WordPress Recon

WordPress Recon

See what your WordPress site reveals

Size85 KB
Updated3 Jul 2026
InstallsNew
Screenshot 1Screenshot 2

WordPress Recon audits WordPress sites you own to show what they reveal about themselves — the things an attacker fingerprints first. Enter a URL and it detects the WordPress version, active theme, and plugins, checks whether usernames can be enumerated, probes for exposed endpoints like xmlrpc, the REST API, readme files, directory listings and config backups, and reviews HTTP security headers and hardening. Findings are grouped by severity with a plain explanation of why each one matters and how to fix it, and every scanned site stays in the sidebar with its own history so you can rescan and track what you've hardened over time. It only detects disclosure — no logins, no brute force, no exploitation. For auditing sites you own or are authorized to test.