Your website is one of the most effective tools in your arsenal for attracting and engaging customers and fans. Every image and every word has been carefully considered to help present your business in a certain way and maintain your hard-earned reputation. And yet, one security flaw on your site could put all that hard work to waste, not only causing harmful downtime or defacement but also potentially losing your sales and damaging your brand.

With every change you make to your site, every new plugin or system you connect with, you could be adding weaknesses that attackers can find and exploit.

The answer is not to stop making improvements to your site; but to find the weaknesses as soon as they arise and before the attackers do.

Put your website security to the test with automated scanning

Intruder’s website security scanner is a powerful vulnerability scanner which enables you to uncover and neutralize threats to your business’ important digital home.

Intruder runs a continuous and robust check for vulnerabilities across your entire website and the underlying infrastructure. Applicable for sites maintained by Wordpress, Drupal, Joomla and SharePoint, the website security scan checks for infrastructure weaknesses (such as unencrypted admin services, or exposed databases), web-layer security problems (such as SQL injection and cross-site scripting), and other security misconfigurations. It will also notify you when SSL or TLS certificates are about to expire, helping you to maintain security and prevent downtime of your website or service.

Looking for more sophisticated scanning capability to identify weaknesses behind your login pages? Our new authenticated scanning capability is just what you need. Visit our web application scanner page for more info.

Continuous scrutiny

Your website is undergoing changes all the time, even without your knowledge. Plugins are being updated, different users are logging in to make edits, and the systems your site uses are being modified too. With a constantly evolving attack surface, the only way to stay protected is to run vulnerability scans continuously.

Intruder proactively scans your systems and automatically alerts you of any weaknesses so that you can resolve them before attackers can take advantage.

Performing at its best inside and out

Your internal systems can be just as enticing to hackers as your external network so it’s important to run continuous checks there too.  Intruder’s internal vulnerability scanner will hunt through your website for missing patches and can also detect insecure versions of many thousands of software components and frameworks, from web servers to operating systems and network devices.

Website penetration testing

Wish you could get inside the mind of a hacker to understand where they could attack and why? Penetration testing will do just that by simulating the activities of cyber attackers to uncover your website’s weaknesses so you can address them before it’s too late. Of course, with vulnerabilities arising every minute, point-in-time penetration testing will only uncover the flaws available at that moment, preventing you from staying on top of new threats as they appear.

Intruder Vanguard provides that continuous watch over your website and infrastructure, closing the gap between automated scanning and point in time penetration testing. Our security professionals will help you uncover unknown IT assets, analyze scan results, and adjust the priority of reported vulnerabilities to reflect the real threat.

Powerful integrations to save you time

As a SaaS product, Intruder’s website security scanner works seamlessly with your technical environment. There’s no need for lengthy installations or complex configuration, and comes with a range of integrations to make vulnerability management a breeze:

• Cloud integrations:
Automatically manage your AWS, Azure and Google Cloud targets with ease, from within the Intruder platform.
• Slack: Keep an eye on your security exposure in real-time with Intruder’s Slack integration.
• Jira: Send security issues to Jira, for easy tracking of your security issues.
• Microsoft Teams: Get notified about important events in the Intruder platform, such as when a scan completes or when we check you for the latest emerging threats.
• Zapier: Extend Intruder to 2,000+ other apps and move your info between web services automatically.
• REST API: Full automation of your vulnerability management process is possible with Intruder’s REST API, so you can integrate Intruder with your development and deployment cycles seamlessly.

What our customers say

We were in need of a testing product that would test from the inside out and outside in. That's what first attracted us to Intruder. The product is well laid out with a clear, concise Cloud interface. 

Roy McKenzie

Roy McKenzie

Director of Information Technology,
G&S Foods LLC

I really like how Intruder integrated with our internal company comms (ie Slack), this meant we stayed on top of the notifications it produced. Time is critical when it comes to security vulns so it’s helpful to have messages from Intruder next to our daily workflows.

Will Lewis

Senior Engineering Manager,

Not only does Intruder save me time and money, but it helps us close deals. Some customers are now requiring regular network scans in order to do business with SaaS companies. By utilizing Intruder we're able to meet client demand and ensure we're doing the right thing to keep our customer trust.

Justin Unton

Head of Information Security at Litmus

Auto-discovery, a very proactive set of scans against emerging threats and solid notifications. Intruder is a tool I can forget about unless I need to. Rock solid UX.

James Ramirez



Is there a difference between a website and a web application?

A website (eg. doesn’t do much; there’s very little interactivity, no logging in – in short, it’s a collection of static web pages. A web application that can be viewed within a browser can have a lot of features/functionality and is like a piece of software (eg.

What do you mean by scanning your website, internally?

When we talk about scanning the website internally, we’re actually talking about scanning the web server that the website is hosted on. Web servers are internet-facing, but any sensitive information connected to them (such as databases) will sit behind a firewall, to prevent them from being reached by unauthorized individuals.

If ‘stuff’ can’t be reached externally, then remote checks won’t work and so you’d need to run local checks (at Intruder all local/internal checks are performed via an agent which you’d install on the server).

What vulnerabilities would you typically find on a website? 

With so many vulnerabilities out there, it's impossible to list them all, but this article should give you an understanding of the different types of weaknesses we can detect, and how we do it.

Can I scan my website if it is built using a web app, such as WordPress, etc?

Intruder works with many platforms, such as WordPress, Drupal, Joomla, Squarespace and more.

Which plan should I choose if I just want to scan my website?

Choose our Essential or Pro plan to externally scan your website. If you are looking at our internal vulnerability scanning capability, this is only available to our Pro and Vanguard subscribers. Visit our pricing page to learn more.

What license should I buy for a website that doesn’t have a login-page?

Buy any of our Essential or Pro plans that cover infrastructure licenses by default. Visit our pricing page to learn more.

Start your 14-day free trial

of Intruder's website security scanner, to provide continuous protection for your systems today!