Example of an Audit conducted by a retired Certified Information Systems Auditor (CISA)
This is an example of an audit that I performed on a website from a local business here in the Dallas Fort Worth Metroplex. Because of the sensitive information contained in this audit, the name of the business and website URL is not being disclosed to protect their privacy.
John, I was delighted that you enlisted my services to conduct a FREE audit of your website and determine if is optimized for speed and could use other improvements!
Audit of your website
My analysis shows that your website has the following issues:
🚩 Your website is exposed to hacking vulnerabilities because the WordPress software is not current!
How often does the WordPress software need to be upgraded and how much does it cost?
🚩 Count the number of times WordPress has published a new release or version of the software in the past two years.
🚩 Whatever the count is, that is the number of times that your website would had needed to be upgraded in order to mitigate the risk of being vulnerable to hacker attacks!
Who is going to upgrade the software?
Assuming that you know how to do this then, you are taking time away from your business.
If you outsource this function, it will probably come at an additional cost and this will increase the cost of website ownership.
What Internal Controls are you going to have in place to monitor:
When the software needs to be upgraded?
When the software has been upgraded?
Now that you know the facts, there is ONE CRITICAL QUESTION THAT EVERY WEBSITE OWNER NEEDS TO ASK.
Do you accept the additional costs and security risks associated with having a WordPress website?
🚩 If you ACCEPT THE ADDITIONAL COST AND SECURITY RISKS, good luck to you!
✅ If you DO NOT ACCEPT THE ADDITIONAL COST AND SECURITY RISKS then, you need to seriously consider a complete redesign of your website using a Mobile First website design strategy.
❓ Do you believe this a reasonable and valid question that deserve SERIOUS thought and answer?
Issues requiring immediate attention
Your WordPress software is not current!
🚩 THIS IS AN ACTION ITEM THAT SHOULD NOT BE IGNORED!
A scan of your website shows that your website is exposed to vulnerabilities because the WordPress software IS NOT CURRENT.
✅ ACTION ITEM: Ask the organization or person that created your website to upgrade the WordPress software as soon as possible.
Need To Monitor HTTP Error 404 Conditions
🚩 THIS IS AN ACTION ITEM THAT SHOULD NOT BE IGNORED!
Your website DOES NOT HAVE a HTTP Error 404 Page!
The HTTP Error 404 condition occurs when someone visiting your website, requests a web page that does not exist. As I stated earlier, a WordPress website is a popular hacker target.
Although my website DOES NOT USE WordPress, not a week goes by where my website generates automatic emails and text messages when someone is trying to identify and exploit vulnerabilities!
In your case, since you do not have an HTTP Error 404 Page, you are not aware that these hacking attempts are occurring! You need to be receiving emails anytime the HTTP Error 404 condition is triggered so that you are aware of hacking attempts and BLOCK their IP Address!
✅ ACTION ITEM: Ask the organization or person that created your website to create a HTTP Error 404 web page that automatically sends you an email to alert you of these error conditions!
GTmetrix Performance Report Action Items
All of these numbers can be improved by configuring your web pages and server for SPEED!
✅ ACTION ITEM: Email the GTmetrix Performance Report PDF file to the organization or person that created your website to correct the issues identified in the report. If these issues are corrected, your speed will improve!
Technology Profile Action Items
Your Technology Profile does not show any Analytics software. Do you have any way of knowing how many visitors go to your website? How many are Desktop Users and how many are Mobile Users?
✅ ACTION ITEM: Ask the organization or person that created your website if Analytics software was installed on your website.
Site Map Action Items
I could not detect a site map xml file on your website. The site map xml protocol allows a webmaster to inform search engines about URLs on a website that are available for crawling. A site map is an XML file that lists the URLs for a site. It allows a webmaster to include additional information about each URL: when it was last updated, how often it changes, and how important it is in relation to other URLs in the site.
✅ ACTION ITEM: Ask the organization or person that created your website to create a site map xml file to help the search engines index your website.
Every Web Page Has HTML Syntax Errors
Every one of the web pages in your website has HTML syntax errors. This can impact how each web page is displayed by the different web browsers (i.e. Chrome, Firefox, Opera, Safari and others). Click on the links below to view the HTML syntax errors on each page.
✅ ACTION ITEM: Ask the organization or person that created your website to correct these issues.
Some Links Are Not Working Properly
Why do you have several links pointing to the ABOUT US page?
✅ ACTION ITEM: Ask the organization or person that created your website to correct the issues.
Exploit Mobile Accessibility Features
Create a better User Experience (UX) for mobile users!