Is penetration testing on WordPress common?

I’m building an ecommerce, membership website for a WordPress client. They asked about penetration testing, which is admittedly a service I’ve never provided.

Is it common to conduct penetration testing for a WordPress site?

This request seems overkill and unnecessary, given their total budget (<$10k).

I welcome any thoughts!

1 Comment
  1. No it’s not common, and yes for a job that size, seems unnecessary. And it’s kinda pointless – unless you’re doing it each, pen tests are essentially voice as soon as they’re done due to the frequency of WP code changes (plugins updates, etc).

    Install Wordfence, use strong passwords, keep the theme and plugins up to date at all times and you won’t have problems.

    If they’re insistent, come up with a price to make it worth your while [https://www.wordfence.com/learn/penetration-testing-your-wordpress-website/])

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer