Free scan

Grade a site's security posture in seconds.

Paste a WordPress site URL — get an A+ to F grade across HTTP security headers, information disclosure, WordPress hardening, and cookie posture. No sign-up, no install.

What this scan does

We fetch the URL you provide and inspect signals visible from the public internet — response headers, the homepage HTML, cookie attributes, whether XML-RPC and the REST API are reachable. The grade summarises 16 checks across four categories.

The checks mirror the same posture checklist the installed plugin uses. You get the public half here; installing the plugin adds the rest (brute-force defence, two-factor enrolment, integrity verification, scheduled scans).

What it doesn't do

This scan does not log into the site, does not crawl pages beyond the homepage and two well-known WordPress probes, and does not change anything. It is read-only by design.

It is not a malware scan. If you suspect the site is already compromised, install the plugin — it inspects file contents, restores tampered core, plugin, and theme files to canonical upstream content, and removes injections without touching legitimate functionality.

Your privacy

We don't retain the URL you submit beyond what is needed to return the grade. We don't sell or share user data. Logs record an anonymised peer IP and the target host for abuse review only. Read the privacy policy for the full policy.

Find injections on the inside, not just headers on the outside.

Install Segurium for the same posture checks plus malware detection and one-click cleanup without risks of downtime. Free on every site.