threatover Patrik Grobshäuser
Quick & friendly

Security checkup.

Send the URL. I review the site from the outside and send back a short, plain-English report.

Book a checkup See what's included

no admin access required

Who this is for

Outside-in review.

You don't think anything is wrong. You'd just like a professional to confirm that. The checkup is the cheapest, lowest-friction way to get that confirmation — or a short list of things to fix if there are any.

I don't need admin access. I don't touch your site. I look at what the internet sees, and I tell you what I'd be worried about if it were mine.

Pick this if…

  • You run a personal blog or a small business site and want a yearly peace-of-mind check.
  • You inherited a site from someone and want a quick second opinion before doing anything to it.
  • You're considering hiring me for a bigger engagement and want to try working together first.
  • Friends or family have asked "is my site OK?" and you want to give them a real answer.

What's included

What I look at from the outside.

Versions

WordPress core version, public plugin/theme fingerprints, and whether anything publicly known to be vulnerable is on the site.

Blocklists

Whether Google Safe Browsing, Sucuri, Norton, McAfee or others currently flag the site.

TLS & headers

Certificate quality, TLS configuration, missing security headers, mixed content, cookie flags.

Exposure

Endpoints that shouldn't be public: /wp-config.php.bak, /.git, /.env, /readme.html, debug logs, exposed staging copies.

DNS & email

DNS hygiene, SPF, DKIM, DMARC. Whether someone could send mail pretending to be you.

Behaviour

I visit the site from different angles (mobile, search-referrer, fresh browser) and check whether the experience differs in ways that suggest a compromise.

What I don't do: log in, scan with intrusive tooling, or change anything. The checkup is non-invasive by design. If something needs a deeper look, I'll tell you and recommend a security audit instead.

Deliverable

A short, friendly report.

  • A one-line verdict: "looks healthy" or "three things to fix this week".
  • Each finding written in plain English (suitable for non-technical readers).
  • If a finding is fixable in your hosting control panel, the steps to do it yourself.
  • If I found nothing meaningful, the report says so — and that's worth it on its own.

Delivered as a 1–3 page PDF + a friendly email reply. The report is the deliverable — nothing else gets pitched.

Frequently asked

Common questions

Why so cheap?

Because it's outside-only and time-boxed. I'm not pretending it's a full audit — it isn't. It's a low-stakes way to get a professional opinion. If I find something serious I'll tell you it deserves a bigger look, no extra charge for that conversation.

Can I do this for someone else's site?

Yes, as long as you have the owner's permission. The checkup is non-invasive, but I still need authorisation from whoever owns the site. I'll ask for written confirmation in the intake form.

Do you offer this in bulk for agencies?

Yes. Volume pricing kicks in at 10+ sites in a single batch. Useful for agencies running a portfolio review or before signing on a new managed-hosting client.

What if I want a deeper look afterwards?

I credit the checkup fee toward a security audit if you book one within 60 days.

Email [email protected] or use the contact form.