WordPress Security Scanner

Check if your WordPress site has known vulnerabilities

Scanning website...

  ( )   is hosted on  

Tested from     on  

Admin Console

Well done! The WordPress admin console is not accessible on the default URL. It’s a great way to prevent brute force attacks.

It looks like the WordPress admin console is accessible on the default URL. Exposing the admin console can attract hackers to run brute force attacks.

You may want to change the admin console URL to prevent potential brute force attacks. There are multiple ways to do this, as explained here.

Blacklisted

Well done! All looks okay.

If not already, you may want to implement WAF (Web Application Firewall) for continuous security to further harden and tighten the WordPress site.

It looks like the WordPress site is considered unsafe by Google. To double confirm, check your site on Google Safe Browsing.

Don’t worry if found unsafe. You can get it repaired, as explained here.

HTTPS

Well done! The WordPress site is accessible over https://

It looks like the site is not accessible over https://

Take advantage of the SSL/TLS certificate to secure your site for better security & search ranking. Getting a certificate doesn't cost, you can get it in FREE as explained here.

WordPress Core

Version identified by , released on

    Total vulnerability vulnerabilities identified

    • Fixed in

      Theme

      . Current version is , the latest version is , released on

      Total vulnerability vulnerabilities identified

      • Fixed in

        Plugins

        . Current version is , the latest version is , released on

        Total vulnerability vulnerabilities identified

        • Fixed in

          Front-end Libraries

          Total vulnerability vulnerabilities identified

          Other Findings

            About WordPress Security Scanner

            Powered by WPScan

            Geekflare WP Security Scanner leverage a powerful vulnerability scanner – WPScan.

            More than 35% of Internet sites run on WordPress. Its the most popular open-source CMS we have today.

            The latest WordPress core version is secure, but when you use themes and plugins, the security responsibility spread across, and sometime it may contain serious security vulnerabilities.

            Score
            Desktop or Mobile

            WordPress Core Security

            If you don’t keep your WP site up-to-date with the latest version, then your site may be at risk.

            Quickly find out the WordPress version is being used on the site and if that is vulnerable.

            WordPress Theme Security

            A theme makes the WP site beautiful and usable. Choosing a right theme can help you to bring your site in business faster.

            But what if the theme you use contains security risk?

            Scan your site to find out if the theme being used on the WP site is vulnerable.

            Best Practices
            Diagnostics and recommendations

            WordPress Plugins Security

            The plugin helps to extend the WP sites to the way you like. It’s amazing, and you can do almost everything with it.

            It’s impossible that the WP site doesn’t use any plugin. But what if used plugin is poorly coded and has security flaws?

            You don’t want to risk your site. Detect the plugins used on a WP site, and if they contain any security risk.

            Front-end JavaScript Security

            Very likely, your WP site will be using one or more JavaScript libraries.

            Scan your site for insecure JavaScript libraries. If found vulnerable, then plan to update to the secure version.

            Front-end JS libraries scan is powered by Google Lighthouse.

            Request Waterfall
            Request Breakdown

            Safe or Unsafe

            Don’t let malicious scripts take down your online business. Google won’t consider safe browsing when the site contains suspicious threats.

            A warning will be shown on Chrome, Firefox, and other browsers when a site is suspicious, and you don’t want that to happen.

            Check if your site is considered safe by Google.

            Hand-picked best resources to supercharge
            your Website and Business

            Explore Collections

            More tools for your Website

            Blacklist Lookup

            Getting Google Blacklist warning? Verify if your site is in unsafe resources database

            Test Now

            Website Performance Audit

            Find out how does your site perform against more than 40 essential metrics

            Test Now

            Broken Link Checker

            Check if your web page contains internal or external broken links

            Test Now

            Mixed Content Checker

            Check if a web page tries to load resources over HTTP

            Test Now

            Capture Screenshot

            Test how does your site render globally

            Test Now

            HTTP Headers Checker

            Test the headers are being advertised by your web server or network edge device

            Test Now

            Latest Articles