Automated security auditing and monitoring system for WordPress sites
Nuust, Heidi (2025)
2025
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025121536364
https://urn.fi/URN:NBN:fi:amk-2025121536364
Tiivistelmä
The aim of this thesis was to design and implement an automated security auditing and monitoring system for WordPress websites by utilizing low-code tools. The work was commissioned by Maximum Effort Ay, which manages several client websites and needed a cost-effective and low-maintenance solution to improve the security of its services. The thesis addressed common security issues on WordPress sites, such as vulnerable plugins and misuse of user roles. It also evaluated how low-code-based tools such as n8n and various security API interfaces can be applied for automated security monitoring and auditing. Furthermore, the thesis examined how automation can enhance the management of WordPress site security and reduce the need for manual work, especially in a way that is suitable for small and medium-sized enterprises.
This was a practical thesis focused on developing a proof-of-concept solution. The theoretical part covered topics such as WordPress architecture, plugin vulnerabilities, user roles, and data protection regulations (GDPR, NIS2). The practical implementation was carried out using the n8n automation platform, leveraging external security APIs such as VirusTotal and IPQualityScore. Testing was performed on selected environments that included known or simulated risks, and system performance was evaluated using measurable criteria such as response speed and alert accuracy.
The results showed that low-code automation can significantly enhance WordPress security, reduce manual work, and improve response times. The final system included real-time vulnerability detection, uptime monitoring, and alert routing using free or self-hosted tools. A visual dashboard displaying metrics and alerts was also included. Future development areas identified include server-side scanning, production testing, and improved API call handling. The system is especially suitable for small and medium-sized businesses without dedicated IT staff. Based on the results, it is recommended that further development focus on expanding automated responses and ensuring long-term maintainability.
This was a practical thesis focused on developing a proof-of-concept solution. The theoretical part covered topics such as WordPress architecture, plugin vulnerabilities, user roles, and data protection regulations (GDPR, NIS2). The practical implementation was carried out using the n8n automation platform, leveraging external security APIs such as VirusTotal and IPQualityScore. Testing was performed on selected environments that included known or simulated risks, and system performance was evaluated using measurable criteria such as response speed and alert accuracy.
The results showed that low-code automation can significantly enhance WordPress security, reduce manual work, and improve response times. The final system included real-time vulnerability detection, uptime monitoring, and alert routing using free or self-hosted tools. A visual dashboard displaying metrics and alerts was also included. Future development areas identified include server-side scanning, production testing, and improved API call handling. The system is especially suitable for small and medium-sized businesses without dedicated IT staff. Based on the results, it is recommended that further development focus on expanding automated responses and ensuring long-term maintainability.