wp Sicherheitsscanner

10 WordPress scanners to find security vulnerabilities

Is Your WordPress Site Secure Enough? Find the defects in your site and fix it in front of someone abuse it.

The latest research from SUKURI shows that 90% of the scanned were WP sites inflamed with one or more vulnerabilities.

There are plenty of online scanners to check common web vulnerabilities, but that may not be enough as a security risk can come from the WordPress core, plugin, design, or misconfiguration.

You need one for that specialized security scanner who not only recognizes what is common, but also what is special WordPress vulnerabilities.

The following scanner can help you check your website and inform you about security risks. So you can take the necessary preventive measures get hacked.

geek flare

WPScan and many other open source devices Geekflare WordPress security scanner.

It does the following.

  • Determine if there are known vulnerabilities in core, theme and plugins
  • Check if a site is unsafe from Google
  • Determine if client-side JavaScript libraries are vulnerable
  • When the WP admin console is available

And moreā€¦

You can run the test for FREE.


Sitecheck With SUCURI you can quickly find out if the website is blacklisted, infected with known malware or uses an outdated software stack.

You can also install their plugin to start the scan from your WordPress admin dashboard.

And if you’re looking for ongoing protection and performance, not just one time, I would recommend checking out SUCURI services. Their favorite WAF is Two-in-One. You get a global CDN and cloud-based web application firewall to protect against DDoS, OWASP Top 10 and more.


Intruder is a powerful vulnerability scanner that continuously and comprehensively scans your entire website and the underlying infrastructure for vulnerabilities. This includes checking for unencrypted management services, exposed databases, web-level security issues like SQL injection and cross-site scripting, and other security issues.

It even alerts you when SSL or TLS certificates are about to expire to help you maintain security and avoid downtime.

In addition to scanning servers, cloud systems, websites and endpoints, Intruder applies to websites managed by WordPress, Drupal, Joomla and SharePoint. It has multiple integrations like Jira, Slack, GitHub and more to speed up issue detection and resolution.

You can give Intruder a try for free for 30 days.

Hacker target

Hacker Target WordPress Check Test for a vulnerable plugin (1800+), an outdated WordPress version, a web server configuration, and the following.

  • Google Safe Browsing test
  • directory indexing
  • Administrator account status (enabled / disabled)
  • iframes
  • Reputation of the hosting provider
  • JavaScript linked
  • Vulnerable Topics (2600+)
  • Basic level of brute force

Hacker Target downloads some pages from the URL and examines the HTTP headers and HTML code.


Detect is an enterprise-ready vulnerability scanner that tests for 500+ vulnerabilities, including OWASP Top 10 & WordPress specific.

If you run an enterprise-level business with WordPress and are looking for a full vulnerability scan, Detectify is a good choice. They offer a 14-day trial. Therefore, explore their platform to see if it works for you.


WPSEC Use the WPScan vulnerability database to compare version and report if a vulnerable core, plugin or theme was found.

WPScan covers more than 18000 vulnerability databases. If you want to use WPScan on your server/PC, you can refer to this guide for installation and usage information.

Security Ninja

Ninja Security is a plugin, so testing is done from your WordPress admin. It checks for more than 50 metrics With one click you get a detailed report with test name, status, troubleshooting and results.

It took less than 2 minutes to scan my website and get an excellent report on the latest version, database connectivity connectivity, connect via SSL, etc.

WordPress Vulnerability Scan by Pentest Tools is another tool that leverages WPScan and offers you the option to download the report in PDF format. Sample report here.

It lists the plugin, theme, users, and WordPress version fingerprint.

WP Neuron

WP Neuron Tool-Scan WordPress vulnerabilities in core files, plugins, libraries. It also lists weak passwords to test brute force attacks and scans all code to ensure none of the scripts are exposed to online threats.


Quttera plugin scans your WordPress site for known and unknown malware and suspicious activity. You can start the scan from your WordPress admin dashboard and Quttera will be called via HTTP to scan and retrieve the results.

In addition to the malware scan, it also runs the following.

  • Check if the URL is blacklisted
  • No signature or pattern recognition
  • Inject PHP shell detection
  • Detection of external links
  • Examine WordPress core files


I hope the above WP scanner will help you find the online threat so you can prevent it from being hacked. If you find that your website is hacked or contains malicious code and you are not sure how to fix it, you can try professional help from SUKURI.

Best Free WordPress Themes with Demo Content (Tested) Previous post 5 free WordPress themes with demo content
Next post 10+ Best Free WordPress Themes for Science | How to create a website or blog in 2020