The breaking point that puts an end to all the great features of WordPress, is computer security, because having firm foundations and business technology pillars, we will always question the continuity of the business. And so the phrase is born: WordPress is not safe. This phrase, absent from technical analysis, whose conventional meaning is repeated again and again without alterations, represents a commercial error of great importance, because a good computing professional knows that WordPress is safe, and that the real problem lies in the administration of the CMS and the establishment of protocols through which a website, regardless of the content management system (CMS) used, is always subjected to various and periodic security analyzes. This is what is known in the field of computing security, as the human factor.
On the contrary, the common tendency of a basic or average WordPress user is to look for plugins that secure or scan the CMS inside, usually after they have been hacked, as a result of endless bad practices that, one way or another will lead them to use some type of scanner; on the other hand, there are more sensible and cautious users, those who are looking for analysis services or WordPress vulnerability scanner, in the first instance.
In the commercial path we have the obligation to maintain third party services that help us strengthen our business, especially when the capacity of investment and hiring of human resources in startups, small and medium enterprises, tends to be limited. If you have the opportunity to choose between a ethical hacker or a pentesting company that you cannot pay, a set of plugins that, instead of facilitating the negotiations, sow doubts about which one is the best, reaping just lack of time and seriousness because of their payment configurations and functionalities that are only displayed once these plugins are installed in the CMS, and a WordPress vulnerability scanner service that does everything all at once, your choice, will obviously be a scanner.