Seravo
Show security report
At Seravo.com security plugins are not recommended because they often introduce more problems than what they solve, but one nice thing with them is that they produce reports. We should also implement some kind of security overview page, where users that have reporting responsibilities can get a report on their security status and send it to their superiors etc.
For all users in general it would be nice to show some nice green icon that everything is OK when our scanners have not detected anything.
A nice starting point could be https://wordpress.org/plugins/gauntlet-security/ It already has a lot of useful checks in it.
Although I would develop a nice, lean framework that is UI-agnostic, so it may become a WP-CLI command some day.
For more-than-needed security level: https://github.com/sektioneins/pcc (They manufacture suhosin)
The first step could be to check whether we are still we: https://github.com/szepeviktor/debian-server-tools/blob/master/webserver/php-env-check.php
Most of these are about server settings. We need something that warn users/site admins if their WordPress settings/plugins are dangerous, and which they need to fix themselves.
For the server side settings, the tips above are good for auditing our stack and to guide potential changes made by Seravo staff.
Some of this could be implemented as part of #66.
Note that we already have some things reported under Tools > Security.