23 Checks · No Login · Free
WordPress Analyzer
Analyse any WordPress site — version, security, plugins, theme, cache, SEO — without admin access. Passive detection only.
WP Detection
Security
Plugins & Theme
SEO & Cache
Headers & Perf.
Why analyse a WordPress site?
Security audit
WordPress powers 43% of the web and is the #1 hacker target. Active XML-RPC, exposed wp-config — detect vulnerabilities before attackers do.
Plugin inventory
Identify installed plugins without admin access. Useful for understanding a competitor's tech stack or auditing a client's site.
SEO & cache check
Check at a glance whether the SEO plugin is active, the sitemap is accessible and a cache plugin is in place to optimise Core Web Vitals.
Security headers
CSP, HSTS, X-Frame-Options — these HTTP headers are often forgotten on WordPress sites and expose visitors to XSS and clickjacking attacks.
FAQ
Yes, the analysis is entirely passive. The tool only makes standard HTTP requests (GET/HEAD) to public URLs, exactly as any browser would. No modifications are made to the site and no private data is accessed.
Add to your theme's functions.php:
remove_action('wp_head', 'wp_generator'); — this removes the generator meta tag. Also delete readme.html from the root and disable version display in the RSS feed.In functions.php:
add_filter('rest_endpoints', function($e){ unset($e['/wp/v2/users']); return $e; }); — this disables the REST endpoint. Also block /?author=1 by adding a redirect rule in .htaccess for ?author= queries.