WPScan

It's like having your own team of WordPress security experts.

With WPScan, you'll be the first to know about vulnerabilities affecting your WordPress installation, plugins, and themes.

WPScan result example

Trusted by the world's biggest brands

Accenture
Kinsta
Sony
Mercedes Benz Group
Penguin Random House

We know that there are others out there like Patchstack, but the sense of completeness and alerts for ALL relevant plugins, we never had a need to go crosscheck WPScan against anyone else.

Brent Stackhouse, VP of Security, WP Engine

One of our top priorities at Kinsta is security. WPScan is a valuable tool in our toolbelt providing a thorough and reliable WordPress vulnerability notification service.

Daniel Pataki, CTO, Kinsta

Cataloging 43,518 WordPress Core, Plugin, and Theme Vulnerabilities

Continuously updated by leading WordPress security professionals.

10 Years icon

Collecting WordPress vulnerabilities for over 10 years

Dedicated team icon

Dedicated team of WordPress security experts

Monitor web icon

Continually monitoring the web for new vulnerabilities

Vulnerabilities counter icon

Flexible API that streamlines your workflow

Security Solutions For Everyone

Enterprise

WordPress protection with custom solutions for large enterprises.
  • Custom pricing by number of sites
  • Instant email alerts
  • Vulnerabilities details by ID
  • Latest API endpoints
  • Webhooks: Slack & HTTP
  • Description & PoC API data
  • CVSS Risk Scores

Small Business

For most sites, we recommend Jetpack Protect — the partner product of WPScan, by Automattic. It has all the power of WPScan with an easy-to-use interface.
  • Automated daily scanning
  • Recommended fixes

Researchers can use the CLI tool to make 25 API requests per day. Get started

View all FAQ

View our Enterprise Terms of Service