Scanner online

GUARDINGWP

WordPress Security Scanner

11 security checks. Instant results. No account needed. Enter your URL below.

Attack Surface Analysis

Server info leaks

PHP version & server software in HTTP headers

Version fingerprinting

WordPress & plugin versions in page source

Exposed files

Default WordPress files revealing your setup

XML-RPC attacks

Brute-force & DDoS amplification vector

Login hardening

Weak login page configuration enabling brute-force

User enumeration

REST API leaking WordPress usernames

Directory browsing

Uploads folder contents exposed publicly

Plugin vulnerabilities

Installed plugins with known CVEs

11

Security checks

<10s

Scan time

Free

No account needed

Research

GuardingWP Research · Edition 01

The State of WordPress Security 2026

What 1,981 site scans across 40+ verticals reveal about how WordPress is configured in the real world.

52.8%

Running a vulnerable plugin

93.2%

Missing security headers

35.8%

XML-RPC still enabled

Read the report →