WPScan

It's like having your own team of WordPress security experts.

With WPScan, you'll be the first to know about vulnerabilities affecting your WordPress installation, plugins, and themes.

Trusted by the world's biggest brands

“We know that there are others out there like Patchstack, but the sense of completeness and alerts for ALL relevant plugins, we never had a need to go crosscheck WPScan against anyone else.”

Brent Stackhouse, VP of Security, WP Engine

“One of our top priorities at Kinsta is security. WPScan is a valuable tool in our toolbelt providing a thorough and reliable WordPress vulnerability notification service.”

Daniel Pataki, CTO, Kinsta

Cataloging 41,437 WordPress Core, Plugin, and Theme Vulnerabilities

Continuously updated by leading WordPress security professionals.

Collecting WordPress vulnerabilities for over 10 years

Dedicated team of WordPress security experts

Continually monitoring the web for new vulnerabilities

Flexible API that streamlines your workflow

Security Solutions For Everyone

Enterprise

WordPress protection with custom solutions for large enterprises.

Custom pricing by number of sites
Instant email alerts
Vulnerabilities details by ID
Latest API endpoints
Webhooks: Slack & HTTP
Description & PoC API data
CVSS Risk Scores

Small Business

For most sites, we recommend Jetpack Protect — the partner product of WPScan, by Automattic. It has all the power of WPScan with an easy-to-use interface.

Automated daily scanning
Recommended fixes

Researchers can use the CLI tool to make 25 API requests per day. Get started

View all FAQ

View our Enterprise Terms of Service