WordPress Vulnerability Scanners are an important tool for anyone who is running a WordPress website. These tools can assess your site and determine if it has any security holes that need to be patched. Vulnerabilities can be technical or security-related, ranging from simple things like outdated plugins to more severe issues such as malicious script detection. In this post, we’ll review the 6 best WordPress Vulnerability Scanners available to use online for free.

securewp security scanner

Securewp Scan

Securewp Scanner is a free WordPress security and Vulnerability scanner that checks for malware, outdated plugins and themes, backup integrity, and other potential issues. The service scans your WordPress site in just a few seconds and provides an easy-to-read report with a green/yellow/red banner to indicate the severity of each issue.


  • Plugins and theme enumeration, vulnerability check
  • WordPress core version Check
  • Blacklist check on Google, Norton, McAfee, etc
  • Malicious script detection
  • Defacement and SEO spam detection
  • Username enumeration
  • Directory indexing check
  • Hidden external links and scripts detection
  • iframes present
  • Hosting Reputation and Geolocation information
  • Security headers check

hackertarget scanner

HackerTarget WordPress Security Scan

One of the best free online scanners with the capability of reviewing a WordPress installation for common security-related misconfigurations. The scan will also check for outdated plugins and themes, backup integrity, a malware infection.


  • WordPress Version Check
  • Site Reputation from Google
  • Username enumeration
  • Directory Indexing on plugins
  • WordPress plugins enumeration.
  • Javascript linked
  • iframes present
  • Hosting Reputation and Geolocation information

sucuri scanner

Sucuri SiteCheck

Sucuri SiteCheck is the most popular online free scanner for checking any website report in just a few seconds. It’s not a WordPress-focused security scanner but still great in malicious script detection.


  • Malicious script detection
  • Outdated web server software,
  • Domain blacklist.
  • Hosting information like the IP
  • The version of WordPress or PHP-version in use
  • Upload directory listing

pentest scanner

Pentest Tools Scanner

The Light version of this scanner can perform a passive web security scan to detect issues like outdated server software, insecure HTTP headers, insecure cookie settings, and a few others. For a full scan, sign-up is required.


  • Website fingerprinting
  • Version-based vulnerability detection
  • Common configuration issues
  • SQL injection
  • Cross-Site Scripting
  • Local/Remote File Inclusion
  • Remote command execution
  • Discovery of sensitive files

firstguide scanner

FirstSiteGuide Scanner

This service offers a basic scanner for WordPress and PHP that includes server vulnerabilities, application vulnerabilities, WP vulnerable plugins checker.


  • Scanning SSL Certificates
  • WordPress version check
  • Username enumeration
  • Cross-Site Scripting (XSS) detection and exploitation prevention module.



WPScan Vulnerability scanner is a free and open-source WordPress Vulnerability scanner. It’s written in Ruby, using the WPScan script library to enumerate vulnerabilities on WordPress installations by performing scans with all kinds of different payloads and detecting plugins that could be vulnerable.

However, wpscan is a great scanner to scan WordPress vulnerability. To use this scanner, you need to install it on your Linux system.


  • The version of WordPress installed and any associated vulnerabilities
  • What plugins are installed and any associated vulnerabilities
  • Username enumeration
  • Users with weak passwords via password brute-forcing
  • Sensitive files existence
  • If error logs are exposed by plugins
  • Vulnerable Timthumb files
  • Upload directory listing