan chain typically runs within a few hours. The manual verification and report writing adds a day or two. Most clients receive their PDF within 2–3 business days of scope being agreed.
Who is the report written for?
Both. Every report has an executive summary in plain language for business owners and a technical findings section with evidence and remediation guidance for developers or IT teams.
Ready to get started?
Send the domain. I'll confirm scope and have a report back to you within a few business days.
No contract. No access required. Cancel or pause any time.