It’s like having your own team of WordPress security experts

Be the first to know about vulnerabilities affecting your WordPress installation, plugins, and themes.

Get started

Check your WordPress site for vulnerabilities

Scan your site and get a free, instant report of your site safety.

Trusted by the world’s largest brands

“WPScan is a fantastic product. It’s fast, well written and comprehensive. It does one thing and does it really well.”

Mario Heiderich, CEO of pentesting firm Cure53

“The WPScan vulnerability database itself is of immense value. There is no other collection of WordPress vulnerabilities like this available anywhere else.”

Security Boulevard

Cataloging 49,921 WordPress core, plugin, and theme vulnerabilities

The WPScan database is continuously updated by leading WordPress security professionals.

Learn how it works

Screening WordPress vulnerabilities for over 10 years

Crack team of WordPress security experts

Continually monitoring the web for new vulnerabilities

Flexible API that streamlines your workflow

Security solutions for everyone

Enterprise

Get a quote

WordPress protection with custom solutions for large enterprises.

  • Custom pricing by number of sites
  • Instant email alerts
  • Vulnerabilities details by ID
  • Latest API endpoints
  • Webhooks: Slack & HTTP
  • Description & PoC API data
  • CVSS Risk Scores

Researcher

Start for free

Security researchers are welcome to use the CLI scanner and API for non‑commercial purposes.

  • CLI tools for researchers
  • Capped at 25 API calls per day

Need a small business plan?

Jetpack Protect is a free plugin that uses WPScan data to alert you about threats to your website. Upgrade for WAF and one‑click fixes.

Get Jetpack Protect

View all FAQ

View our Enterprise Terms of Service

CASE STUDY

How WP Engine automates security for over 1.5 million customer sites with WPScan

WP Engine is seen by many as the leading WordPress hosting platform, empowering thousands to create and share their unique digital stories with the world. With a focus on speed, security, and support, WP Engine serves over 1.5 million WordPress websites.

The importance of keeping its customers’ websites safe from vulnerabilities and threats is a huge priority for WP Engine.

Read the case study

“Our customers love it. It really helps them stay out of a bad security state. And we couldn’t do it without WPScan.”

Brent Stackhouse
VP Security, WP Engine

Blog at WordPress.com.