If you’re looking for a full security scanner and one-click fix solution for WordPress, I’d definitely recommend Better WP Security or VaultPress. Gauntlet Security, on the other hand, is a bit different. The plugin gives you a list of common problems found in WordPress and then scans your site to detect those errors, so you can fix them yourself.

What’s it Do?

Gauntlet Security gives you a comprehensive list of common errors and security vulnerabilities that might make your site insecure. Most of the tweaks that are listed are pulled straight from the WordPress Codex entry about making WordPress more secure. Gauntlet Security will scan your site automatically and let you know which items on its checklist might be a problem on your site. It will then have more information about how to fix the problem, ranging from making a few changes in the WordPress admin to editing your server configuration in php.ini.

Just to be clear, Gauntlet won’t fix any problems for you. Instead, it will give you pretty comprehensive directions on how to approach a problem for yourself. This is useful if you are a developer that wants to keep track of certain errors, or as a handoff for clients, so they can let you know when something has gone wrong.

How’s it Work?

After you install and activate the plugin, visit Tools -> Gauntlet Security. You will see a long list of potential errors for your site, with a little information about each. This list includes a variety of different problems your site might encounter, from something as simple as plugins that need to be updated to indexing and configuration of your server and PHP.

At the top of a page, there is a “Scan Now” button. Click this to automatically scan your site.

The Gauntlet Security Scan

Gauntlet will move through the checklist, one by one, to see if each issue is a problem on your site. If there is no problem detected, then a green checkmark will appear next to the item. If there is a potential problem or small warning, a yellow flag will appear. If there is a major problem that requires your attention, you will see a red X appear. For anything the plugin can’t detect, a dotted circle will remain, with more info about why the plugin can’t scan that particular issue.

When the plugin is done scanning your site, you can move through all of the issues to see how they might be addressed. To figure out how to actually fix the problem, click the “More Info” link. This will have pretty advanced instructions listing common approaches to solving that particular problem. These will be ranked from Easy to Advanced, and some may require you to configure your server or php.ini file. If you run into a problem like this, make sure to backup your files before trying to fix it, or hand it off to a developer that knows how to make the fix for you.

More information about issues

After you’ve fixed the problem, you can run the scan again to make sure that the problem has been resolved. As you are looking through your issues, you may notice that some are not important to you, or you have addressed them in another way. That’s okay. Gauntlet Security is meant to act as a simple checklist and guide, not as a full-scale security solution. Use it to help you make decisions about your site.

Costs, Caveats, Etc.

Gauntlet Security is free and fairly comprehensive. It has been updated a few times to include new problems and to resolve a few issues. If you run into a problem or have something to add, visit the support forums to get help from the developer.

Resources

• Support Forums
• Codex Entry on Hardening WordPress