Scan Risk Score Explained
What This Covers
This guide explains how the Scan Risk Score is calculated and how to interpret it.
The Scan Risk Score provides a quick summary of your site's overall risk level based on detected findings.
What the Scan Risk Score Represents
The Scan Risk Score is an aggregated measure of risk based on the findings from your most recent scan.
It reflects:
- the presence of security issues
- the severity of those issues
- the potential exposure of sensitive data
The score is intended to give you a high-level view, not a complete assessment.
How to Interpret the Score
In general:
- A higher score indicates greater risk
- A lower score indicates fewer or less severe issues
However, the score should always be interpreted alongside the actual findings.
What Influences the Score
The Scan Risk Score is affected by:
- severity of findings
- number of findings
- type of exposure (e.g. public access vs internal configuration)
High-impact issues contribute more heavily than minor or informational findings.
Why the Score Is Not Everything
The Scan Risk Score is a guide, not a guarantee.
For example:
- A single high-risk issue may be more important than multiple minor ones
- Some findings may be intentional based on your setup
- Not all risks are equal in real-world impact
Always review individual findings before taking action.
How to Use the Score Effectively
Use the Scan Risk Score to:
- quickly assess overall risk
- track improvements over time
- identify when attention is needed
Do not use it as the sole basis for decisions.
Improving Your Score
To improve your Scan Risk Score:
- Address high-risk findings first
- Apply relevant hardening controls
- Remove unnecessary or exposed files
- Re-run the scan to confirm improvements
Changes to your configuration will be reflected in the score after the next scan.
When the Score Does Not Change
If your score remains the same after making changes:
- confirm the issue was fully resolved
- return to the Scan page to trigger a new scan
- review whether the finding still applies
Common Questions
Is a low score “secure”?
A lower score indicates fewer detected risks, but no system is completely risk-free.
Use the score as a guideline, not a guarantee.
Why is my score high?
Common reasons include:
- exposed backup or database files
- debug settings enabled
- publicly accessible sensitive information
These should be reviewed and addressed where appropriate.
Can I ignore the score?
You should not ignore the score entirely, but you should prioritize understanding findings over chasing a number.
Tips
- Focus on high-impact issues first
- Use the score to track progress, not define success
- Re-scan regularly after making changes
What to Do Next
After reviewing your Scan Risk Score:
- Open the Scan page
- Review individual findings
- Apply hardening where appropriate