Osom WP/Woo Detector Pro

Detect WordPress & WooCommerce sites instantly. Shows CMS version, theme, page builder, security plugins, and hosting.

Osom WP/Woo Detector Pro — the most advanced WordPress & WooCommerce detection extension for Chrome. Instantly know if any website runs WordPress or WooCommerce. Get deep insights into the theme, page builder, security setup, plugins, hosting, and CMS version — all in one click. Built by Osom Studio, a WordPress agency with 10+ years of experience building enterprise WordPress & WooCommerce solutions. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ⚡ INSTANT DETECTION (automatic on every page) The extension runs silently in the background and analyzes every page you visit. A badge appears on the icon: • WP (blue) — WordPress detected • WC (purple) — WooCommerce store detected • ? (gray) — possible WordPress, run Deep Scan to confirm No clicks needed — just browse and see the badge light up. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🔍 50+ DETECTION METHODS Unlike basic detectors that only check the meta generator tag, Osom WP/Woo Detector Pro uses 50+ detection methods across 8 tiers: Tier 1 — Meta tags & generator Tier 2 — Link tags (REST API, oEmbed, pingback, EditURI, RSS, DNS prefetch) Tier 3 — Script analysis (wp-includes, wp-content, WooCommerce scripts, emoji loader, script handles & IDs) Tier 4 — Body & HTML classes (page-template, postid, woocommerce-page, builder classes) Tier 5 — HTML comments (Gutenberg block markers) Tier 6 — DOM structure (admin bar, WooCommerce elements, JSON-LD, nonce fields, builder elements) Tier 7 — Global JavaScript objects (wp, wpApiSettings, WC params, builder frontends) Tier 8 — Cookies (WordPress login, WP settings, WooCommerce cart) This multi-layered approach means the extension can detect WordPress even on hardened sites that hide the generator tag and use security plugins to obscure WP fingerprints. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🔬 DEEP SCAN (one-click HTTP probing) Click "Run Deep Scan" to probe the site's HTTP endpoints and unlock the full analysis: • REST API (/wp-json/) — site name, description, registered namespaces • WP Sitemap (/wp-sitemap.xml) • wp-login.php — checks if login page is exposed or hidden by security plugin • xmlrpc.php — checks if XML-RPC is open or blocked • readme.html — checks if version-leaking file is still accessible • RSS feed — extracts WordPress version from generator tag • WooCommerce API (/wc-api/) — confirms WooCommerce installation • wp-cron.php accessibility • User enumeration via REST API and author archives • Full HTTP security header analysis ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🎨 THEME DETECTION WITH FULL METADATA Detects the active theme from stylesheets and scripts, then Deep Scan fetches the theme's style.css to extract the full header: • Theme Name, Version, Author, Author URI, Theme URI • Parent theme (automatically detected and probed) • Requires WP, Requires PHP, Text Domain, Tags, License • Known Theme Recognition — identifies 30+ popular themes with their category and typical page builder Child themes are automatically recognized and the parent theme is probed separately. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🏗️ PAGE BUILDER DETECTION Identifies 10 page builders through multiple signals — DOM classes, data attributes, inline scripts, global JS objects, script handles, CSS custom properties, and REST API namespaces. Shows the primary builder with a confidence score, version when available, and lists any additional builders detected on the same site. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🛡️ SECURITY PLUGIN DETECTION Detects 12+ security plugins and firewalls through scripts, cookies, inline code, HTML comments, HTTP headers, and endpoint behaviour. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🔒 HARDENING SCORECARD After Deep Scan, get a visual security checklist showing what's exposed and what's properly hardened: ✓ Login page — Hidden or Exposed ✓ XML-RPC — Blocked or Open ✓ User enumeration (REST API) — Blocked or Open ✓ Author enumeration — Blocked or Open ✓ readme.html — Removed or Exposed ✓ REST API — Restricted or Public Green dot = properly hardened. Red dot = potentially exposed. Useful for quick security audits and competitor analysis. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🧩 PLUGIN DETECTION Identifies installed plugins through multiple channels: • /wp-content/plugins/ paths in scripts and stylesheets • REST API namespaces • Script handles and inline configurations ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🌐 HOSTING DETECTION Identifies 20+ WordPress hosting providers from hostnames, HTTP headers, and server signatures plus generic server detection. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📊 FULL SIGNAL TRANSPARENCY Every detection is backed by individual signals you can inspect. Expand "All Detection Signals" to see exactly what was found, sorted by confidence level (high / medium / low). No black boxes — you see every data point that contributed to the result. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ WHO IS THIS FOR? → WordPress developers & agencies — quickly audit any WP site's tech stack → Sales & business development — identify prospects running WordPress or WooCommerce → Security researchers — quick hardening assessment without manual testing → Competitors analysis — see what theme, builder, and plugins your competitors use → Anyone curious — just browse the web and discover how many sites run on WordPress ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ PRIVACY • No data collection — all analysis runs locally in your browser • No external API calls for detection (only direct requests to the site you're visiting) • No tracking, no analytics, no accounts required • Open detection methodology — inspect every signal in the popup ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Built with ❤️ by Osom Studio (www.osomstudio.com) — a WordPress and WooCommerce development agency specializing in custom WordPress & WooCommerce solutions for enterprises. We rescue sites from agency hell. Questions or feature requests? Visit www.osomstudio.com or reach out — we'd love to hear from you.