← All Providers

WPScan

cli Subscription

wpscan.com

🇬🇧 United Kingdom

Quick Facts

Open Source
Yes GitHub
Platforms
windowsmaclinux
API Available
yes
Account
Required
Skill Level
intermediate
Offline Capable
Yes
Output Formats
jsontxt
Rate Limits
25/day free

What it does

WordPress security scanner with database of 69,931+ vulnerabilities across WordPress core, plugins, and themes. Operated by Automattic (WordPress.com parent company). Available as CLI tool for researchers and API for integration. Partners with Jetpack Protect for free WordPress plugin. Enterprise tier includes Slack webhooks, CVSS scores, and instant alerts.

When to use it

  • WordPress security audits
  • Identifying vulnerable plugins/themes
  • Continuous WordPress monitoring
  • Security research and CVE lookups

When not to use it

  • Non-WordPress sites
  • General web vulnerability scanning
  • When you need more than 25 API calls/day (free tier)

Limitations

  • Free tier: 25 API calls/day
  • WordPress-specific only
  • Enterprise features require custom pricing
Visit Tool GitHub

Frequently Asked Questions

Is WPScan free to use?
WPScan requires a paid subscription.
What platforms does WPScan support?
WPScan is available on Windows, macOS, Linux.
What are the rate limits for WPScan?
WPScan has a rate limit of 25/day free.
Does WPScan require an account?
Yes, WPScan requires an account to use.
Is WPScan open source?
Yes, WPScan is open source. The source code is available on GitHub.
What are the limitations of WPScan?
Free tier: 25 API calls/day WordPress-specific only Enterprise features require custom pricing
What does WPScan do?
WPScan is a command-line tool for php & wordpress security. WordPress security scanner with database of 69,931+ vulnerabilities across WordPress core, plugins, and themes. Operated by Automattic (WordPress.com parent company). Available as CLI tool for researc

Related Tools

DecodePHP

Professional IonCube decoder supporting versions 10 through 15 with PHP 7.1 to 8.4. Upload encrypted PHP files and get readable source code back.
PHP Sandbox Free

Test PHP code across 5 versions simultaneously. From PHP 4.0 to 8.4, see exactly how your code behaves.
Shield MAL{ai} Free

AI-powered PHP malware detection. Learns from new samples to catch threats signatures miss.
Sucuri SiteCheck Free

Free remote website malware scanner. Checks blacklists, detects infections, and identifies outdated software.

Categories

PHP & WordPress Security
Comparing (/4):

Tool Comparison

Feature
Type
Pricing
Platforms
Description