WARM is now available

Website Assessment and Risk Methodology

WARM is a structured, human reviewed methodology for evaluating your website's security posture, identifying the gaps, and delivering the fixes. It looks beyond headers into plugins, code, server configuration, PHP version, and CMS hygiene.

Open WARM See pricing

Prefer to start free? Run our 30 second header scanner and claim a free WARM dashboard in one click.

Scan history timeline showing security grade improving over successive scans

A scanner finds the symptoms. WARM finds the disease.

Most security tools look at one layer: headers, or malware, or a plugin database. WARM assesses your entire website security architecture as a system.

  • Security headers CSP, HSTS, X-Frame-Options, Permissions Policy, and five more
  • Plugins and extensions Vulnerable, abandoned, bloated, redundant, or conflicting
  • Code quality Theme and custom code reviewed for secure coding practice
  • Server configuration Web server hardening, file permissions, exposed services
  • Platform hygiene PHP version, CMS version, database, backups, update discipline
  • Access control Admin accounts, authentication strength, role hygiene
  • Network environment WiFi scanner audits your office network alongside your website
  • Compliance posture Evidence for GDPR, NIS2, PCI DSS, HIPAA, and regional laws

What WARM looks like in practice

One of our founding clients went from F to B in the first 24 hours. That is just the surface layer. WARM keeps going deeper.

Before
Scan result showing a failing F grade with multiple missing security headers
Starting point: 7 of 8 critical security headers missing. Grade F.
After
Scan result showing an A plus grade with all security headers present
24 hours later: header gaps closed, grade A+ achieved. WARM then continued into plugins, code, server configuration, and CMS hygiene.

How a WARM engagement works

From first scan to ongoing posture management, in four steps.

  1. 1

    Free scan

    Run our public scanner in thirty seconds. No signup. See your grade across eight critical security headers.

  2. 2

    Claim free dashboard

    Turn your scan into a free WARM dashboard with one click. Magic link login. No credit card.

  3. 3

    Initial assessment

    Subscribe and we run a full stack posture review: plugins, code, server, platform, compliance. You get a prioritised report.

  4. 4

    Ongoing remediation

    We implement the fixes. The WARM Agent watches for drift between reviews. Monthly reports keep you, your board, and your insurer informed.

Customer Spotlight

From an F to an A. A full platform rebuild along the way.

The engagement with SAMUA began in early 2026 with a WARM security header scan that returned an F grade. Within the first week all critical header gaps were remediated, bringing the score to B and then to A. But headers were only the entry point.

The assessment uncovered deeper issues: ageing plugins, server configuration gaps, and no structured compliance posture. The client chose to go further with a full website migration and rebuild, a custom WordPress theme, five purpose-built plugins including an SEO-compliant multilingual translation system, VPS deployment and hardening, and their own GEI scored assessment platform. WARM continues as their ongoing security monitoring subscription.

1 week Headers F to B
Full stack WordPress + Go + React
Ongoing Since February 2026

As a website owner, it is a nightmare to feel that your site isn't properly protected. Users and customers sense this too, and therefore, it is reflected in low traffic and conversions.

Our first evaluation with WARM by Masada Hardening was an F score for headers which improved to a B within a week with more work to bring it to an A.

The implementation included fixing critical headers, closing open vulnerabilities, optimising plugins especially the translation plugin, and ensuring our platform aligns with GDPR requirements and also the development of our GEI scored assessment platform.

We've regained confidence in the reliability of our website. We now project a serious, trustworthy presence online.

Carolina Guevara Obando Co-founder and Strategy Director, SAMUA Sustainable Development

SAMUA Sustainable Development B.V. is an engineering and technical consultancy focused on actionable sustainability by building practical, science-based approaches to sustainable development and aligning with international development goals.

Scope of work Security header remediation Website migration Web server hardening WordPress theme development Plugin development (x5) SEO-compliant translation plugin Technical SEO implementation WARM security assessment and monitoring GEI scored assessment platform VPS hosting and hardening Google Analytics and Search Console setup

Simple annual pricing

Pick the tier that fits. Upgrade any time. Cancel any time.

Founding Member Pricing

25% off for life on any annual plan.

Available for the next 25 customers. Founding members keep their rate on every renewal.

24 of 25 spots remaining

Essential

For small sites that need a clear plan.

$500 $375 / year

Starting from. Billed annually.

  • Initial security assessment
  • WARM Agent continuous monitoring
  • Monthly human reviewed reports
  • 1 hour incident recovery included
  • Annual WiFi network scan
  • Compliance ready documentation
Get started
Most Popular

Professional

For businesses that need posture, proof, and recovery.

$750 $563 / year

Starting from. Billed annually.

  • Everything in Essential
  • Plugin and core update management
  • Staff training and breach playbook
  • 3 hours incident recovery included
  • Quarterly audit ready posture review
  • Insurance ready incident documentation
Get started

Enterprise

For multi site operations and regulated industries.

Custom

Tailored to your environment.

  • Everything in Professional
  • Multi site WARM Agent deployment
  • Dedicated security consultant
  • Custom recovery SLA
  • Priority response and team training
  • Server access coordination
Talk to us

When WARM finds more than a configuration fix

Sometimes a WARM assessment surfaces structural issues that sit beyond the subscription scope: an insecure theme, aging plugins that can no longer be patched, or a codebase that was never written with security in mind. We offer optional add-on engagements for plugin consolidation, secure code refactoring, and full platform rebuilds. Available as separate projects alongside your WARM subscription. Ask us during your consultation.

Pricing shown in USD. Regional pricing available for EU markets. Caribbean and LATAM markets quoted in USD.

Frequently asked questions

If you have a question that is not here, reach out through our consultation form.

How is WARM different from a vulnerability scanner?

A scanner looks at one or two dimensions and produces findings. WARM assesses your entire website security architecture, prioritises the gaps, implements the fixes, and watches for configuration drift over time. A scanner tells you what is broken. WARM is the team that fixes it, documents it, and keeps it fixed.

Does WARM only cover WordPress?

No. WARM covers WordPress and WooCommerce, Laravel applications, static sites, and custom content management systems. Platform specific checks are part of each assessment. If you are unsure whether your stack is supported, ask us during the consultation.

Do I need technical skills to use WARM?

No. On the Professional tier we implement the fixes for you. On Essential you get step by step remediation guidance that a capable in-house developer or agency can follow. Reports are written to be understood by business stakeholders, not just engineers.

What happens if I am breached?

Every WARM plan includes incident recovery hours: one hour on Essential, three hours on Professional, custom SLA on Enterprise. Additional work beyond the included hours is billed at a documented hourly rate. Our incident response playbook is designed to satisfy the GDPR 72 hour notification window and NIS2 Article 21 reporting requirements.

How long does the initial assessment take?

A typical initial assessment runs within the first week of onboarding. Simple findings like security headers can be fixed in the first 24 hours. Deeper items like plugin consolidation or code refactoring take longer and are scoped with you before any changes are made.

Can I cancel?

Yes. Annual plans renew annually. You can choose not to renew at any time. Founding member rates are locked for life as long as the subscription remains active, so if you cancel and come back later you rejoin at the current standard rate.

Is my data safe?

Yes. The WARM portal is itself hardened to the same standard we apply to client sites. Authentication uses passwordless magic links with optional multi-factor authentication, session hardening, and role based access control. We store only the minimum data required to deliver the service.

Do you serve clients outside the US and EU?

Yes. We actively serve clients in the Caribbean, LATAM, EU, and North America. We have specific compliance expertise in Panama Law 81 and Jamaica JDPA, and our reports include the documentation templates required by each jurisdiction.

Built for regulated markets

  • GDPR Article 32
  • NIS2 Article 21
  • PCI DSS
  • HIPAA aware
  • Panama Law 81
  • Jamaica JDPA

Ready to know your risk?

Open your free WARM dashboard, or start with a 30 second header scan. Either way, you will have a clearer picture of your website's security in the next two minutes.

Open WARM Scan for free first