Getting started

Run your first audit in five minutes

Everything between installing the plugin and reading your first security report — step by step.

Before you begin

You need two things:

  • WordPress admin access to the site you want to audit
  • The Lockora Audit plugin installed and activated

If the plugin is not installed yet, go to WP Admin → Plugins → Add New and search for Lockora Audit. Click Install, then Activate. Alternatively, download the zip from the WordPress plugin directory and upload it via Plugins → Add New → Upload Plugin.

Not sure if it’s already installed? Go to WP Admin → Plugins → Installed Plugins and look for “Lockora Audit” in the list. If it’s there but says “Inactive”, click Activate.

The steps

1

Open the plugin dashboard

After activation, Lockora Audit appears in the left sidebar of your WordPress admin. Click it to open the plugin dashboard.

WP Admin Lockora Audit
2

Click “Run audit”

On the dashboard, click the Run audit button. Lockora will scan your core files, all installed plugins, your active theme, the database, and the uploads directory. A progress indicator shows what is being scanned.

Most sites finish a full scan in under three minutes. The scan runs in a background process — it throttles itself automatically if server load spikes, so your site stays responsive throughout.

3

Read the report

When the scan completes, the dashboard shows your security score (0–100) and a ranked list of findings. Findings are sorted by severity:

Level What it means Act within
Critical Active exploit risk or exposed credentials Today
Warning Misconfiguration that increases attack surface This week
Passed Check completed, no issue found

Click any finding to expand it. Each one explains what the issue is, why it matters, and how to fix it — in plain English, not just a CVE reference.

4

Apply a fix (optional)

Many findings include a one-click fix. Before applying anything, Lockora creates a rollback point. If the fix causes any HTTP 5xx errors, it reverts automatically within seconds. You can also revert manually from the dashboard at any time.

You are always in control. No fix is applied without your explicit approval. If you prefer to handle remediation manually — or pass the report to your developer — you can export the full report as a PDF instead.

Not sure about a fix? Leave it pending and email the report to your developer. The export button is in the top-right corner of the report view.
5

Schedule ongoing scans

A one-time audit is a good start. For ongoing coverage, go to Settings inside the plugin and set a scan schedule: daily, weekly, or after each plugin/theme update.

Lockora will also alert you by email when a new CVE is published that affects a plugin or theme you have installed — no manual scan needed.

Lockora Audit Settings Scan schedule

Need help?

If you get an unexpected result, a scan that never finishes, or an error message, email us with your WordPress version and the Lockora Audit plugin version. We will respond the same day.

Email support Read the FAQ