A WordPress-specific hardening audit. The other WP tool focuses on speed and plugin footprint; this one focuses on exposure surface, update discipline, and the configuration signals that separate a stable WordPress install from one that's a monthly incident. Where WooCommerce is present, the applicable ecommerce-specific checks cross over. Probes public attack surface the same way a scanner would: xmlrpc.php, REST API user listing, wp-login reachability, admin directory indexing, readme.html leaks, wp-config backup patterns, debug-log exposure, and security-header coverage. Read the walkthrough · Four URLs that should never be public · Eight more WP audits · Modern security headers.