Emergency WordPress patches only help sites you remember.
1. Pull DNS and registrar lists
Export domains and note which point to websites vs email-only.
2. Check hosting and Microsoft 365 DNS
Old A records and forgotten Azure/static sites count.
3. Hit each site’s generator meta / login path
/wp-admin and generator tags still reveal a lot of WordPress estates.
4. Record version ownership
Who patches it: you, a developer, a host “care” plan, or nobody?
5. Schedule the review
Twice a year is enough for many SMBs, plus ad-hoc when a CMS CVE drops.
Need help building the inventory? Contact Qutzl.

