WordPress Security Scan

Online WordPress Security Scanner to test vulnerabilities and health of a WordPress installation. Checks include application security, WordPress plugins, hosting environment, and web server.

This WordPress security testing page offers three scan options. The first is a free passive check that downloads a handful of pages and analyzes the site’s raw HTML. The second is a lightweight survey scan that reviews the homepage and provides a high-level overview of the WordPress installation, making it well suited to bulk testing across many sites and quickly comparing results. The final option, available to registered users, is a thorough active scan that uses more aggressive testing to identify plugins, themes, and other security-related configuration by probing common web paths.

WordPress Analysis and Security Scan

Perform a Free WordPress Security Scan with a low impact test.

Check any WordPress based site and get a high level overview of the sites security posture. Once you see how easy it is grab a membership and test Joomla with the dedicated Active Checks, Nikto, OpenVAS and more.

Low Impact Recon Immediate Results No login required

Scan Mode

Passive Scan

Non-intrusive reconnaissance that gathers information without sending large numbers of requests. Check list of common security issues.

Survey Scan

Lightweight bulk scanning for multiple targets. Quick identification of WordPress installations and versions across many sites.

Active Scan

Advanced options; detailed enumeration of plugins, themes, users and checks for sensitive files. Uses large number of requests that may trigger monitoring systems.

Target URL(s)

Valid Target(s)
www.example.com
https://example.com/

This is a passive scan that does not send large numbers of intrusive requests to the target.

Agree to Terms of Service (required)

WordPress Analysis

Membership Benefits

Access advanced network mapping and regular scan schedules.

Detect

Detect plugin versions, themes and users with active checks

Identify

Identify the attack surface through plugin and theme enumeration

Passive Analysis

Passive Analysis Report on up to 1000 sites in one click

OpenVAS and Nikto

Test WordPress with OpenVAS and Nikto Scanners

Access

27 OSINT and Vulnerability Scanning Tools.

Trusted tools

Trusted Open Source Tools

Use Cases Membership Plans

About the WordPress Security Scans

The basic security check will review a WordPress installation for common security-related misconfigurations. Testing with the basic check option uses regular web requests. The system downloads a handful of pages from the target site, then performs analysis on the resulting HTML source.

The more aggressive enumeration option attempts to find all plugins/themes used on the WordPress installation and attempt to enumerate users of the site. These tests will generate HTTP 404 errors in the web server logs of the target site. Be warned If you test all plugins, this will generate more than 18000 log entries and potentially trigger intrusion prevention measures.

In identifying all the plugins, themes, and users of the site, you start to understand the attack surface. With this information, you can target further testing against the discovered resources.

32'195

Published CVE's (vulnerabilities) for WordPress and its components

Comparing the Options

Free WordPress Check

Test up to 10 sites at a time using the Passive WordPress Analysis Tool
WordPress Version Check
Threat Intel and Blocklist Checks
Directory Indexing on common paths
External links found on the main page
Passive Detection of Plugins and Theme
JavaScript link analysis, including host blacklist checks
Web Server, hosting infra and geolocation information

Membership Upgrade

Test up to 1000 sites at a time using the Passive WordPress Analysis Tool
Active check of known paths for WordPress auditing
Identify plugins in /wp-content/plugins/ from a database of over 18000
Identify themes in /wp-content/themes/ from a database of over 2600
Fingerprint the version of the discovered plugins and themes to identify known vulnerabilities
Enumerate up to 50 user names
Custom OpenVAS WordPress Report
With membership you have access to all security testing tools including port scans, web server and network vulnerability scanner.

Do More with a Membership
7 day money back guarantee

WordPress is the worlds leading content management system. This makes it a popular target for attackers.

Analysis of compromised WordPress installations shows that exploitation most often occurs due to simple configuration errors or through plugins and themes that have not had security fixes applied.

The checks performed by our WordPress security scan will point out any obvious security failures in the WordPress installation. As well as providing recommended security-related configuration improvements to enhance the security of the website against future attacks.

Additional Resources

Trusted Tools

Vulnerability Scans and Network Intelligence

Use Cases

Professional Assessments

Validated Security Report.
Fast turn around.

WordPress Assessment

Get Access

28 vulnerability scanners and network tools

Membership

Network

Web

CMS Apps

Recon

Network Tests

DNS Queries

IP Address

Web Tools

Blog

Most Popular

Membership Benefits

Detect

Identify

Passive Analysis

OpenVAS and Nikto

Access

Trusted tools

About the WordPress Security Scans

Comparing the Options

Free WordPress Check

Membership Upgrade

Additional Resources