WordPress Security Scan

Online WordPress Security Scanner to test vulnerabilities of a WordPress installation. Checks include application security, WordPress plugins, hosting environment and web server.

On this WordPress security testing page there are two options. The first is a FREE passive check that downloads a handful of pages from the website and performs analysis on the raw HTML code. The second option is a thorough active scan that attempts to enumerate plugins, themes and users with custom WordPress auditing scripts that use the Nmap NSE framework.

Launch WordPress Security Scan

Perform a Free WordPress Security Scan with a low impact test .

Check any WordPress based site and get a high level overview of the sites security posture. Once you see how easy it is grab a membership and test WordPress with Nmap WordPress NSE Scripts, Nikto, OpenVAS and more.

Items checked in the FREE scan
Attempt to detect version of WordPress Core
Find Plugins in HTML response
Identify theme in use
Attempt to enumerate first 2 WP users
List client side JS in page
List iframes in page
Test for directory indexing enabled on key locations
Check Google Safe Browse for reputation
Get IP information and Geolocation


Login for Advanced Scanning
Aggressive enumeration of plugins, themes, version and interesting urls

Detect WP plugin versions, themes and users with Nmap NSE Scripts
Identify the sites attack surface through plugin and theme enumeration
Test WordPress with OpenVAS and Nikto Scanners
Membership includes access to 27 Vulnerability Scanners and OSINT Tools
Trusted Open Source Tools

Membership is required for full access; including access to all hosted security scanners. Immediate access is available to new members or login now if you already have an account.

Simplify Security Testing and Save
Hours in Tool Management
Test Security from the attackers perspective.
Fast servers optimized for Internet Scanning.
Over 250'000 scans performed last year.


About the WordPress Security Scans

The basic security check will review a WordPress installation for common security related mis-configurations. Testing with the basic check option uses regular web requests. The system downloads a handful of pages from the target site, then performs analysis on the resulting html source.

The more aggressive enumeration option attempts to find all plugins / themes that are being used on the WordPress installation and can attempt to enumerate users of the site. These tests will generate HTTP 404 errors in the web server logs of the target site. If you test all plugins, be warned that this will generate more than 18000 log entries and potentially triggered intrusion prevention measures.

By identifying all the plugins, themes and users of the site you are developing an understanding of the attack surface. With this information you are able to target further testing against the discovered resources.

@IBMServices
Jun 10, 2016
WordPress Plugin Vulnerability Leaves Websites Open to Cyberattack. http://ibm.biz/Bd4thX

Comparing the Options

Free Passive WordPress Security Check:

  • WordPress Version Check
  • Site Reputation from Google
  • Default admin account enabled
  • Directory Indexing on plugins
  • Sites Externally linked from main page (reputation checks)
  • List WordPress Plugins detected through basic HTML analysis (try the Active enumeration option for more aggressive discovery of plugins).
  • Javascript linked
  • iframes present
  • Hosting Reputation and Geolocation information
Advanced WordPress Security Testing:
The active Nmap NSE script option requires a current membership.

  • Uses the Nmap NSE scripts for WordPress auditing
  • Identify plugins in /wp-content/plugins/ from a database of over 18000
  • Identify plugins in /wp-content/themes/ from a database of over 2600
  • Fingerprint the version of the discovered plugins and themes to identify known vulnerabilities
  • Enumerate up to 50 user names
  • Access to the custom OpenVAS WordPress Scan to test WordPress & Web Server vulnerabilities.
  • With membership you have full access to all security testing tools including port scanner, web server testing and system vulnerability scanner.
Become a Member Now
7 day money back guarantee

Wordpress SecurityWordPress is the worlds leading content management system. This makes it a popular target for attackers.

Analysis of compromised WordPress installations, shows that exploitation most often occurs due to simple configuration errors or through plugins and themes that have not had security fixes applied.

The checks performed by our WordPress security scan will point out any obvious security failures in the WordPress installation. As well as providing recommended security related configuration improvements to enhance the security of the website against future attacks.


Test WordPress and Server side with Security Vulnerability Scanners. Trusted tools. Hosted for easy access.
I want to Secure My Systems
Have you seen our new WordPress Monitoring Service.
Simple, Uptime and Security Alerts.
Find out More