About Us

The first version of the WPScan command line tool was released in 2011 from a need to consolidate all of WordPress's security failings into a single tool, which could be used to assess the security of WordPress blogs. The WPScan tool quickly became widely used amongst the security and WordPress communities. Later, we launched the WPScan Vulnerability Database to keep track of WordPress core, plugin and theme vulnerabilities. And finally, we launched WPScan.io, a Software-as-a-Service (SaaS) WPScan offering to help cator for users with other needs.

Scanning Engine

We use the WPScan tool, which we created and maintain, as our scanning engine. The WPScan tool has been around since 2011 and used by many thousands of users. It is the most popular black-box WordPress Vulnerability Scanner.

Vulnerability Database

We have been collecting WordPress core, plugin and theme vulnerabilities within a database, that we call the WPScan Vulnerability Databse, since the launch of the WPScan tool back in 2011. WPScan.io uses this database to detect known security vulnerabilities within your site.


This is the official WPScan Software-as-a-Service (SaaS) offering, where we have combined all of our resources from over the years to bring you a commercial product. With this service you can run scans in the cloud, schedule daily scans and be alerted to new security issues that affect your WordPress site.


All of the features that come with the WPScan tool are now available in the cloud. Run scans, schedule scans, create alerts and download scan results.

WordPress Version Enumeration

Detect the version of WordPess that is in use to check if it is out of date, or affected by any known security vulnerabilities.

Plugin Enumeration

Detect the plugins installed on your site and find out if they are out of date, or affected by known security vulnerabilities.

Theme Enumeration

Detect the themes installed on your site and find out if they are out of date, or affected by known security vulnerabilities.

Vulnerability Database

We have our own vulnerabilitiy database that we have been using to collect security vulnerability details for years.

Password Brute Forcing

Check to see if any of your users are using easy to guess passwords that could be compromised by black hat hackers.

Username Enumeration

Find out what usernames are being exposed by your WordPress site, which could then be used to mount a password brute force attack against.

Secure Your Site Today

Register now and start scanning your WordPress site to see what the black hat hackers see when they try to compromise your site.

Register Now


Our users trust us to ensure their WordPress sites are as secure as possible.








Flexible pricing whether you only have a personal blog, you manage WordPress sites for others, or you have enterprise needs.


  • Up to 1 website
  • Up to 6 scans per day per website
  • 1 scheduled scan per website
  • and 5 manual scans per website
  • Email alerts
  • Try our service free for 3 days
Sign up