Scan your WordPress site for vulnerabilities
Full internal scan, zero external API. Reliable results, saved report, actionable recommendations.
Run your free scan
100% free. Create an account with an email and password, add your site, verify DNS ownership, then run the full diagnostic.
How does the WPDefender vulnerability scan work?
Our WordPress scanner performs a complete analysis of your site internally, never sending data to third-party services. Here is exactly what we check:
HTTPS and SSL certificate
Verification that your site uses an encrypted connection. A site without HTTPS exposes visitor data and is penalized by Google.
WordPress version and exposure
CMS version detection. An exposed or outdated version makes targeted attacks easier. We check if your version is up to date.
XML-RPC interface
XML-RPC can be exploited for brute force and DDoS attacks. If the interface is exposed, we alert you immediately.
Exposed debug.log file
A public log file reveals file paths, PHP errors and database credentials to attackers.
Directory listing
If directory indexing is enabled (especially in wp-content/uploads), private files become publicly visible.
Known WordPress vulnerabilities
Cross-referencing your WordPress version and active plugins with our internal signature database. Critical and high severity vulnerabilities detected automatically.
What you get after the scan
Security score /100
A synthetic score summarizing your site's overall security status.
Detailed report
Each control point documented with its status, explanation and recommended fix.
Fix recommendations
For each vulnerability, the fix version or action to take.
History and tracking
Each scan saved in your account to compare evolution.
Why choose the WPDefender scan?
100% internal
No external API calls. Your data never leaves our servers.
Sovereignty
Scan hosted in France. GDPR compliant.
Verified ownership
DNS verification ensures we only analyze sites you own.
Local signature database
Our engine compares your configuration against an internal database of known WordPress vulnerabilities.
Frequently asked questions
Is the scan really free?
Yes, 100% free, no credit card and no commitment.
Why do I need to add a DNS record?
DNS verification proves you own the domain. This is a security and ethics measure.
Does the scan access my files?
No. The scan is 100% passive: it only analyzes public signals.
What if vulnerabilities are detected?
The report indicates the fix. Our intervention plans (from €149) cover everything.
Ready to secure your WordPress?
Run your first scan in a few minutes.