WordPress security tools

Supporting image for WordPress security tooling and tips


WordPress has become one of the biggest platforms that drive the web. Keep your WordPress installation secured with these security tools.

WordPress is a powerful framework and Content Management System (CMS). It powers some of the biggest websites and is a beloved platform for bloggers. With this popularity, WordPress has seen also some negative attention when it comes to security. Now that automatic updates reduce the risks in the core, there is still some room for improvement left. The WordPress security tools in this category help to perform a scan and do an assessment.

This tool category contains several types of scanners, each targetting different security areas. As usual, most of these tools have their own strengths and weaknesses. Therefore it is suggested to combine a few tools when scanning a website or WordPress instance. By creating your own preferred toolkit, you can better assess how well a WordPress installation is secured.


WordPress security tools are typically used for application security.

Users for these tools include developers, pentesters, security professionals, system administrators.


WordPress security tools
ToolTypeDescriptionLatest releaseRelease dateScore
droopescanCMS vulnerability scannerThis plugin-based security tool helps to detect and test for weaknesses in common CMS systems like Drupal, SilverStripe, and WordPress.1.41.0May 6, 201885
VaneWordPress vulnerability scannerVane is a forked project of the now non-free popular WordPress vulnerability scanner WPScan.UnknownUnknown64
WordpresscanWordPress vulnerability scannerWordpresscan is a security scanner for WordPress installations. It is based on the work of WPScan with some ideas inspired by the WPSeku project.1.0a0Sept. 9, 201768
WordPress Exploit FrameworkWordPress exploiting toolkitThe WordPress Exploit Framework (WPXF) is a framework written in Ruby. As the name implies, it aids in pentesting WordPress installations.1.9.2April 14, 201893
WordstressWhite-box scanner for WordPress installationsWordstress is a security scanner for WordPress installations. It uses a white-box approach in scanning, which makes it different than most other scanners.0.70.0Jan. 27, 201660
wp_enumUser enumerationThe wp_enum tool helps with the discovery of WordPress users and accounts.No versionMarch 5, 201740
WPScanWordPress vulnerability scannerWPScan is a security tool to perform black box WordPress vulnerability scans, including enumeration of used plugins2.9.4June 15, 2018100
WPSploitScanner for WP themes and pluginsWPSploit helps developers and penetration testers to perform a code audit of WordPress themes and plugins. The tool runs a static code analysis on the systems itself for possible security flaws.UnknownUnknown56