WordPress fingerprinting tools

Supporting image for WordPress security tooling and tips


Good fingerprinting tools need to be part of your toolbox, especially if you perform regular security analysis. This category of tools specifically targets WordPress installations, even though some can be used for others as well.


WordPress fingerprinting tools are typically used for application discovery, application fingerprinting, application testing, web application analysis.

Users for these tools include pentesters and security professionals.


Popular WordPress fingerprinting tools

Plecost (WordPress fingerprinting)

web application analysis

Plecost is a security tool to fingerprint WordPress installations and find available vulnerabilities.

WPScan (WordPress vulnerability scanner)

penetration testing, security assessment, vulnerability scanning

WPScan can scan WordPress installations and determine if there are vulnerabilities in a particular installation.

WordPress Exploit Framework (WordPress exploiting toolkit)

penetration testing, security assessment, vulnerability scanning, web application analysis

The WordPress Exploit Framework (WPXF) provides a set of tools to assess and exploit WordPress installations. It can be used for pentesting and red teaming assignments. The tool is less friendly for beginners, but more experienced pentesters will find no difficulty in using it.

wp_enum (user enumeration)

penetration testing, security assessment, vulnerability scanning

This utility scans for the available identities on a WordPress installation.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.

Related topics

Looking for more specific topics within this tool group? Have a look at the following relevant topics.