What this tool does
It reviews WordPress signals, XML-RPC exposure, public readme/license files, uploads directory listing, REST user exposure, HTTPS, and quick header signals.
WordPress Security
WordPress Security Scanner
Run passive checks for common WordPress exposure and hardening issues.
WP signals
XML-RPC
Directory listing
HTTPS
Passive only
No login, no exploit attempts, no invasive scans.
Exposure checks
Find public files and endpoints that often leak information.
Hardening hints
Get concise recommendations for server and WordPress cleanup.
Tool guide
How to use the WordPress Security Scanner
This passive scanner checks common public WordPress exposures without logging in, exploiting, or changing the site.
Who it helps
- WordPress site owners
- Agencies maintaining client sites
- Hosting customers checking hardening after cleanup or migration
Usage instructions
Enter the site URL and review the exposure list. Confirm any warning inside WordPress, the web server, or the control panel before changing production settings.
Understanding the output
Warnings mean an endpoint or file is publicly reachable. Some are acceptable for specific workflows, but they should be intentional and protected where possible.
Why it matters for hosting
WordPress is a major hosting workload. Regular passive checks help reduce brute-force, information leakage, and misconfiguration risk.
