From 29 to 88: How One SaaS company Fixed 4 Security Problems

29
88

The Situation

A SaaS company came to TrustedWeb after noticing their website traffic had been declining for months. They suspected an SEO issue, but a security scan revealed something more concerning: their website had 4 security vulnerabilities that were actively putting their visitors at risk.

Their initial TrustedWeb trust score was 29 out of 100 — well below the average of 36.

Problems Found

Our comprehensive scan identified the following issues:

  1. No X-Frame-Options header (clickjacking risk)
  2. Outdated WordPress plugins with known vulnerabilities
  3. Outdated WordPress core version
  4. Default admin username still in use

The Fix

Here’s what was done to address each issue, in order of priority:

Step 1: Update Everything (Day 1)

All WordPress plugins, themes, and core were updated to the latest versions. Two unused plugins were removed entirely. This alone closed the most dangerous vulnerability windows.

Step 2: SSL and Headers (Day 1)

A fresh SSL certificate was installed, HTTPS redirects were configured, and all six essential security headers were added to the server configuration. Mixed content issues were fixed by updating internal links.

Step 3: Admin Security (Day 2)

The default “admin” username was changed, two-factor authentication was enabled, and login attempt limiting was configured. The wp-admin URL was moved behind an additional authentication layer.

Step 4: Monitoring Setup (Day 2)

Automated security scanning was configured to run weekly, with email alerts for any new vulnerabilities or score drops.

The Results

After implementing all fixes, the website’s trust score jumped from 29 to 88 — an improvement of 59 points.

Impact After 30 Days:

  • Trust score: 29 → 88
  • Browser warnings: Eliminated
  • Security headers: All 6 essential headers present
  • Plugin vulnerabilities: Zero known issues
  • Organic traffic: Began recovering within 2 weeks

Key Takeaway

Most of these fixes took less than 2 hours total. The SaaS company had been losing traffic for months due to issues that could have been identified and fixed in an afternoon.

The most common reaction we hear: “I didn’t know my website had these problems.”

Check Your Website

Your website might have the same issues. Run a free scan to find out your trust score and get specific recommendations.

Is Your Website Secure?

Run a free security scan to check for vulnerabilities, missing headers, SSL issues, and more.

Scan Your Website Free

Note: Details have been anonymized to protect the website owner’s privacy. The security issues and improvements described are based on real scan data.