
WPScan
Wordfence
WordPress Security Scanner
WPCheckr
wpscan.online
WPScans.com
Sucuri
Jetpack
Security Headers
Mozilla Observatory
Hardenize
Qualys SSL Server Test
HTTP Observatory
MxToolBox
Snyk
Sucuri Security Scanner
WPScanBased on our record, Security Headers should be more popular than WPScan. It has been mentiond 69 times since March 2021. We are tracking product recommendations and mentions on various public social media platforms and blogs. They can help you identify which product is more popular and what people think of it.
WPScan was (and maybe still is?) the de facto security scanner for WordPress security problems. I remember using it with great success during my days running security assessments, and it's great that the open source repo is still around. However, my understanding is that it's no longer maintained -- instead, WPScan is now a private company that sells the product: https://wpscan.com. - Source: Hacker News / 7 months ago
Or you could just run WPScan, a simple open source CLI Wordpress pen testing tool which will scan for 30k+ known WP vulnerabilities. It certainly isn't as comprehensive as hiring a Red Team to attack the site but it can provide baseline assurance that no gaping holes exist in your security config, This should be part of your security hardening workflow if is isnt already. Source: over 3 years ago
Source: https://wpscan.com/wordpress-security-scanner. Source: over 3 years ago
Finally, you can use a service like WPScan to fix WordPress issues by scanning your website for plugins and themes that have known security vulnerabilities. Source: over 3 years ago
After our initial port scan, we might do more scans depending on what we find. In order to be as effective as possible, and to gather as much information as possible, pentesters are often running multiple scans simultaneously on a target. There are hundreds of tools out there for every service imaginable. Some of the tools worth mentioning are wpscan (https://wpscan.com/wordpress-security-scanner) for Wordpress... - Source: dev.to / over 4 years ago
Check: Go to securityheaders.com and enter your URL. A grade below B means you're missing important ones. - Source: dev.to / 26 days ago
The curl above is the fastest check; all four lines should come back. In a browser, DevTools, Network tab, click the document request, read Response Headers. For a letter grade, securityheaders.com scores you against a known rubric. One quirk: these four alone land a B, and you reach A only once you add Content-Security-Policy. - Source: dev.to / about 2 months ago
Remediation: Configure your web server to suppress or mask the Server header. Add security headers like Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, and X-Content-Type-Options. You can use tools like securityheaders.com to check your current header posture. - Source: dev.to / 3 months ago
Step 4: Check your security headers (2 minutes) Visit securityheaders.com and enter your deployed URL. If you get anything below a B, you're missing critical protections. - Source: dev.to / 4 months ago
How to check: Run curl -I https://yourdomain.com and scan the response headers. Or paste your URL into securityheaders.com for a free graded report. - Source: dev.to / 4 months ago
Wordfence - Comprehensive security plugin for WordPress.
Mozilla Observatory - The Mozilla Observatory is a project designed to help developers, system administrators, and security professionals configure their sites safely and securely.
WordPress Security Scanner - Check if your WordPress site has known vulnerabilities
Hardenize - Hardenize provides a comprehensive and free assessment of web site network and security configuration.
WPCheckr - Free WordPress security scanner and vulnerability checker. Instantly scan your WP site for security issues, plugin vulnerabilities, and misconfigurations.
Qualys SSL Server Test - This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.