WPScan: WordPress Security Scanner

It’s like having your own team of WordPress security experts

Be the first to know about vulnerabilities affecting your WordPress installation, plugins, and themes.

Check your WordPress site for vulnerabilities

Scan your site and get a free, instant report of your site safety.

Trusted by the world’s largest brands

Cataloging 56,571 WordPress core, plugin, and theme vulnerabilities

The WPScan database is continuously updated by leading WordPress security professionals.

Screening WordPress vulnerabilities for over 10 years

Crack team of WordPress security experts

Continually monitoring the web for new vulnerabilities

Flexible API that streamlines your workflow

Security solutions for everyone

Enterprise

WordPress protection with custom solutions for large enterprises.

  • Custom pricing by number of sites
  • Instant email alerts
  • Vulnerabilities details by ID
  • Latest API endpoints
  • Webhooks: Slack & HTTP
  • Description & PoC API data
  • CVSS Risk Scores

Researcher

Security researchers are welcome to use the CLI scanner and API for non‑commercial purposes.

  • CLI tools for researchers
  • Capped at 25 API calls per day

Need a small business plan?

Jetpack Protect is a free plugin that uses WPScan data to alert you about threats to your website. Upgrade for WAF and one‑click fixes.

View all FAQ

View our Enterprise Terms of Service