WordPress is a popular target. According to the recent reports, 70% of WordPress installations are vulnerable to hacker attacks.
Well, with more than 70 versions of WordPress today, you cannot always ensure or predict security. With most businesses on WP, it makes sense to look for scanners that specialize in finding security loopholes on the platform.
Each vulnerability on the site is a potential security breach and that is where scanners come in handy. I am putting together a list of the most popular online vulnerability scanners along with thoughts on each.
1. Mister Scanner
You do not need to spend a fortune to find the online vulnerabilities that hackers can exploit. Mister Scanner is an inexpensive and yet powerful way to find out common OWASP security loopholes such as XSS, SQLi, and CSRF. Used by over 200 global companies, it is a value for money tool.
- Checks for XSS, SQLi, and CSRF
- Compatible with all versions
- Tests all the plugins for data leaks
- Automated and manual testing
- Simple reporting
My thoughts: It’s an obvious choice for businesses of all sizes.
2. WP Plugins Vulnerability Detector
If plugins are giving you sleepless nights, its time to use WP Plugins Vulnerability Detector. Many bloggers are using this scanner for a long time and now even companies are realizing the benefits. It can help you protect countless issues across content, plugins, themes, and more. The scanner is specially designed to deal with SQL-injections, Brute Force Attacks, and PHP file requests.
- Over half a decade of security experience
- Great for SQL-injections and brute force attacks
- Designed with WP framework in mind
- A blogger-favorite
My thoughts: Powerful, but not comprehensive.
Can you really go wrong with Sucuri? Offered as a default security plugin with most hosting providers, Sucuri WordPress vulnerability scanner offers everything you need. Although you will need the premium subscription to test the online assets in-depth but it is a good place to start.
- Malware check
- Website blacklisting check
- Injected spam test
- Defacement results
- Free scans
My thoughts: Basic security test. It doesn’t cover the OWASP or SANS risks.
4. Web Inspector
Web Inspector is the perfect replacement for Sucuri. It offers everything that the Sucuri free plan has and is pretty easy to use. Comodo has recently added a ton of features even on the free plan. If your site has malware, the experts will remove it without any questions or even credit card information.
- Quick malware scan
- Free malware removal in less than 30 minutes
- 24-hour support
- Advanced plans to check the site
My thoughts: Great for small teams and bloggers who cannot hire developers to remove the malicious files.
This comprehensive WordPress security scanner is one of the most powerful testing tools in the market. Detectify offers everything you need from content scanning to OWASP testing. It provides continuous monitoring in development, staging and production environments based on the inputs provided by more than 150 ethical hackers across the globe.
- Deep testing for more than 1500 vulnerabilities
- Databases managed by 150 ethical hackers
- Cloud dashboard to keep an eye on security
- Easy to understand reports
- Managed beyond normal CVE libraries
My thoughts: Perfect for small and big businesses.
Apart from running scans for your WordPress site, Upguard scanner also checks DNSSEC Enabled, Database, Administration, File Sharing, User Auth, Server Information Header, Breaches, Exposed Emails, Secure Cookies, SSL Strength, HttpOnly Cookies, Domain Expiry and much more. This tool tests Sub Domain, Communication Services, Info, Meta Tags, SSL, Scripts, Google Safe Browsing Check and Header.
- Comprehensive testing
- Cloud platform
- Easy to understand report
- Free basic plan
My thoughts: Use this WordPress scanning software when you do not want to spend a lot on security and can solve the reported problems with the help of a team.
HakcerCombat is more of a malware testing tool. It would not offer you detailed scanning features but covers basic tests like trojan, malware, phishing, suspicious popups, codes, connections, activity, worms, viruses, and backdoors. It keeps sending email reports so you can stay on top of the security game.
- Malware testing
- Trojan, malware, phishing, & suspicious popups reporting
- Frequent email reporting
My thoughts: HackerCombat is yet another basic scanner for bloggers and small businesses. If you need better protection, I suggest you check out these Website Security Scan Tools.
Do you have any other tools to recommend? Leave them in the comments below.