Human-tested, transparently priced

Website security services for small sites.

Three productized audits, one honest method: a human engineer tests your site by hand and writes up exactly what to fix. Free check first, full audit from $49.

What security services does Bug Circuit offer? Three manual audits — a WordPress security audit, penetration testing for small businesses, and a security audit for startups. Every one starts with a free passive critical-bug check, the full manual audit with a written report is $49 one-time, and $299 adds fixes for high and critical issues plus 3 months of cover. All testing is done by a human engineer, with a 14-day money-back guarantee before the audit begins.

Choose your audit

How every engagement works

  • 1. Free check. A passive look at your domain — no login, no charge, no impact on your site.
  • 2. Verify ownership. Email, DNS, file or meta-tag verification plus a recorded Authorization to Test before anything active happens.
  • 3. Human audit. A senior engineer manually tests access control, authentication and business logic — the flaws automated scanners can’t find.
  • 4. Report & fixes. A written report with severity, evidence and exact fix steps — suitable to share with enterprise customers. On Signal, we fix the high and critical issues with you and re-test.

The honest caveat: this is a productized small-site scope, not an enterprise engagement. Traditional pentests run $5,000–$20,000+ because they’re scoped for large applications and compliance paperwork. If your application genuinely needs that, we’ll say so before taking your money.

Who this is for

Bug Circuit is built for the sites traditional firms won’t touch affordably: WordPress businesses, indie SaaS, agencies shipping client sites, and startups whose first enterprise customer just asked for a penetration test report. Traditional “small business” floors start around $3,500–$4,000, and most sub-$1,500 “pentests” from big firms are rebranded automated scans. We do the opposite: small scope, real human testing, published prices, worldwide.

Common questions

Which security service do I need for my website?
If you run WordPress, start with the WordPress audit — it covers the plugin, theme and login attack surface bots hit first. If a customer or partner asked for proof of testing, the small-business penetration test produces a report you can hand over. Startups with custom code should pick the startup audit. Unsure? Run the free check and we’ll point you at the right scope.
Are these audits automated scans or manual testing?
Manual. A human security engineer tests your site by hand — access control, authentication flows and business logic that automated scanners cannot reason about. Tools assist, but every finding is verified and written up by a person.
How much do the services cost?
The same transparent pricing applies to every service: a free critical-bug check, $49 one-time for the full manual audit with a written report, or $299 for the audit plus fixing the high and critical issues plus 3 months of cover. No quote calls.
Is a $49 audit really comparable to a $5,000 penetration test?
It is the same kind of manual work at a productized small-site scope — not a 3-week enterprise engagement, and we never pretend otherwise. Traditional pentests average around $18,000 because they carry enterprise scoping, paperwork and consultancy overhead most small websites simply do not need.
Do you test websites you don’t own?
Never. Before any active testing you verify domain ownership (email, DNS, file or meta-tag) and we record an Authorization to Test. That keeps every engagement legal, worldwide.

Keep reading

See what attackers see — free

Run the free passive check on your domain. No login, no impact on your site, results in seconds.

Passive recon only. No login, and no impact on your site. Deeper testing needs domain verification.

Ready for the full manual audit? See transparent pricing →