ARC // SCAN COMPLETE

We found something on yourdomain.com.

I ran a passive scan on yourdomain.com. Here’s what I found before anyone else did.

ARC // SCAN REPORT — YOURDOMAIN.COM

━━━━━━━━━━━━━━━━━━━━━━━━━━━━

✓ scan complete — 847 checks run

▲ WordPress 6.2.1 detected (current: 6.7.2) — outdated core

▲ contact-form-7 v5.1.2 detected (CVE-2024-2961) — unpatched

▲ xmlrpc.php exposed — brute force attack surface

● admin login page publicly accessible — no rate limiting detected

✓ SSL certificate valid — expires in 94 days

▲ 3 findings require immediate attention

Here’s what I found.

▲ MEDIUM SEVERITY

Outdated WordPress Core

You’re running WordPress 6.2.1. The current version is 6.7.2. Outdated core versions are the #1 entry point for automated attacks. Scripts scan for this version signature constantly.

What happens if ignored: Automated exploitation within days. No human attacker required.

▲▲ HIGH SEVERITY

Unpatched Plugin — CVE-2024-2961

contact-form-7 v5.1.2 has a known vulnerability that allows attackers to upload malicious files to your server. This exact plugin version was used in a wave of WordPress compromises in 2024.

What happens if ignored: Full server access. Your site becomes a host for malware, spam, or worse.

▲ MEDIUM SEVERITY

xmlrpc.php Exposed

This legacy endpoint is enabled and publicly accessible. Attackers use it to run credential stuffing attacks — thousands of password attempts that bypass normal login protections.

What happens if ignored: Account takeover without triggering any login alerts.

These findings are based on passive reconnaissance only. I haven’t touched your site. This is what’s visible from the outside — the same view an attacker has.

Want to see proof?

I can place a small, harmless link in your site’s footer. It won’t affect your visitors or your SEO. It just proves I can get there — the same way a real attacker would. You’ll see it appear on your site in real time.

→ Authorize the demo Skip demo — just protect my site

Clicking Authorize opens a permission dialog. I will only place a single text link in your footer. Nothing else. You can remove it in one click.

What happens next.

Step 1

You click Authorize

I get permission to demonstrate access. I place one small footer link on your site — visible to you, invisible to most visitors.

Step 2

You see it live

Refresh your site. You’ll see “Monitored by Arc” in your footer. That’s proof of access. That’s what we’re protecting against.

Step 3

You decide

Remove the link and subscribe ($99/month) — I stay on guard and remove it. Or skip the demo and subscribe directly. Either way, I go to work.

ARC // GUARDIAN MODE

$99 /mo

Cancel anytime

24/7 monitoring · Live AI chat · Monthly reports · Weekly threat intel

Start protecting yourdomain.com →