Running Your First Scan
What This Covers
This guide explains how SteelWP performs your first scan and what to expect when viewing results.
The scan is the first step in identifying security risks and establishing a baseline for your site.
Before You Begin
Ensure:
- SteelWP is installed and activated
- You have access to the SteelWP dashboard
- (Optional) Your license is activated if using Pro features
How to Run Your First Scan
SteelWP runs a scan automatically when you open the Scan page.
To start your first scan:
- In your WordPress admin, navigate to SteelWP β Dashboard
- Click Open Scan
βorβ
Once the Scan page loads, the scan will begin automatically.
What the Scan Checks
SteelWP focuses on high-value findings, including:
- exposed sensitive files (e.g. backups, dumps, configuration artifacts)
- debug and development settings
- insecure defaults
- leftover or forgotten files in the web root
The scan is designed to prioritize meaningful risks, not noise.
What to Expect
When the Scan page loads:
- A scan begins automatically
- Results are displayed within a few seconds
- A Scan Risk Score summarizes overall risk
SteelWP does not make any changes to your site during the scan.
Understanding the Results
Each finding represents a potential risk.
For each item, you will see:
- what was detected
- why it matters
- recommended next steps
Focus first on:
- high-risk findings
- exposed files
- configuration issues
What the Scan Does Not Do
SteelWP does not:
- scan for malware signatures
- run continuously in the background
- modify your site automatically
This ensures the scan is fast, safe, and predictable.
Running Additional Scans
To run another scan:
- Re-open the Scan page
- Reload the Scan page
A new scan will be triggered automatically each time.
After Your First Scan
Once you have reviewed the results:
- Identify the highest-risk findings
- Apply hardening where appropriate
- Return to the Scan page to confirm improvements
Common Issues
Scan Does Not Start
- Ensure you are on the Scan page (not just the dashboard)
- Refresh the page
- Check for plugin or JavaScript conflicts
No Findings Detected
This is normal.
- Your site may already be well-configured
- No obvious risks were found
Unexpected Results
- Review the explanation provided with each finding
- Some findings may reflect intentional configurations
- Only apply changes you understand
Tips for Best Results
- Run scans after updates, migrations, or restores
- Re-scan after applying hardening
- Use scans as a regular audit tool
What to Do Next
After your first scan:
- Review the Dashboard overview
- Understand your Scan Risk Score
- Begin applying hardening controls