WordPress Security Scanner
Detect WP vulnerabilities, version, and misconfigurations — free
We automatically add https:// — just type your domain. We'll run the relevant scanners and email you the full report.
What We Check
WordPress Version
Detects the WP version and flags if it is outdated (< 6.4).
wp-login.php Exposure
Checks if the login page is publicly accessible.
wp-config.php Backup
Looks for backup copies of wp-config.php with credentials.
readme.html Exposure
Detects the WordPress readme.html which discloses the version.
XML-RPC Enabled
Checks if XML-RPC is enabled (brute-force attack vector).
REST API Exposure
Verifies the WP REST API is not leaking user data.
Outdated Plugins
Detects installed plugins via fingerprinting.
Theme Vulnerabilities
Identifies the active theme and checks for known issues.
Get a Complete Security Audit
This checker is just part of our 27-scanner security assessment. Run a full scan for a complete report.
Start Full Free Scan →