WP-Scan.com Background
WordPress Scan

70% of WordPress Websites are Vulnerable to Attacks!
Is your Website Safe?


WP-Scan.com helps you instantly perform WordPress Scan on your websites and show potential vulnerabilities, necessary updates, and security threats.

Did You Know?

WordPress is the most hacked into CMS of them all. Out of the 8000 infected websites analysed in a study, 74% were built on WordPress.

Sucuri Security

SQL injections occur when an attacker gains access to your WordPress database and to all of your website data

WPPlugins

73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tool.

WP WhiteSecurity

Only 39% of WordPress websites are running the 4.8 version of the software.

WordPress

81% of WordPress attacks are based on insecure or stolen passwords, being the main tactic used.

Panda Security

Only around 40 percent of WordPress sites are up to date.

Torque

If you can protect yourself against plugin vulnerabilities and brute force attacks, you are accounting for over 70% of the security problem.

Wordfence

41% were hacked through a security vulnerability on their hosting platform.

WP WhiteSecurity

84% of all security vulnerabilities on the internet are the result of Cross-Site Scripting or XSS attacks.

Acunetix

Only 48% of WordPress websites are running the 4.9 version of the software.

WordPress

18 Million WordPress users were compromised during the worst breach of WordPress security.

Skilled

Hackers attack WordPress sites both big and small, with over 90,978 attacks happening per minute.

Wordfence

Only 40% of WordPress websites are running the 7.2 version of the php.

WordPress

The iThemes Security plugin has had the most ironic security breach to date.

Post Status

Each week, Google blacklists around 20,000 websites for malware, and around 50,000 for phishing

WPBeginner

52% of reported WordPress security vulnerabilities relate to WordPress plugins.

KeyCDN

4,000 WordPress websites are infected with a malware that disguises itself as a SEO plugin to attract unwary webmasters.

SC Magazine

File inclusion exploits are one of the most common ways an attacker can gain access to your WordPress website’s wp-config.php file.

OWASP

The four most common WordPress malware infections are Backdoors, Drive-by downloads, Pharma Hacks and Malicious Redirects.

Smashing Magazine

61% of infected WordPress sites are out of date.

Sucuri Security

The top three plugins that hackers love breaking into are TimThumb, Revslider, and Gravity Forms.

Sucuri Security

According to one study, 30.95% of Alexa’s top 1 million websites run a vulnerable version 3.6 of WordPress.

WP WhiteSecurity

37% of WordPress vulnerabilities result from the WordPress core files.

iThemes

11% of WordPress vulnerabilities are caused by WordPress themes.

iThemes

Your One-Stop WordPress Scanner is here!

WP-Scan’s DIY tool instantly scans any WordPress website to point out vulnerabilities and security risks – which often go undetected. Our mission at WP-Scan is to ensure a safe web.

Why Should You Perform Regular WordPress Scan


Over 10+ million websites use the WordPress platform – making it one of the most used CMS of all times. However, if websites are not updated and maintained regularly, they become vulnerable to attack of some kind or the other.

There are many types of vulnerabilities that need continuous checks and redressal. Security companies and software developers continuously release updates to make the WordPress platform more secure.

WordPress websites become the first targets of hackers owing to their wide adoption. Apart from a range of possibilities, a hacker can deface content, spy on your visitors, or worse – steal identity and payment related information.

Hence, security experts strongly suggest timely WordPress scan and regular scheduling of maintenance.

Scan my Website for Vulnerabilities