Det här tillägget har inte testats med någon av de 3 senaste huvudversionerna av WordPress. Det kanske inte längre underhålls och kan ha kompatibilitetsproblem när det används tillsammans med nyare versioner av WordPress.

Website Security Check


Website Security Check detects if your WordPress website has vulnerabilities and security flaws. Get a full security report for your website.

Check your website with our Free Website Security Check

Why is Your WordPress CMS Security Check Important​:

  • 55.9% of vulnerabilities came from plugins.
  • Over 90,978 attacks happening per minute on both big and small WordPress sites
  • 84% of all security vulnerabilities on the internet are the result of Cross-Site Scripting or XSS attacks.

Most of the casual bloggers start thinking about site security only after they get into first problems and majority of websites get hacked from entirely preventable issues, like not keeping things updated or using insecure passwords.

The majority of hacking attempts are made by bots, and you may be able to prevent hacker bots attacks by hiding your WordPress paths: wp-content, wp-include, plugins, themes, etc.

Just by changing the main paths, you may be able to protect your website against things like brute-force attacks, SQL-injection, and requests to your PHP files.

The test includes checking for updated plugins, themes and different files and functions which are known to hold security breaches.

Is WordPress CMS Vulnerable?​:

  • WordPress is one of the most popular CMS (Content Management System) options on the Internet these days.
  • Around 33% of websites are made with WordPress.
  • Even if WordPress is known for being a secure CMS, sometimes hackers do find vulnerabilities. Most site owners don’t know that the biggest risk comes from the installed plugins and themes. You obviously need to be careful with them, as plugin vulnerabilities represented 55.9% of the known entry points reported by respondents.

What happens if wp-login page is visible:

  • wp-login page is certainly one of the most vulnerable pages on your website.
  • If this path is visible means that an authentication path is visible and hackers can perform brute force login attempts.
  • A successful brute force attack can give hackers access to your admin area. An unsuccessful one can slow down your website or crush your server.
  • There are many strategies for dealing with this problem. The simplest one is to hide WordPress login page.

What happens if WordPress XML-RPC is visible:

  • XML-RPC is an API that allows anyone to interact with your WordPress website.
  • XML-RPC is also a way to manage your site without having to login manually via the wp-login page.

Why hackers try to access your WordPress website using xmlrpc.php file?:

  • Instead of 100 login attempts, the hackers could reduce their login attempts to 10 or less and still try 100 or even thousands of passwords to each request.
  • XML-RPC service is always at high risk for WordPress websites. For your safety, you should disable this service.
  • By disabling xml-rpc you can protect your website from DDoS attacks, brute force attacks, malicious pingback response.

If you like Website Security Check please help us and write us a positive review.

Try also our security plugin: Hide My Wp Ghost Free


  • Choose to start the report on demand for Website Security Check
  • Every task in Website Security Check comes with details and solutions


Manually install the Website Security Check plugin:
1. Log In as an Administrator on your WordPress site.
2. In the menu displayed on the left, there is a “Plugins” tab. Click it.
3. Now click “Add New”.
4. There, you have the “Upload” button. Click the ”Upload” button
5. Upload the file.
6. After the upload it’s finished, click Activate Plugin.
7. Start checking your website security with one click
9. Enjoy!

Website Security Check
WordPress Security Check

Vanliga frågor

Does this plugin work on WP Multisite?

Yes, the plugin works on both Single Website and WP Multisite.

The plugin also works with Apache, Nginx, IIS and LiteSpeed servers

Is this Plugin free of charge?

Yes. The plugin will always be free.

We will include all the required Security updates.

Is this plugin going to protect my website from all hackers?

This plugin will not protect your website from hackers but it will detect the security flaws.


9 februari 2021
We usually do not write reviews but this one deserves it! Even with the best security plugin installed, we never knew what additional vulnerability check needed to be done to guard against website vulnerabilities- this plugin does exactly just that! You don’t need to hire a security expert, you can fix most of the listed vulnerability issues on your own with the help of this plugin. Deserves our 5 star rating, absolutely recommended.
5 juni 2019
The security report is good and I learner how to repair the problems in my site. Good job!
Läs 1 betyg

Bidragsgivare och utvecklare

”Website Security Check” är programvara med öppen källkod. Följande personer har bidragit till detta tillägg.

Bidragande personer

Översätt ”Website Security Check” till ditt språk.

Intresserad av programutveckling?

Läs programkoden, kika på SVN-filförvaret eller prenumerera på utvecklarloggen via RSS.



  • Compatible with WordPress 5.5
  • Fixed some task issues


  • Compatible with WordPress 5.4


  • Compatible with WordPress 5.3.1
  • Added dashboard security meter
  • Added new tasks in Security check
  • Update the compatibility with more plugins


  • Compatible with WordPress 5.3


  • Update security tasks
  • Compatible with WordPress 5.2.2


  • Update compatibility with HTTPS
  • Fix minor bugs
  • Compatible with WordPress 5.2.1


  • Compatible with WordPress 5.2


  • Compatible with WordPress 5.1.1


  • Compatible with WordPress 5.1


  • Update – Uploaded plugin