Scan vs Hardening in Steel Security

Mar 10, 2026 | Steel Security

Steel Security organizes its security model around two core concepts: scanning and hardening. These represent different layers of security responsibility.

Security Scans

Scans analyze your WordPress environment to identify potential risks such as outdated plugins or WordPress versions, missing HTTP security headers, insecure server configuration, and exposed configuration files.

Scans are read-only diagnostics. They do not change your site.

Hardening Controls

Hardening controls actively improve your security posture by applying protective configurations. Examples include blocking PHP execution in uploads, disabling directory listings, enforcing secure WordPress constants, and protecting configuration files.

Hardening is intentional and reversible.

Why the Separation Matters

Separating scans from hardening provides important benefits: scans remain safe and non-intrusive, mitigation actions are deliberate, and administrators maintain full control over configuration changes.

This structure ensures Steel Security remains transparent and predictable.