Plans & pricing

Find what attackers find
— before they do.

Start with one free limited scan, then upgrade to continuous monitoring and advanced protection.

Cancel anytimeNo contractsSecure Stripe billingFounder-built
Pro
$29/mo

For solo founders and small sites.

  • Daily continuous monitoring
  • Automated rescans — no manual clicks
  • Quick, Standard & Deep scans
  • All 12 security engines
  • Email alerts on new findings
  • PDF / CSV / SARIF / JSON exports
  • Up to 5 websites · 50 scans/mo
  • Full dashboard access
ShieldMost popular
$79/mo

For growing SaaS and busy agencies.

  • Everything in Pro
  • Up to 25 websites · 250 scans/mo
  • 6-month scan history
  • VirusTotal threat-intel enrichment
  • 3 team seats
  • Read-only API access
  • Webhook alerts
  • Higher concurrency (5 scans)
Managed Security Review
$129/mo

Everything in Shield plus a 1-on-1 review with our team.

  • Everything in Shield
  • 1-on-1 virtual security review
  • Personal scan walkthrough
  • Personalized recommendations
  • Setup guidance
  • Priority support
  • Team / business assistance
Compare plans

Side-by-side feature comparison

What you get at every tier. Hover any row to highlight.

Free
$0
Monitoring
  • One-time scan
  • Continuous monitoring
  • Automated rescans
  • Scan frequencyManual
  • Websites monitored1
Detection
  • SSL / TLS checks
  • Security headers
  • DNS analysis
  • Technology fingerprinting
  • Deep crawl (Deep profile)
  • Third-party domain analysis
  • Malicious domain detection
  • Risk scoring
Reporting
  • Dashboard access
  • Email alerts
  • Scan history7 days
  • PDF reports
  • Remediation guidanceBasic
  • Executive summaries
Support
  • Priority support
  • Virtual review meeting
  • Personalized recommendations
Team features
  • Team accounts
  • Multi-site management
Pro
$29 / mo
Monitoring
  • One-time scan
  • Continuous monitoring
  • Automated rescans
  • Scan frequencyDaily
  • Websites monitored5
Detection
  • SSL / TLS checks
  • Security headers
  • DNS analysis
  • Technology fingerprinting
  • Deep crawl (Deep profile)
  • Third-party domain analysis
  • Malicious domain detection
  • Risk scoring
Reporting
  • Dashboard access
  • Email alerts
  • Scan history30 days
  • PDF reports
  • Remediation guidanceStandard
  • Executive summaries
Support
  • Priority support
  • Virtual review meeting
  • Personalized recommendations
Team features
  • Team accounts
  • Multi-site management
Shield
$79 / mo
Monitoring
  • One-time scan
  • Continuous monitoring
  • Automated rescans
  • Scan frequencyDaily
  • Websites monitored25
Detection
  • SSL / TLS checks
  • Security headers
  • DNS analysis
  • Technology fingerprinting
  • Deep crawl (Deep profile)
  • Third-party domain analysis
  • Malicious domain detection
  • Risk scoring
Reporting
  • Dashboard access
  • Email alerts
  • Scan history180 days
  • PDF reports
  • Remediation guidanceEnhanced
  • Executive summaries
Support
  • Priority support
  • Virtual review meeting
  • Personalized recommendations
Team features
  • Team accounts3 seats
  • Multi-site management
Managed Review
$129 / mo
Monitoring
  • One-time scan
  • Continuous monitoring
  • Automated rescans
  • Scan frequencyDaily
  • Websites monitored200
Detection
  • SSL / TLS checks
  • Security headers
  • DNS analysis
  • Technology fingerprinting
  • Deep crawl (Deep profile)
  • Third-party domain analysis
  • Malicious domain detection
  • Risk scoring
Reporting
  • Dashboard access
  • Email alerts
  • Scan history1 year
  • PDF reports
  • Remediation guidancePersonalized
  • Executive summaries
Support
  • Priority support
  • Virtual review meeting
  • Personalized recommendations
Team features
  • Team accounts15 seats
  • Multi-site management
Why monitoring?

Websites change. So do threats.

Most vulnerabilities appear after plugin updates, expired certificates, third-party script changes, or server misconfigurations. WebHound continuously monitors so you catch them before attackers do.

SSL expiration

Certificates fail silently when they expire — visitors see a scary browser warning.

Exposed admin panels

A misconfigured rebuild can re-expose /admin or /wp-admin to the internet overnight.

Suspicious external domains

A newly added third-party script can quietly send user data to unknown destinations.

Outdated technologies

Old jQuery, WordPress plugins, and CMS versions are the easiest CVEs to weaponize.

Weak security headers

Missing CSP, HSTS, or X-Frame-Options invites clickjacking and content injection.

DNS risks

Dangling subdomains, missing SPF/DMARC, or stale records become takeover paths.

The engine

What happens during a WebHound scan?

A single scan runs multiple specialized engines in parallel — each one looking for a different category of risk.

SSL / TLS analysis

Cipher strength, certificate chain, expiry, and protocol downgrades.

Security headers

CSP, HSTS, X-Frame-Options, X-Content-Type-Options, and friends.

DNS inspection

Records, MX/SPF/DMARC, dangling subdomains, and resolution paths.

Technology fingerprinting

CMS, framework, server, JS libraries, and version detection.

Third-party script analysis

Every external JavaScript loaded — where it comes from and what it does.

External domain checks

Reputation lookups on every external host your site contacts.

Misconfiguration detection

Exposed admin paths, leaked .env files, open CORS, weak cookies.

Threat intelligence lookups

Cross-reference findings against VirusTotal and known-bad feeds.

Sample findings

What an actual WebHound finding looks like

Plain-English explanations with severity, evidence, and a remediation path. Examples below — not from a real customer.

CriticalExample finding

Expired TLS certificate

Site is serving an expired certificate — visitors will see a browser warning.

HighExample finding

Exposed admin portal

/admin is reachable from the internet without rate limiting or IP allowlisting.

HighExample finding

Suspicious third-party JavaScript

Script loaded from a domain flagged in threat-intel for malvertising activity.

MediumExample finding

Missing Content Security Policy

No CSP header — site is vulnerable to inline script injection and clickjacking.

MediumExample finding

Weak cookie security flags

Session cookie missing Secure and HttpOnly flags — exposed to MITM and XSS.

LowExample finding

Outdated framework detected

jQuery 1.x detected — known to contain XSS prototype pollution vulnerabilities.

Managed Security Review · $129/mo

Human guidance when you need it.

The scan is the easy part. Knowing which findings actually matter and how to fix them in your stack is harder. The Managed plan adds a real person — the WebHound founder — to that loop.

  • Scheduled 1-on-1 virtual security review
  • Live walkthrough of your scan results
  • Help prioritizing what to fix first
  • Remediation guidance tailored to your stack
  • Priority support — replies in hours, not days
Sample review agenda
  • 0:00Welcome + overview of latest scan
  • 0:05Walk through critical & high findings
  • 0:20Prioritization — what to fix this week
  • 0:30Stack-specific remediation steps
  • 0:45Q&A and monitoring config tuning
FAQ

Common questions

If we missed yours, email support@webhoundsecurity.com.

What does the free scan include?

One limited scan on one website. You see headline findings — severity, category, and a short explanation — but advanced engines (third-party analysis, threat-intel lookups, deep crawl) and continuous monitoring are off.

What is continuous monitoring?

Instead of one snapshot, WebHound rescans your site on a schedule — daily on every paid plan. When something new shows up — a new finding, a regression, an expired cert — we tell you.

Can I cancel anytime?

Yes. One click in the billing portal. No retention call, no contract. You keep access until the end of the period you already paid for.

Does WebHound fix vulnerabilities for me?

No — WebHound identifies risks and provides remediation guidance. Fixes happen in your codebase, your DNS, and your server config. On the Managed Review plan we walk through exactly what to change and why.

What is included in the virtual security review?

A scheduled 1-on-1 session where we walk through your latest scan, prioritize findings, and give you stack-specific remediation steps. Typically 30–60 minutes, billed monthly as part of the $129 plan.

How often are websites rescanned?

Free is manual only. Every paid plan — Pro, Shield, and Managed Review — rescans daily. You can also kick off ad-hoc scans anytime up to your monthly limit.

What types of risks can WebHound detect?

SSL/TLS misconfigurations, missing security headers, DNS risks (dangling subdomains, missing SPF/DMARC), outdated technologies with known CVEs, suspicious third-party scripts, exposed admin paths, weak cookie flags, and more — across the 12 specialized engines.

Start monitoring your website today.

One free scan to see what we find. Upgrade only when you want continuous monitoring.

WebHound helps identify risks and provide remediation guidance, but no security platform can guarantee complete protection.