HomeWeb DevelopmentWordPressTop 7 Online Services for Testing Vulnerabilities of WordPress...

    Top 7 Online Services for Testing Vulnerabilities of WordPress Sites


    WordPress has many admirers and many opponents, the main argument of which – the platform is too vulnerable to hacking, it is constantly attacked by hackers and bots.

    The share of justice in their opinion is – the WordPress engine really has many shortcomings, which are used by attackers. The company Sucuri said that in the third quarter of 2016, 74% of all cases of vulnerability and infection of sites occurred on sites with CMS WordPress.

    After reading such news, many people start to ask questions in their heads: “Is this platform safe? Should I use it on my website? “Although in fact you need to think about something else – what can you do to make your site more secure?

    You can only approach this task in a complex way: you need to think about the firewall that protects, including antivirus plug-ins, and so on. However, you should think about the possibilities of protection and outside of WordPress – online scanners can find those gaps in your site that you did not even know about.

    Top WordPress Vulnerability Testing Tools

    Below I will tell you about 7 useful online services – scanners, which will help to determine if on your site:

    • unauthorized redirects, advertising materials or backlinks (external links);
    • malicious programs;
    • hotlinks;
    • infected plugins or themes;
    • and much more.

    1. Hacker Target WordPress Security Scan


    This scanner is sharpened specially for search of problem elements on the WP site. It analyzes themes and plug-ins, as well as other site elements that can contain malicious code.

    Free analysis includes checks:

    • need to upgrade the version of WordPress;
    • need to update the version of plug-ins;
    • problems with the user ID and so on.

    2. Scanurl


    This is a fairly simple scanner that will tell you about such things:

    • Has anyone noticed your site as unsafe;
    • if the site passes the Google Safe Browsing test ;
    • Is there a PhishTank file on your site?
    • is there any negative assessment of your site in the Web of Trust.

    Additionally, the scanner provides links to resources with other security scanners.

    3. Sucuri Website Malware and Security Scanner


    This online scanner will not give you detailed information, but on the whole it will analyze the following:

    • whether the old version of WordPress is worth;
    • problems (or nonexistent) firewall;
    • The domain is blacklisted in some security systems (Google, Norton, etc.);
    • list of links located on your site (suddenly there are those that you did not add);
    • The list of scripts (again, in case you see any of them for the first time).

    Sucuri is a quality scanner that will find and display information about possible problems.


    Link works in much the same way as the rest of the scanners on this list. But it’s worthwhile to note a convenient and cute display of scan results.

    Even a novice WordPress user will be able to figure out how to use this tool, and where the problem sites of the site are.

    What exactly will show:

    • obsolete version of WordPress;
    • finding a site in blacklists;
    • firewall detection;
    • analysis of internal links;
    • list of plug-ins, themes and scripts (in order to check that there are no unknown elements to you).

    5. UpGuard


    Online scanner from UpGuard is worth highlighting, if only because it shows a security analysis in the format of gaming. After scanning, you will receive a certain number of points, depending on the following factors:

    • Do you have an SSL certificate installed?
    • Is there a domain name protection?
    • whether malware is seen on the site;
    • open information about the server;
    • whether SPF (Sender Policy Framework, sender’s infrastructure infrastructure) is enabled;
    • and much more.

    6. WP Neuron WordPress Vulnerability Scanner


    This scanner is designed specifically for sites that work on WordPress. The plugins and themes of your site are scanned, so if it makes sense to use it, if it seems to you that there may be some problems in these elements. Traditionally, the scanner will also tell you whether your version of WordPress is up-to-date, whether everything is good with robots.txt, and about all the oddities that will notice on your site (but the basic information will still be about plug-ins and themes).

    7. WPRecon WordPress Uptime & Security Monitoring


    In general, this scanner is similar to Hacker Target WordPress Security Scan (which went under number one), but there are three key differences. In addition to basic information, the scanner also provides data on:

    • internal links;
    • JavaScript links;
    • iFrame links.

    This information will help to notice and fix any problems much quicker, which you would not even have guessed otherwise.

    How often to use scanners?

    Checking the vulnerabilities and possible problems on the site is a regular procedure that should be performed at least once a month, but more often, as hacking can bring you a lot of problems.

    At the end of the article, I want to give some general advice on how to protect my site (they may seem trite to experienced users, but beginners will be useful).

    How to protect your site

    • Promptly update the CMS version.
    • Use plugins to protect the site (for WordPress you can advise Wordfence or Sucuri) and be sure to update their versions.
    • Use a complex password and change it regularly.
    • Be sure to change the password after you told it to an outside person (developer, SEO specialist, etc.).
    • Do not install themes or plugins from dubious sources.
    • Connect the site to Yandex.Webmaster in order to get all the information on time, if there are any problems.
    • Be sure to regularly make backups, including on a local computer.
    • Install the antivirus on your computer and check it regularly for viruses.

    Editor's Pick

    Notify of

    Inline Feedbacks
    View all comments