Skip to main content
How Can We Help?
< All Topics
Print

Core Security Overview

Posted
Updated
Byadmin

Purpose

This article explains what the Core Security section is intended to cover within CMSSPM. The goal is to give administrators a high-level understanding of the foundational WordPress and site-level security controls that most directly affect the baseline safety of the environment.

Where to find it

You can find Core Security under the Posture Management menu in wp-admin. It is one of the primary category sections reviewed alongside other areas such as Account Security, Browser Security, Email Security, and File Security.

What Core Security means

Core Security focuses on the basic protections and security-relevant conditions that help determine whether a WordPress site is operating from a reasonably secure starting point. These are the kinds of checks that often relate to platform fundamentals rather than narrow or specialized features.

In practical terms, this section is meant to help answer questions such as:

  • Is the site missing important baseline protections?
  • Are there obvious configuration weaknesses?
  • Are core platform behaviors aligned with safer operating practices?
  • Are there foundational issues that should be fixed before more advanced hardening work?

Because these kinds of issues affect the base condition of the site, they often have an outsized influence on overall posture.

What it may include

The exact checks may expand over time, but Core Security generally includes items related to the security basics of the WordPress environment. Depending on the plugin’s feature set, that can include checks involving:

  • general WordPress security settings,
  • exposed or unsafe default behaviors,
  • baseline hardening controls,
  • core update and maintenance posture,
  • configuration choices that affect broad platform risk.

This section is less about specialized integrations and more about whether the site is following sound security fundamentals.

Why it matters

Core Security matters because weaknesses in foundational controls can undermine everything built on top of them. Even if other areas are strong, missing baseline protections can leave the environment unnecessarily exposed.

That is why Core Security findings are often among the first items administrators should review after a scan. Improving these issues early usually creates a better starting point for work in the other sections.

How to use this section

A practical way to use the Core Security section is to treat it as the first layer of review:

  1. Open Core Security after reviewing the Overview Dashboard.
  2. Look for failing or heavily weighted findings.
  3. Address straightforward hardening and configuration issues first.
  4. Rescan to confirm changes.
  5. Then move into more specialized sections for broader posture improvement.

This helps ensure that the site’s basic security footing is in place before spending time on narrower optimizations.

Notes and scope

This article is only a high-level introduction to the Core Security category. It does not describe every individual check, every remediation step, or every scoring rule tied to the section.

Those details should be covered in the findings themselves and in more technical supporting articles. This page is meant to explain the role of Core Security within the broader CMSSPM posture model.

Table of Contents