Website security

Website vulnerability and virus check

PromoPilot Shield scans the site for vulnerabilities, malware, and backdoors, assesses risk by CVSS, and prepares an AI report with a remediation plan. Works with WordPress, Joomla, OpenCart, and custom sites.

Check the site for free

PromoPilot Shield is an online website security scanner. The service checks the site against more than 40 points of the OWASP methodology: security headers and TLS, open service files and version leaks, known CMS and plugin vulnerabilities, SSRF and injection surfaces, DNS and email settings. The check is safe and non-destructive — without exploiting vulnerabilities.

As a result, you receive a grade A–F, a list of findings with severity levels and CVSS ratings, an expert AI report in simple language, and a step-by-step remediation plan. For verified owners, deep active checks and a server agent are available, which searches for web shells, backdoors, and malware in files and databases, as well as checks the integrity of the CMS core. Basic check is free, no installation required.

Advantages

Why it's convenient and what you get

40+ OWASP checks

Headers, TLS, open files, CMS vulnerabilities, SSRF, injections, secret leaks, DNS and email.

Malware detection

The server agent searches for web shells, backdoors, and malicious inserts in files and databases.

Risk assessment by CVSS

Each finding comes with a severity level and CVSS score to fix the most dangerous issues first.

AI report and plan

Expert analysis in simple terms: what it means for the business and step-by-step actions.

Auto-fix

Ready .htaccess and nginx snippet fix configuration issues in minutes.

Monitoring and alerts

The subscription regularly rescans the site and alerts about new threats via email and Telegram.

How it works

Enter the website address

Run a free check — results ready in a minute, no installation needed.

Scanning

Shield safely checks the site using OWASP methodology, without exploiting vulnerabilities.

Report with CVSS

Receive a grade A–F, a list of findings, and an AI report with a remediation plan.

Remediation

Apply auto-fix or enable monitoring and the server agent.

What's included

  • Security headers: HSTS, CSP, X-Frame-Options, and others
  • TLS and certificate: duration, validity, outdated protocols
  • Open files: .git, .env, backups, phpinfo, listings
  • CMS vulnerabilities: WordPress, Joomla, OpenCart, and plugin versions
  • SSRF, reflected XSS, signs of injections, and open redirects
  • DNS and email: SPF, DKIM, DMARC, CAA
  • Server agent: web shells, backdoors, CMS core integrity
  • AI report, PDF, auto-fix, and monitoring with alerts

FAQ

Is scanning safe for my website?

Yes. Basic and most checks are performed passively and non-destructively — without exploiting vulnerabilities. Active checks are available only after domain ownership confirmation.

What does the free check show?

The free check evaluates headers, TLS, version leaks, DNS, and some findings rated A–F. A complete list with CVSS, cause analysis, and remediation plan is available in the paid report.

How are backdoors and viruses searched for in files?

The server agent is a read-only PHP script that you upload to the root of your site. It checks files and the database for web shells, malicious code, and CMS core integrity, and sends a report. The agent is included in the Comprehensive Audit and the 'Monitoring' subscription.

Can found issues be automatically fixed?

Configuration issues (headers, HTTPS redirects, closing service files) can be resolved with a ready-made .htaccess file or nginx snippet from the report. Code and database vulnerabilities require manual work — our specialists can assist you on Telegram.