10 years ago, as a caretaker for an apartment complex I had the chance to meet a building security contractor.
It was a new building, so the landlord had not fully installed a proper security system. Over the period of 2 weeks, 2 incidences occurred: a tv was stolen from the gym, and the parking garage door had been compromised.
As part of my duties, I had to let contractors in and out of the building. So I had a chance to meet with the security contractor.
I escorted him to several spots in the building where he would check cameras and wiring during this time.
We got to chatting, and after asking him a few questions, I had the feeling he may be behind some of the security breeches.
It was a gut feeling, but it made sense because he kept repeating that the landlord was cheap and decided to go for the basic security system only. A building of that size and type needed the full package.
It made me wonder whether this was a standard practise in the field.
Surely online this happens with website security consultants as well.
As a webmaster, has anyone had any experience working with wordpress security consultants?
I have 3 sites that might need a security audit, all with different plugins.
Any advice on how I can proceed would be helpful.