Public-surface Magento scan

Check your Magento store before attackers do.

Run a passive scan for common Magento security signals: exposed config, default admin paths, missing browser security headers and public version disclosure. No login attempts, no intrusive payloads.

Passive checks only
No admin login needed
Fix plan available
Magento risk scan

Passive checks only: no login attempts, no payloads, no intrusive probing. Same public-surface logic merchants already trust from MageReport-style checks.

What it checks

Fast public signals.
Not a full audit.

The scan is designed for early triage. It helps spot the obvious problems that show up in public security tools, PCI conversations and emergency support calls.

Magento 1 or Magento 2 public fingerprints
Public /magento_version disclosure
Default admin path exposure
Public .git, .env, env.php or local.xml leaks
Security headers including HSTS, CSP and X-Content-Type-Options
Magento 1 downloader exposure

Need the full picture?

Public scans cannot see extension versions, admin users, file permissions, deployment history, database integrity or checkout modifications. That is where the audit call helps.