Security is a priority factor for any public sector website. We take the security of our clients’ sites seriously and won’t compromise assurance, even under the tightest of deadlines.

Many of our sites use WordPress, and we’ve had a lot of experience with the work that’s needed to make WordPress sites more secure. We routinely perform audits, plugin code reviews and penetration testing, so that clients can intelligently mitigate the risks they face.

Much of this work happens in the background whenever we’re building a WordPress site, but we can also deliver bespoke assurance work for other projects.

What's involved?

Plugin code reviews

We often carry out short, targeted code reviews designed to give us a general sense of a plugin’s code quality, and of the kinds of problems it might contain.


Our WordPress audits interrogate sites to provide a variety of useful assurance information about users, code, changes, versions, sites, themes and more.

Penetration testing

Penetration tests replicate the activities you might find in a concerted attack. They’re help you find the issues an attacker would uncover, so that you can fix them.