WPScan – WordPress Security Scanner
WPScan WordPress Security Scanner - Scans your system for security vulnerabilities listed in the WPScan Vulnerability Database.
3.8(28 reviews)
·9.0K+ active installs·Updated 2 months agoAs of April 2026, WPScan is a WordPress hack plugin with 9.0K+ active installations and a 3.8/5 rating from 28 reviews. It has been downloaded 267K+ times in total. Requires WordPress 3.4+ and PHP 5.5+. Available on WordPress.org since 2019. Recently updated within the last 3 months. Downloads are up 27% this week. Top alternative: WP Limit Login Attempts.
3.8/528 reviews
9.0K+active installs
267K+total downloads
7 yearssince 2019
Overview
Please note: This plugin is no longer actively supported for non-enterprise customers. We recommend using Jetpack Protect – a free security plugin for WordPress that leverages the extensive database of WPScan. Jetpack Protect scans your site and warns you about vulnerabilities, keeping your site one step ahead of security threats and malware.
The WPScan WordPress security plugin is unique in that it uses its own manually curated WPScan WordPress Vulnerability Database. The vulnerability database has been around since 2014 and is updated on a daily basis by dedicated WordPress security specialists and the community at large. The database includes more than 21,000 known security vulnerabilities. The plugin uses this database to scan for WordPress vulnerabilities, plugin vulnerabilitie…
Screenshots
Ratings & Reviews
3.828 reviews
5 ★
18
4 ★
0
3 ★
3
2 ★
0
1 ★
7
Recent Reviews
Garbage now
by tripflex·2 years ago
complete garbage now, used to be amazing now they basically force you to use jetpack. No replies trying to get enterprise license, another great product (used to be) that automattic has killed and used just for leads to jetpack
Good but lacking info
by Dan·3 years ago
There’s an issue that keeps appearing but no information about why or what to do about it.
Jetpack Protect is not an alternative
by wpgerd·3 years ago·3 replies
In the past this was a very good way to check, if you have vulnerable Plugins/Themes, but with Jetpack you didn’t get notifications, only if you pay the expensive plans ;-(
There are other plugins, which do it better!
Don’t waste time creating account…
by quadeg·3 years ago
…if you dont’t intend to pay for a sub, the plugin lies saying that you need a free api to use it. Maybe the api is free but you need a subscription to access it.
The plugin is useless if you don’t subscribe. Use the tool’s website for a rather useless partial report.
Apparent false flag about http versus https
by Hans Konings·3 years ago
I doubt that I will get me a paid subscription to this otherwise interesting plugin, because it keeps sending me email alerts with this warning:
“Security check Website HTTPS
The website does not seem to be using HTTPS (SSL/TLS) encryption for communications.”
When I check for http:/ in the database or anywhere else on the site, nothing is found. When I run WPScan manually, it says everything is fine. All my browsers also indicate that https is functioning. Why does WPSCan insist on sending me these alerts? I would like to see a log about where WPScan found this error.
- This topic was modified 3 years, 11 months ago by Hans Konings.
Download Trends
Today: 56Yesterday: 49This week: 354Period total: 19K
Compatibility
| WordPress | 3.4+ requiredTested up to 6.9.4 |
| PHP | 5.5+ required |
Version Adoption
v1.16
80.7%
v1.15
17.2%
Other
2.2%
Top Alternatives to WPScan – WordPress Security Scanner
Frequently Asked Questions
Changelog
1.16
- Allow report to be POST-ed to webhook URL or downloaded as JSON.
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.