Free · External · No Login Required

Your website is
exposing more
than you think.

We run a non-intrusive external analysis across 50+ signals — security headers, public attack surface, email exposure, form safety, SSL integrity, and trust signals. You get a full PDF report showing exactly what was found and what to do about it.

Run Free Exposure Scan → Book a Discovery Call
Sample External Scan Output
Public Attack Surface 3 Issues Found
Security Headers 5 Missing
SSL & Domain Integrity Passed
Email Exposure 2 Signals
Trust & Compliance Passed
Script & Dependency Risk Review

External signal analysis only. No server access required. Results reflect publicly visible signals.

No login required Non-intrusive — read only Works on any website Full PDF report included Trusted by Dr. Shashi Tharoor MP
What Is This

An external audit of what your website is publicly revealing

Most business owners assume their website is secure because it looks professional. But what visitors — and attackers — can see from outside tells a very different story.

Our Website Exposure & Cyber Safety Audit runs a structured external signal analysis across 50+ checks. No login needed. No server access required. We look at what anyone on the internet can see about your website — and flag what needs attention.

You receive a full PDF report with every finding explained in plain language — what it is, why it matters to your business, and what to do about it.

External Only — No Server Access

We never access your admin panel, database, or server. Everything we check is publicly visible to anyone on the internet.

Works on Any Website

WordPress, Shopify, Wix, custom — our scanner checks external signals regardless of platform.

Plain Language Report

No jargon. Every finding is explained in terms of what it means for your business, not just what it is technically.

Leads to a Fix Plan

The free scan shows what was found. The paid deep audit goes inside with your permission and produces a complete fix plan.

Privacy First

Your report is confidential. We never share or publish client scan results. Your data stays yours.

50+ Checks Across 10 Categories

What the scan covers

🔒

SSL & Domain Integrity

HTTPS status, SSL certificate validity, HSTS header, www/non-www consistency.

🛡

Browser Security Headers

CSP, X-Frame-Options, X-Content-Type, Referrer-Policy, Permissions-Policy.

👁

Public Attack Surface

wp-login, xmlrpc, readme.html, REST API user enumeration, version exposure.

Email & Contact Exposure

Visible email addresses, mailto links, contact form presence, CAPTCHA signals.

📋

Form Safety Signals

Bot protection, file upload forms, insecure form action URLs.

Script & Dependency Risk

Third-party script count, API key exposure, sensitive data in client-side code.

🔍

Platform Fingerprint

CMS detection, theme name exposure, server technology headers.

🏗

Structural Integrity Signals

Title tags, meta descriptions, robots.txt, sitemap, visible PHP errors.

Trust & Compliance Signals

Privacy policy, T&Cs, contact page, ABN visibility — Australian compliance.

📊

Performance & Stability

Page size, render-blocking scripts, image alt text coverage.

Who This Is For

Your website is your most visible asset.
These businesses need to know what it is saying.

01

Professional Services

Lawyers, accountants, consultants, and advisors who process sensitive client data and operate on trust. A single exposure finding can cost a client relationship.

02

Healthcare & Allied Health

Clinics, practices, and health businesses that handle patient data. Australian Privacy Act compliance is not optional — and your website is the first line of exposure.

03

E-Commerce & Retail

Online stores processing payments and storing customer details. Exposed forms, weak headers, and insecure scripts are the most common entry points for attacks.

04

Finance & Insurance

Brokers, advisors, and financial services businesses operating under ASIC and APRA obligations. Your digital presence needs to reflect the same rigour as your practice.

05

Education & NFPs

Schools, training providers, and not-for-profits collecting enrolment data, donations, or contact details. Trust is everything — and exposure undermines it.

06

Any Business With a Website

If your website collects a name, email, or payment — you have an obligation to protect it. Most businesses we scan discover risks they were completely unaware of.

Pricing

Start free. Go deeper when you need to.

Every engagement starts with a free external scan. No commitment required. If findings warrant deeper investigation, we offer a paid audit and fix service.

Entry Level
External Exposure Scan
Free — always
Non-intrusive external check. No login. No server access. Full PDF report emailed automatically.
  • 50+ external signal checks
  • 10 category breakdown
  • Green / Amber / Red findings
  • PDF report delivered by email
  • Plain language explanations
  • No obligation
Run Free Scan →
Most Popular
Paid Engagement
Deep Structural Risk Audit
$497 starting from
Authenticated deep audit. We go inside your setup with your permission and produce a complete findings and fix report.
  • Everything in free scan
  • Plugin & theme vulnerability review
  • Access control & user audit
  • Hosting & infrastructure check
  • Form & data handling review
  • Backup & recovery assessment
  • Prioritised fix plan included
Book a Discovery Call →
Implementation
Risk Reduction & Hardening
$900 starting from
We implement the fixes identified in the audit. From header configuration to plugin cleanup and infrastructure hardening.
  • Security header configuration
  • Plugin cleanup & updates
  • Login protection setup
  • Form hardening
  • Email exposure reduction
  • Post-fix verification scan
Enquire →
Process

How it works

1

Run the Free Scan

Enter your name, email, and website URL below. Our scanner runs an external signal analysis across 50+ checks. No login. No server access. Takes about 30 seconds.

2

Receive Your PDF Report

Your full findings report is automatically emailed to you. Every check is explained — what was found, why it matters for your business, and what to do about it.

3

Book a Discovery Call

If the report raises questions or you want to go deeper — book a free 20-minute call. We walk through the findings together and recommend the most practical next steps.

Free Tool

Run your free exposure scan now

Enter your details below. Results appear instantly. Full PDF report sent to your email automatically.

Questions

Frequently asked questions

Is the free scan really free — what's the catch?
There is no catch. The free external scan is genuinely free, always. It runs 50+ checks on publicly visible signals and emails you a full PDF report at no cost. If the findings suggest deeper investigation is needed, we offer a paid Deep Structural Risk Audit starting from $497 — but there is no obligation.
Do you access my website's backend or admin panel?
No. The free external scan only checks publicly visible signals — things anyone on the internet can see. We never access your admin panel, server, database, or files during the free scan. The paid Deep Structural Audit does require temporary authenticated access, which is arranged with your full knowledge and permission.
My website was built by a developer — should I still scan it?
Yes — especially if it was built by a developer. Many technically built websites still expose admin paths, miss security headers, or have outdated plugins installed. These are not design failures — they are configuration and maintenance issues that accumulate over time. The scan tells you exactly what the current state is.
What platforms does the scan work on?
The external scan works on any website regardless of platform — WordPress, Shopify, Wix, Squarespace, custom-built sites, and everything else. Because it only checks publicly visible signals, the underlying technology does not matter. The Deep Structural Audit is currently optimised for WordPress-based websites.
How is this different from a generic cybersecurity firm?
Most cybersecurity firms focus on enterprise clients with large IT budgets. We focus specifically on Australian SMEs — professional services, healthcare, legal, and finance businesses — who need clear, practical guidance without enterprise pricing or unnecessary complexity. Our reports are written in plain language, not technical jargon, and every finding comes with a specific recommendation.
What happens after I receive the report?
Nothing happens automatically — the report is yours to review at your own pace. If you have questions about the findings, simply reply to the email and we will help you understand them. If you want to go deeper or implement fixes, book a free 20-minute discovery call and we will walk through the report together and recommend the most practical next steps for your situation.

Ready to see what your website is actually exposing?

Run a free external scan in 30 seconds. No login. No server access. Full PDF report delivered to your inbox — with every finding explained and a clear next step.

Run Free Exposure Scan →

External signal analysis only. Results reflect publicly visible signals. Not a confirmed vulnerability assessment. Always consult a qualified professional before making security decisions.