Steel Security organizes its security model around two core concepts: scanning and hardening. These represent different layers of security responsibility.
Security Scans
Scans analyze your WordPress environment to identify potential risks such as outdated plugins or WordPress versions, missing HTTP security headers, insecure server configuration, and exposed configuration files.
Scans are read-only diagnostics. They do not change your site.
Hardening Controls
Hardening controls actively improve your security posture by applying protective configurations. Examples include blocking PHP execution in uploads, disabling directory listings, enforcing secure WordPress constants, and protecting configuration files.
Hardening is intentional and reversible.
Why the Separation Matters
Separating scans from hardening provides important benefits: scans remain safe and non-intrusive, mitigation actions are deliberate, and administrators maintain full control over configuration changes.
This structure ensures Steel Security remains transparent and predictable.
