Transport and headers
HTTPS, TLS status, mixed content, security headers, and a visible WordPress version when the page exposes it.
A focused audit of public security, SEO, content, crawlability, and performance signals. Written in plain language. Built to avoid aggressive scanning.
Add a site-specific Content Security Policy after validating required scripts and services.
The dashboard avoids pretending that one score can prove a site is secure. It shows the evidence, the limits, and the next action.
HTTPS, TLS status, mixed content, security headers, and a visible WordPress version when the page exposes it.
Titles, descriptions, headings, image alternatives, robots.txt, XML sitemaps, and a bounded broken-link sample.
HTML response timing, document weight, resource clues, image size signals, and mobile viewport checks.
SiteGuard reads public signals only. It does not log in, submit forms, test passwords, run exploits, or crawl an entire site.
SiteGuard Lite does not test passwords, submit login forms, enumerate accounts, fire exploit payloads, scan private networks, or claim to certify security.
It makes a small number of public requests, records observable evidence, and explains where a browser test or professional review is still needed.