Learn
Short, plain-English guides on the most common website security problems Scanthra detects — and how to fix them yourself. No jargon, no fearmongering, no upselling.
Start here
How to read a website security report
What "severity", "confidence" and "compliance map" actually mean — and which findings you can ignore for now.
WordPress security checklist (2026)
The 12 settings, plugins and headers every WordPress site should have this year — including the items most often flagged in scans.
Common findings, fixed
How to fix a missing CSP header
What a Content-Security-Policy is, why your site needs one, and a copy-paste starter you can deploy in 10 minutes.
HTTPS and TLS done right
HSTS, certificate renewal, modern cipher suites — the boring TLS hygiene that quietly decides whether browsers trust you.
SPF, DKIM & DMARC explained
The three DNS records that decide whether your emails arrive in inbox or spam — and whether scammers can impersonate you.
Exposed .env file — what to do
Someone published your secrets to the world. Here is the exact 30-minute incident response: rotate, audit, lock down.
Subdomain takeovers, explained
How a forgotten DNS record on a long-dead staging site lets an attacker host phishing pages on your domain — and how to detect it.
Adding security.txt in 5 minutes
The tiny file that tells researchers where to send vulnerability reports — and quietly signals to procurement that you take security seriously.
Compliance, without the panic
NIS2 readiness for small businesses
The EU NIS2 Directive is now in force across all 27 Member States. What changes for your website, and the cheap fixes you can do today.
GDPR website checklist
The handful of website-level items GDPR actually cares about — cookie banners, privacy notice, data deletion, breach logging.
Want a topic covered? Tell us — every guide here started as a real customer question.