wordpress.org

Scanned Apr 27, 2026, 10:00 AM

Run a fresh audit — Upgrade

A · Safe

Plugins Detected

Active Vulnerabilities

Outdated Plugins

Abandoned

Security Assessment

Key findings for wordpress.org

No known vulnerabilities detected in installed plugins.
2 plugins have been abandoned by the developer.
Security headers grade D — 2 important headers are missing.
3 sensitive paths exposed to the public.

WordPress

Version hidden

Core installation

Active Theme

wporg-parent-2021 v1.0.0

Up to date

Hosting Provider

WordPress.com (Automattic)

Infrastructure

Detected Plugins

7 total

Plugin	Version	Status	Vulnerabilities	Score
Gallery Carousel Without JetPack medium confidence	0.7.5	Abandoned	None found	85
Slim Jetpack medium confidence	2.7.0.1	Abandoned	None found	85
Jetpack – WP Security, Backup, Speed, & Growth medium confidence	15.7	Up to date	None found	87
Gutenberg medium confidence	23.0.0→22.9.0	Up to date	None found	96
Akismet Anti-spam: Spam Protection medium confidence	5.6	Up to date	None found	99

Your full security report is ready

We found 7 plugins on this site. Unlock the complete analysis:

All 7 detected plugins

CVE details & patch status

Security header analysis

Exposed paths & TLS audit

DNS & email security

CT log subdomain discovery

Security Report

one-time

$49USD

Full report for this site
Every detected plugin & CVE
Remediation guidance
No re-audit after fixes

Get Report — $49

Recommended

Report + Re-audit

best value

$99USD

Everything in Security Report
One complimentary re-audit within 90 days
Verify your fixes actually closed the findings
Clean-record badge for your site

Get Report + Re-audit — $99

Guided Remediation

small business

$299USD

Everything in Report + Re-audit
15–30 min expert consult to triage findings
Prioritized action plan for your site
Optional partner handoff for fixes

Get Guided Remediation — $299

One-time payment · Instant access · No subscription required

Not ready to buy? We'll send you a one-time free alert

if we detect a new vulnerability affecting your plugins.

One free alert · Continuous monitoring available with a paid plan

Security Posture

Security Headers

TLS/SSL

Exposed Paths

Email Security

Security Headers

42/100

Content-Security-Policy

No Content-Security-Policy header. Your site is more vulnerable to XSS attacks.

Strict-Transport-Security

HSTS max-age is too short. Recommended: at least 1 year (31536000).

X-Frame-Options

Clickjacking protection is enabled.

3 more checks — unlock full report to see all

TLS/SSL Certificate

Issuer

Expires

59 days

Protocol

TLSv1.3

Wildcard

Yes

Exposed Paths & Login Security

3 exposed

3 security issues found — unlock to see which paths are exposed.

DNS & Email Security

SPF

SPF record with hard fail (-all) — strong email authentication.

DMARC

DMARC policy is set to reject — strongest protection against email spoofing.

DKIM

No DKIM record found for common selectors. Email authenticity cannot be verified (or uses a non-standard selector).

Infrastructure

Server Software

Server: nginx

X-Powered-By

X-Powered-By header is not exposed.

Web Application Firewall

No WAF detected. Consider adding one for additional protection.

Scan another site