19 Free Tools To Scan Your WordPress Site Vulnerability Online

With more than 39% market share WordPress websites are the leading targets for hackers. Unless you are careful anytime your website(s) can be the next target, More than 50 thousand websites get hacked every day. So with a WordPress site in hand, you need to more careful to stop hacking/backdooring and what not. On CMS analysis by Sucuri in the first quarter of 2019  –

In most instances, the compromises analyzed had little, if anything, to do with the core of the CMS application itself, but more with improper deployment, configuration, and overall maintenance by the webmasters and their hosts.

Therefore, it is always necessary to scan WordPress vulnerability for the security and check for site vulnerabilities before anything. With these WordPress online vulnerability scanners, you can at least be aware of some loopholes and more importantly how to stop your site from getting hacked by using these WordPress online scan tools.


1. wpscans.com


Checks your site with their intelligent scanning algorithms and scans for known bugs that have been indexed in the WPScan Vulnerability Database, which contains over 4000 reported vulnerabilities. A great tool to scan your WordPress vulnerability online. It also tries to identify the plugins you run and compare their versions against the bug database. In addition, wpscan scans for several well-known mistakes that people make when setting up their WordPress installation, A decent (one of the many WordPress online scanners) place, to begin with.

Note – wpscans doesn’t scan the server for security and also doesn’t scan your password for that matter.

2. sitecheck.sucuri


Sucuri is known for its timely vulnerability reports on the WordPress ecosystem on both plugins and themes. Sucuri also has a site scanner for vulnerabilities. Scans Malware, Website Blacklisting, Injected Spam, Defacements, Website Firewall also scans through your scripts and links. If you want to get the latest report and scan WordPress vulnerability for your website sucuri is the site scan with. Checks to see whether your site has been blacklisted any other popular services like –

  • Google Safe Browsing
  • Norton Safe Browing
  • Phish Tank
  • Opera Browser
  • SiteAdvisor
  • Sucuri Malware Labs Blacklist
  • SpamHaus DBL
  • Yandex (via Sophos)
  • ESET

3. WordPress Security Scan


Another free tool to scan WordPress vulnerability online. it checks for application security, WordPress plugins, hosting environment, and the webserver. The security scanner downloads a handful of pages from your website and performs analysis on the raw HTML code. Also scans for user enumeration, directory indexing, linked websites, linked JavaScript, and linked iFrames. With membership, you can gain a more advanced scan for your site.

4. wploop.com


Checks your site for WordPress meta tags, readme.html, response headers contain detailed PHP version info, list of usernames, Check for the display of unnecessary information on failed login attempts, accessible install.php file via HTTP, accessible upgrade.php file via HTTP, browsable uploads folder, EditURI link present in the page header, deliverable admin interface via HTTPS and Windows Live Writer link in page’s header. If you want to get a technical report to work on, scan your WordPress site for online vulnerability.

5. scanwp.com


Performs a basic scan checking whether all your WordPress files up to date or not, scores your website out of 100. It also suggests you tighten security and hide your WordPress version. The scanner visits your homepage and checks for the generator tag. Note – The WordPress core team has decided that displaying your WordPress version to the public is not a security concern.


Checks your site against Google safe browsing, active plugins, theme, user enumeration, directory indexing, Google malware scan, external link, linked iFrame, and linked JS files. A nice online scanner for finding WordPress vulnerability.




6. quttera.com


Scans your WordPress site for online vulnerability and checks for iFrame, Malicious files, Suspicious files, External links, and blacklist status of the site.



7. virustotal.com


A very useful tool to scan WordPress vulnerability online. This site checks your site on 68 reputed online site inspectors and some of them are – AegisLab WebGuard, Avira, BitDefender, Comodo Site Inspector, K7AntiVirus, Malware Domain Blocklist, MalwareDomainList, SecureBrain, Spam404, Sucuri SiteCheck, Web Security Guard, Yandex Safebrowsing, ZeusTracker, Kaspersky and ZCloudsec.

VirusTotal gives you a complete set of reports after scanning your WordPress website for online vulnerability.



8. Google Safe Browsing

Google search is the site we all one to rank on page one. What better way to level your website security by scanning your website on Google Safe browsing scanner! A must-have tool to scan WordPress vulnerability online for free.
Unlike everybody, if you want to directly check your site on Google Safe Browsing without relying on any other third party scanners, You can check your site’s safe browsing status directly from this URL.



9. Ghost Scanner

It shows you a simple plain result of whether your server is vulnerable or not. You can also check out other scan services such as TCP Portscan, UDP Port scan, SSL Hearbleed scan, SSL Poodle scan, SSL DROWN scan, Bash Shellshock scan, and Ghost Glibc scan.



10. Hackercombat


Scans your site for – malicious activity, malware detection, phishing, blacklist checking, worms, back doors, trojans, transaction protection, and also shows basic who.is information to send the report to your email address. If you want to actively search for the malware scan report Hackercombat is the best place to scan WordPress vulnerability online.


11. app.upguard.com/webscan


Performs a pretty decent scan of a website, checks Communication DNS, Communication Services, Sub Domain, Scripts, SSL, Meta tags, Info, Header, Google Safe Browsing Check. In addition to these also checks against 27 factors they are –

SSL Enabled, SSL Expiry, SSL Strength, Suspected Phishing Page, Suspected Malware Provider, Suspected of Unwanted Software, X-Powered-By Header, HTTP Strict Transport Security, ASP Net Version Header, Server Information Header, SPF Enabled, DMARC Enabled, Mail, App, User Auth, File Sharing, Voice, Administration, Database, DNSSEC Enabled, Domain Expiry, HttpOnly Cookies, Secure Cookies, Exposed Emails, Breaches.

Combining all these factors give your site a score out of 950.



12. zerocert.org


Performs a simple scan, also shows your Google Page Rank and Whois information. There’s a setting panel as well you can tweak check depth, user agents.



13. scanurl.net


Checks your site on Google Safe Browsing, Phish Tank and Web of Trust.



14. urlvoid.com


Checks for vulnerability on 26 reputed online scan software, shows your IP information and Alexa traffic.





15. WP Plugins

Scans your WordPress website for common pitfalls and display a message of what it can be improved in terms of security. Also has this handy option of alerting you when your website is vulnerable, you can avail the option by subscribing to their newsletter.



 16. scanner.pcrisk.com


Site scan report includes – External links, iFrames, Blacklist status, Clean files, and Suspicious files.



17. siteguarding.com/en/sitecheck



Scans for Malware, Website Blacklisting, Injected Spam, Defacements, Website Firewall, links, scripts, and links analyze.


18. GeekFlare Vulnerability Scanner

Gives you the follow information –

  1. WordPress version
  2. Admin exposed
  3. Blackelisted
  4. HTTPS
  5. WordPress Core
  6. Previous WordPress vulnerability with history
  7. Plugin vulnerability with history

Also gives you information about – Library dependencies vulnerability, such as – jQuery.

19. Pentest Tool

Although Pentest doesn’t have a free plan but you can see their sample report and get an idea of their test reports. Pentest rates risk with high, medium and low priority.

Just like GeekFlare, Pentest also gives you a full vulnerability listing of previous WordPress versions. Plugin vulnerability, user vulnerability.

Apart from the important information Pentest also scans site header, robots.txt file, xmlrpc file, readme file, theme vulnerability

Security Checklists/Resources

Prevention is better than cure and that is why I have prepared these security checklists for you. These are by no mean a complete list rather than a short overview for you of how to tighten up the security for your website.

  1. Always use the latest version of WordPress
  2. Don’t tweak/mess code in core WordPress files
  3. Keep your plugins’ versions up to date
  4. Install plugins from trusted sources
  5. Use Limit Login plugins to limit brute force attack
  6. Use strong password
  7. Don’t use Admin for username
  8. Always use backups ( With UpdraftPlus plugin you can have free backups to Google Drive)
  9. Use 2-factor authentication if possible
  10. Use a trusted hosting

For more detailed security measures you can check out these cool resources

  1. Hardening WordPress
  2. WordPress Security
  3. Brute Force Attacks
  4. wpsecuritychecklist.org
  5. wprecon.com/wordpress-security-tips
  6. WordPress Security Implementation Guideline
  7.  wpvulndb.com( Cataloging 5251 WordPress Core, Plugin and Theme vulnerabilities, It is a WPScan vulnerability database )

In case you find anything suspicious, follow this checklist to protect your website – 7 Ways to Fix WordPress Hacked sites + 17 Ways to Protect it from happening (again) from – CollectiveRay

shamelessplug – Check out the latest review on our resumee theme. By using resumee, you can avoid getting your site with hacked and maintain a clean, bloat free and rock solid security.

Now that you have a hand full of online WordPress online vulnerability scanners. Give these tools a try before it gets too late. Did I miss out any other websites you follow? What security measures you take for your site ? Leave a comment if you want to share your resources.

Build your Websites with lightweight & Bloat free themes Without Any coding Knowledge

Browser Themes

21 Responses to “19 Free Tools To Scan Your WordPress Site Vulnerability Online

Trackbacks & Pings

Leave a Reply

Get Free Resources To Grow Your Business :

- Free Web Resources

- Tips & Insights

- Theme releases


Enter your email address