WPScan – WordPress Security Scanner

WPScan – WordPress Security Scanner

WPScan WordPress Security Scanner - Scans your system for security vulnerabilities listed in the WPScan Vulnerability Database.

  • Frequently updated
    Very good! This plugin is actively maintained and the last update was released 414 days ago.
  • This plugin is tested with the last major release of WordPress
    Content for list item
  • Compatible with the latest major PHP release
    This plugin requieres PHP 5.5 or higher. The latest stable PHP 8.4.13 was released on 25 September 2025
  • No information about vulnerabilities and unfixed security issues is available.
    Content for list item

Ratings

28

Active installs

9K

Total Downloads

260K

Support Threads

0

Last updated

14 August 2024

Added

02 March 2019

Versions

21.14%76.49%2.37%
  • Version 1.15
  • Version 1.16
  • Version other

Screenshots

List of vulnerabilities and icon at Admin Bar.
Notification settings.
Site health page.
76

Rating

Based on 28 on WordPress.org

Download plugin Plugin website WordPress.org repository Support forum Plugin on WordPress.com

About WPScan – WordPress Security Scanner

+ Show more

FAQ

There is one API call made for the WordPress version, one call for each installed plugin and one for each theme. By default there is one scan per day. The number of daily scans can be configured when configuring notifications.

To configure your API token in the wp-config.php file, use the following PHP code: define( 'WPSCAN_API_TOKEN', '$your_api_token' );

You can set the following PHP constant in the wp-config.php file to disable scanning; define( 'WPSCAN_DISABLE_SCANNING_INTERVAL', true );.

The cron job did not run, which can be due to:
– The DISABLE_WP_CRON constant is set to true in the wp-config.php file, but no system cron has been set (crontab -e).
– A plugin’s caching pages is enabled (see https://wordpress.stackexchange.com/questions/93570/wp-cron-doesnt-execute-when-time-elapses?answertab=active#tab-top).
– The blog is unable to make a loopback request, see the Tools->Site Health for details.

If the issue can not be solved with the above, putting define('ALTERNATE_WP_CRON', true); in the wp-config.php could help, however, will reduce the SEO of the blog.

To configure your API token in the wp-config.php file, use the following PHP code: define( 'WPSCAN_API_TOKEN', '$your_api_token' );

You can set the following PHP constant in the wp-config.php file to disable scanning; define( 'WPSCAN_DISABLE_SCANNING_INTERVAL', true );.

The cron job did not run, which can be due to:
– The DISABLE_WP_CRON constant is set to true in the wp-config.php file, but no system cron has been set (crontab -e).
– A plugin’s caching pages is enabled (see https://wordpress.stackexchange.com/questions/93570/wp-cron-doesnt-execute-when-time-elapses?answertab=active#tab-top).
– The blog is unable to make a loopback request, see the Tools->Site Health for details.

If the issue can not be solved with the above, putting define('ALTERNATE_WP_CRON', true); in the wp-config.php could help, however, will reduce the SEO of the blog.

You can set the following PHP constant in the wp-config.php file to disable scanning; define( 'WPSCAN_DISABLE_SCANNING_INTERVAL', true );.

The cron job did not run, which can be due to:
– The DISABLE_WP_CRON constant is set to true in the wp-config.php file, but no system cron has been set (crontab -e).
– A plugin’s caching pages is enabled (see https://wordpress.stackexchange.com/questions/93570/wp-cron-doesnt-execute-when-time-elapses?answertab=active#tab-top).
– The blog is unable to make a loopback request, see the Tools->Site Health for details.

If the issue can not be solved with the above, putting define('ALTERNATE_WP_CRON', true); in the wp-config.php could help, however, will reduce the SEO of the blog.

The cron job did not run, which can be due to:
– The DISABLE_WP_CRON constant is set to true in the wp-config.php file, but no system cron has been set (crontab -e).
– A plugin’s caching pages is enabled (see https://wordpress.stackexchange.com/questions/93570/wp-cron-doesnt-execute-when-time-elapses?answertab=active#tab-top).
– The blog is unable to make a loopback request, see the Tools->Site Health for details.

If the issue can not be solved with the above, putting define('ALTERNATE_WP_CRON', true); in the wp-config.php could help, however, will reduce the SEO of the blog.

Changelog

1.16

1.15.7

1.15.6

1.15.5

1.15.4

1.15.3

1.15.2

1.15.1

1.15

1.14.4

1.14.3

1.14.2

1.14.1

1.14

1.13.2

1.13.1

1.13

1.12.3

1.12.2

1.12.1

1.12

1.11

1.10

1.9

1.8

1.7

1.6

1.5

1.4

1.3

1.2

1.1

1.0

How to install WPScan – WordPress Security Scanner

  1. Upload wpscan.zip content to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Register for a free API token
  4. Save the API token to the WPScan settings page or within the wp-config.php file