Find what attackers find
— before they do.
Start with one free limited scan, then upgrade to continuous monitoring and advanced protection.
For solo founders and small sites.
- Daily continuous monitoring
- Automated rescans — no manual clicks
- Quick, Standard & Deep scans
- All 12 security engines
- Email alerts on new findings
- PDF / CSV / SARIF / JSON exports
- Up to 5 websites · 50 scans/mo
- Full dashboard access
For growing SaaS and busy agencies.
- Everything in Pro
- Up to 25 websites · 250 scans/mo
- 6-month scan history
- VirusTotal threat-intel enrichment
- 3 team seats
- Read-only API access
- Webhook alerts
- Higher concurrency (5 scans)
Everything in Shield plus a 1-on-1 review with our team.
- Everything in Shield
- 1-on-1 virtual security review
- Personal scan walkthrough
- Personalized recommendations
- Setup guidance
- Priority support
- Team / business assistance
Side-by-side feature comparison
What you get at every tier. Hover any row to highlight.
| Feature | Free $0 | Pro $29 / mo | Shield $79 / mo | Managed Review $129 / mo |
|---|---|---|---|---|
| Monitoring | ||||
| One-time scan | ||||
| Continuous monitoring | ||||
| Automated rescans | ||||
| Scan frequency | Manual | Daily | Daily | Daily |
| Websites monitored | 1 | 5 | 25 | 200 |
| Detection | ||||
| SSL / TLS checks | ||||
| Security headers | ||||
| DNS analysis | ||||
| Technology fingerprinting | ||||
| Deep crawl (Deep profile) | ||||
| Third-party domain analysis | ||||
| Malicious domain detection | ||||
| Risk scoring | ||||
| Reporting | ||||
| Dashboard access | ||||
| Email alerts | ||||
| Scan history | 7 days | 30 days | 180 days | 1 year |
| PDF reports | ||||
| Remediation guidance | Basic | Standard | Enhanced | Personalized |
| Executive summaries | ||||
| Support | ||||
| Priority support | ||||
| Virtual review meeting | ||||
| Personalized recommendations | ||||
| Team features | ||||
| Team accounts | 3 seats | 15 seats | ||
| Multi-site management | ||||
Free$0
- One-time scan
- Continuous monitoring
- Automated rescans
- Scan frequencyManual
- Websites monitored1
- SSL / TLS checks
- Security headers
- DNS analysis
- Technology fingerprinting
- Deep crawl (Deep profile)
- Third-party domain analysis
- Malicious domain detection
- Risk scoring
- Dashboard access
- Email alerts
- Scan history7 days
- PDF reports
- Remediation guidanceBasic
- Executive summaries
- Priority support
- Virtual review meeting
- Personalized recommendations
- Team accounts
- Multi-site management
Pro$29 / mo
- One-time scan
- Continuous monitoring
- Automated rescans
- Scan frequencyDaily
- Websites monitored5
- SSL / TLS checks
- Security headers
- DNS analysis
- Technology fingerprinting
- Deep crawl (Deep profile)
- Third-party domain analysis
- Malicious domain detection
- Risk scoring
- Dashboard access
- Email alerts
- Scan history30 days
- PDF reports
- Remediation guidanceStandard
- Executive summaries
- Priority support
- Virtual review meeting
- Personalized recommendations
- Team accounts
- Multi-site management
Shield$79 / mo
- One-time scan
- Continuous monitoring
- Automated rescans
- Scan frequencyDaily
- Websites monitored25
- SSL / TLS checks
- Security headers
- DNS analysis
- Technology fingerprinting
- Deep crawl (Deep profile)
- Third-party domain analysis
- Malicious domain detection
- Risk scoring
- Dashboard access
- Email alerts
- Scan history180 days
- PDF reports
- Remediation guidanceEnhanced
- Executive summaries
- Priority support
- Virtual review meeting
- Personalized recommendations
- Team accounts3 seats
- Multi-site management
Managed Review$129 / mo
- One-time scan
- Continuous monitoring
- Automated rescans
- Scan frequencyDaily
- Websites monitored200
- SSL / TLS checks
- Security headers
- DNS analysis
- Technology fingerprinting
- Deep crawl (Deep profile)
- Third-party domain analysis
- Malicious domain detection
- Risk scoring
- Dashboard access
- Email alerts
- Scan history1 year
- PDF reports
- Remediation guidancePersonalized
- Executive summaries
- Priority support
- Virtual review meeting
- Personalized recommendations
- Team accounts15 seats
- Multi-site management
Websites change. So do threats.
Most vulnerabilities appear after plugin updates, expired certificates, third-party script changes, or server misconfigurations. WebHound continuously monitors so you catch them before attackers do.
SSL expiration
Certificates fail silently when they expire — visitors see a scary browser warning.
Exposed admin panels
A misconfigured rebuild can re-expose /admin or /wp-admin to the internet overnight.
Suspicious external domains
A newly added third-party script can quietly send user data to unknown destinations.
Outdated technologies
Old jQuery, WordPress plugins, and CMS versions are the easiest CVEs to weaponize.
Weak security headers
Missing CSP, HSTS, or X-Frame-Options invites clickjacking and content injection.
DNS risks
Dangling subdomains, missing SPF/DMARC, or stale records become takeover paths.
What happens during a WebHound scan?
A single scan runs multiple specialized engines in parallel — each one looking for a different category of risk.
SSL / TLS analysis
Cipher strength, certificate chain, expiry, and protocol downgrades.
Security headers
CSP, HSTS, X-Frame-Options, X-Content-Type-Options, and friends.
DNS inspection
Records, MX/SPF/DMARC, dangling subdomains, and resolution paths.
Technology fingerprinting
CMS, framework, server, JS libraries, and version detection.
Third-party script analysis
Every external JavaScript loaded — where it comes from and what it does.
External domain checks
Reputation lookups on every external host your site contacts.
Misconfiguration detection
Exposed admin paths, leaked .env files, open CORS, weak cookies.
Threat intelligence lookups
Cross-reference findings against VirusTotal and known-bad feeds.
What an actual WebHound finding looks like
Plain-English explanations with severity, evidence, and a remediation path. Examples below — not from a real customer.
Expired TLS certificate
Site is serving an expired certificate — visitors will see a browser warning.
Exposed admin portal
/admin is reachable from the internet without rate limiting or IP allowlisting.
Suspicious third-party JavaScript
Script loaded from a domain flagged in threat-intel for malvertising activity.
Missing Content Security Policy
No CSP header — site is vulnerable to inline script injection and clickjacking.
Weak cookie security flags
Session cookie missing Secure and HttpOnly flags — exposed to MITM and XSS.
Outdated framework detected
jQuery 1.x detected — known to contain XSS prototype pollution vulnerabilities.
Human guidance when you need it.
The scan is the easy part. Knowing which findings actually matter and how to fix them in your stack is harder. The Managed plan adds a real person — the WebHound founder — to that loop.
- Scheduled 1-on-1 virtual security review
- Live walkthrough of your scan results
- Help prioritizing what to fix first
- Remediation guidance tailored to your stack
- Priority support — replies in hours, not days
- 0:00Welcome + overview of latest scan
- 0:05Walk through critical & high findings
- 0:20Prioritization — what to fix this week
- 0:30Stack-specific remediation steps
- 0:45Q&A and monitoring config tuning
Common questions
If we missed yours, email support@webhoundsecurity.com.
What does the free scan include?
One limited scan on one website. You see headline findings — severity, category, and a short explanation — but advanced engines (third-party analysis, threat-intel lookups, deep crawl) and continuous monitoring are off.
What is continuous monitoring?
Instead of one snapshot, WebHound rescans your site on a schedule — daily on every paid plan. When something new shows up — a new finding, a regression, an expired cert — we tell you.
Can I cancel anytime?
Yes. One click in the billing portal. No retention call, no contract. You keep access until the end of the period you already paid for.
Does WebHound fix vulnerabilities for me?
No — WebHound identifies risks and provides remediation guidance. Fixes happen in your codebase, your DNS, and your server config. On the Managed Review plan we walk through exactly what to change and why.
What is included in the virtual security review?
A scheduled 1-on-1 session where we walk through your latest scan, prioritize findings, and give you stack-specific remediation steps. Typically 30–60 minutes, billed monthly as part of the $129 plan.
How often are websites rescanned?
Free is manual only. Every paid plan — Pro, Shield, and Managed Review — rescans daily. You can also kick off ad-hoc scans anytime up to your monthly limit.
What types of risks can WebHound detect?
SSL/TLS misconfigurations, missing security headers, DNS risks (dangling subdomains, missing SPF/DMARC), outdated technologies with known CVEs, suspicious third-party scripts, exposed admin paths, weak cookie flags, and more — across the 12 specialized engines.
Start monitoring your website today.
One free scan to see what we find. Upgrade only when you want continuous monitoring.
WebHound helps identify risks and provide remediation guidance, but no security platform can guarantee complete protection.