Wordpress Vulnerability Scan

Online Wordpress security scan for your website, plugins, and web server.

Wordpress Security Overview

To secure a site built with Wordpress, we should first understand the building blocks of a Wordpress deployment. The standard components are:

  • Web server host - The physical or virtual machine(s) which host the Wordpress site. e.g. your Digital Ocean or AWS servers.
  • Web server software - Typically Apache Web Server or Nginx.
  • Web application code - The HTML and Javascript code served by your web server software and executed in the web browser.
  • Database - Typically MariaDB or MySQL.
  • Wordpress plugins - Plugins that add functionality to your Wordpress site
  • Admin panels - Administration software such as PhpMyAdmin

Wordpress Vulnerability Scanner

For complete security, you need to scan all of the components of your Wordpress deployment.

Full Port Scan

Run a full port scan on all of your web server hosts to find any misconfigured firewall rules, such as a database that is accidentally accessible to the public internet.

Network Vulnerability Scan

Run a network vulnerability scan on all of your web server hosts to find any outdated and insecure software, such as vulnerable versions of Apache Web Server or PhpMyAdmin. A high quality network vulnerability scan, such as OpenVAS, will also test for vulnerable Wordpress plugins.

Web Application Scanner

Run a web app scan to test your website code for misconfigured cookies, SQL injection vulnerabilities, cross-site scripting vulnerabilities, and more.

TLS Security Scan

Run a TLS scan to verify that your website certificate is valid and correctly set up for secure https traffic.

HostedScan's Wordpress Scan Service

HostedScan Security provides a comprehensive set of industry-standard vulnerability scans to protect all aspects of your Wordpress website.

  • Full port scan powered by NMAP.
  • Network vulnerability scan powered by OpenVAS.
  • Web application security scan powered by OWASP ZAP (Zed Attack Proxy).
  • TLS + SSL security scan powered by SSLyze.
  • An easy to use online platform with scheduled scans, email alerts, and more!
Example Wordpress Vulnerability Scanner Results Screenshot

Example Wordpress Vulnerability Scanner Results

Trusted by these companies and 1000s more

BbAmericas
Porsche
ExpediaGroup
WeMakeApps
SibylSoft
Luminary
CoinMe
Appetize
WonderProxy
Median
TaxiCaller
Yamaha
UniversityOfOxford
BbAmericas
Porsche
ExpediaGroup
WeMakeApps
SibylSoft
Luminary
CoinMe
Appetize
WonderProxy
Median
TaxiCaller
Yamaha
UniversityOfOxford
UniversityOfOxford
Yamaha
TaxiCaller
Median
WonderProxy
Appetize
CoinMe
Luminary
SibylSoft
WeMakeApps
ExpediaGroup
Porsche
BbAmericas
UniversityOfOxford
Yamaha
TaxiCaller
Median
WonderProxy
Appetize
CoinMe
Luminary
SibylSoft
WeMakeApps
ExpediaGroup
Porsche
BbAmericas

Sign up to get started

HostedScan is 100% read-only, and will never make any modifications to your servers.

Or through:

Sign up with Microsoft
Sign up with Google
Sign up with Github
DigitalOcean