60Web60

How We Handle Security Audits

SmartHost & Web603 min read·

This article explains how Web60 conducts security audits and what happens when we find issues.

What Security Audits Include

Web60 runs automated security scans on all websites every 24 hours. These scans check for:

  • Malware and viruses - Harmful code that could damage your site or steal visitor data
  • Outdated WordPress files - Old versions that hackers can exploit
  • Plugin vulnerabilities - Security holes in add-ons installed on your site
  • Suspicious file changes - New files or modifications that shouldn't be there
  • Blacklist status - Whether your site has been flagged by Google or other security services

The scan results appear in your Web60 portal dashboard within 2 hours of completion.

When We Find Security Issues

If our scan detects problems, Web60 takes immediate action:

  1. Critical threats (like active malware) trigger an automatic temporary block of your site to prevent spread
  2. Medium-risk issues generate an alert in your portal and email notification
  3. Low-risk items appear as warnings in your security report

You'll receive an email within 30 minutes explaining what we found and what steps we're taking.

Automatic Security Actions

Web60 automatically handles many security issues without requiring action from you:

  • WordPress core updates - We install security patches within 24 hours of release
  • Malware removal - Infected files are cleaned or quarantined immediately
  • Failed login blocking - IP addresses making repeated login attempts get temporarily blocked
  • Plugin updates - Security updates for plugins are applied automatically where safe

For complex issues that need manual review, we'll contact you with specific instructions.

Viewing Your Security Reports

  1. Log into your Web60 portal
  2. Click on your website name
  3. Select "Security" from the left menu
  4. View your latest scan results and any active alerts

Reports show the scan date, issues found, and actions taken. Historical reports are available for the past 90 days.

What You Need to Do

Most security maintenance happens automatically, but you should:

  • Check your security dashboard monthly for any warnings
  • Keep your WordPress login password strong and unique
  • Only install plugins from the official WordPress directory
  • Review the security report if you receive an alert email

For guidance on WordPress security practices, see our WordPress Security Best Practices guide.

If you're still stuck or have questions about a security alert, contact our support team through your Web60 portal.

FAQ

Q: How often do security scans run?

A: Web60 scans all websites automatically every 24 hours. Critical security updates may trigger additional scans.

Q: Will security scans slow down my website?

A: No, scans run in the background and don't affect your site's loading speed for visitors.

Q: What happens if malware is found on my site?

A: We automatically quarantine infected files and clean the malware. You'll receive an email explaining what was found and removed.

Q: Can I see what the security scan is checking?

A: Yes, full scan reports are available in your Web60 portal under the Security section for your website.

Q: Do I need to install additional security plugins?

A: No, Web60's built-in security scanning covers the essential protection your WordPress site needs.

Q: What should I do if I get a security alert email?

A: Check your Web60 portal security dashboard for details. Most issues are resolved automatically, but the email will tell you if any action is needed.

Q: How long are security reports kept?

A: Security scan reports and logs are available in your portal for 90 days.

Last updated: 1 March 2026

← PreviousHow We Handle GDPR ComplianceNext →How We Handle Server Maintenance

Still need help?

Contact our support team for personalised assistance.

Contact Support