It’s like having your own team of WordPress security experts

Be the first to know about vulnerabilities affecting your WordPress installation, plugins, and themes.

Check your WordPress site for vulnerabilities

Scan your site and get a free, instant report of your site safety.

Trusted by the world’s largest brands

Cataloging 43,655 WordPress core, plugin, and theme vulnerabilities

The WPScan database is continuously updated by leading WordPress security professionals.

Screening WordPress vulnerabilities for over 10 years

Crack team of WordPress security experts

Continually monitoring the web for new vulnerabilities

Flexible API that streamlines your workflow

Security solutions for everyone


WordPress protection with custom solutions for large enterprises.

  • Custom pricing by number of sites
  • Instant email alerts
  • Vulnerabilities details by ID
  • Latest API endpoints
  • Webhooks: Slack & HTTP
  • Description & PoC API data
  • CVSS Risk Scores


Security researchers are welcome to use the CLI scanner and API for non‑commercial purposes.

  • CLI tools for researchers
  • Capped at 25 API calls per day

Need a small business plan?

Jetpack Protect is a free plugin that uses WPScan data to alert you about threats to your website. Upgrade for WAF and one‑click fixes.

View all FAQ

View our Enterprise Terms of Service


WP Engine is seen by many as the leading WordPress hosting platform, empowering thousands to create and share their unique digital stories with the world. With a focus on speed, security, and support, WP Engine serves over 1.5 million WordPress websites.

The importance of keeping its customers’ websites safe from vulnerabilities and threats is a huge priority for WP Engine.

“Our customers love it. It really helps them stay out of a bad security state. And we couldn’t do it without WPScan.”

Brent Stackhouse
VP Security, WP Engine

Blog at WordPress.com.