Skip to main content
All CollectionsConfiguring, Customizing & TroubleshootingTroubleshooting
How To Scan Your Website For Vulnerabilities With WordPress Security Scanner
How To Scan Your Website For Vulnerabilities With WordPress Security Scanner

Keep your WordPress database, themes, and plugins safe by scanning them daily for security vulnerabilities.

Ryan Gray avatar
Written by Ryan Gray
Updated over a week ago

The WPScan WordPress Security Scanner plugin can be configured to scan your WordPress site on a daily daily basis to find security vulnerabilities listed on - A WordPress vulnerability database for WordPress core security vulnerabilities, plugin vulnerabilities and theme vulnerabilities.

To use the WPScan WordPress Security Plugin, you will need to first request a free API token which can be done by registering here.

Once logged into your free account, you may go to the PROFILE page to access your API token;

A free account would be limited to 50 API requests per day. If you have more than 50 plugins you may consider upgrading to a paid account.

Once you have your API key, the next step would be to install and activate the WPScan plugin from inside of Wordpress;

The WPScan utility will have two menus - a reports menu where you can view the last report, as well as a settings menu, which you'll use to configure the plugin with your API key;

Once installed, the first thing you would want to do is head to Settings. From there, you will be able to add your new API key as shown;

After that, you may then select the Report option. From there, you will then see your scan results, as well as an option to rescan on demand. You will be provided with a breakdown of each plugin, and each known vulnerability that is detected will provide a third-party link to with further information on how to resolve the issue.


Did this answer your question?