WordPress Security Scanner

Detect WP vulnerabilities, version, and misconfigurations — free

We automatically add https:// — just type your domain. We'll run the relevant scanners and email you the full report.

What We Check

WordPress Version

Detects the WP version and flags if it is outdated (< 6.4).

wp-login.php Exposure

Checks if the login page is publicly accessible.

wp-config.php Backup

Looks for backup copies of wp-config.php with credentials.

readme.html Exposure

Detects the WordPress readme.html which discloses the version.

XML-RPC Enabled

Checks if XML-RPC is enabled (brute-force attack vector).

REST API Exposure

Verifies the WP REST API is not leaking user data.

Outdated Plugins

Detects installed plugins via fingerprinting.

Theme Vulnerabilities

Identifies the active theme and checks for known issues.

Get a Complete Security Audit

This checker is just part of our 27-scanner security assessment. Run a full scan for a complete report.

Start Full Free Scan →