Osom WP/Woo Detector Pro

Detect WordPress & WooCommerce instantly. Full tech stack analysis with security audit, version check, and one-click export reports.

Osom WP/Woo Detector Pro — the most advanced WordPress & WooCommerce detection extension for Chrome. Instantly know if any website runs WordPress or WooCommerce. Get deep insights into the theme, page builder, security setup, plugins, hosting, and CMS version — all in one click. Then run a professional security audit with a letter grade, actionable findings, and a one-click exportable report. Built by Osom Studio, a WordPress agency with 10+ years of experience building enterprise WordPress and WooCommerce solutions. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ⚡ INSTANT DETECTION (automatic on every page) The extension runs silently in the background and analyzes every page you visit. A badge appears on the icon: • WP (blue) — WordPress detected • WC (purple) — WooCommerce store detected • ? (gray) — possible WordPress, run Security Audit to confirm No clicks needed — just browse and see the badge light up. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🔍 50+ DETECTION METHODS Unlike basic detectors that only check the meta generator tag, Osom WP/Woo Detector Pro uses 50+ detection methods across 9 tiers: Tier 1 — Meta tags & generator Tier 2 — Link tags (REST API, oEmbed, pingback, EditURI, RSS, DNS prefetch) Tier 3 — Script analysis (wp-includes, wp-content, WooCommerce scripts, emoji loader, script handles & IDs) Tier 4 — Body & HTML classes (page-template, postid, woocommerce-page, builder classes) Tier 5 — HTML comments (Gutenberg block markers, cache plugin signatures, SEO plugin signatures) Tier 6 — DOM structure (admin bar, WooCommerce elements, JSON-LD, nonce fields, builder elements, block theme markers) Tier 7 — Global JavaScript objects (wp, wpApiSettings, WC params, builder frontends) Tier 8 — Cookies (WordPress login, WP settings, WooCommerce cart) Tier 9 — Mixed content scan (insecure HTTP resources on HTTPS pages) This multi-layered approach means the extension can detect WordPress even on hardened sites that hide the generator tag and use security plugins to obscure WP fingerprints. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🔒 SECURITY AUDIT WITH GRADE & SCORE (one-click) Click "Run Security Audit" to perform a comprehensive security assessment. The extension probes HTTP endpoints, analyzes headers, validates file exposure, and checks the WordPress version — then gives you a clear result: • Letter grade (A through F) and numeric score (0–100) • Findings sorted by severity: Critical, High, Medium, Low • Each finding includes a description, impact explanation, and step-by-step remediation with ready-to-use code snippets • Good practices section — highlights what the site is already doing right (hidden login, blocked XML-RPC, enabled HTTPS, active CDN/WAF, etc.) What gets checked: • Exposed sensitive files — config backups, environment files, git repositories, debug logs, database dumps, PHP info pages (every file is content-validated to prevent false positives — a custom 404 page won't trigger fake alerts) • WordPress version currency — compared in real-time against the latest stable release from the official WordPress API, with clear "up to date" / "outdated" status • Login security — default login URL exposure, XML-RPC status, user registration state • User enumeration — REST API user endpoint, author archive enumeration • Directory listing — uploads, plugins, themes, includes directories • Security headers — HSTS, CSP, X-Frame-Options, content type options, referrer policy • Mixed content — HTTP resources loaded on HTTPS pages (scripts, stylesheets, images, iframes, media, embeds) with per-type breakdown • wp-cron.php — public accessibility check • Server information disclosure — PHP version, server software headers Zero false positives: every sensitive file probe downloads and validates the actual response content, not just the HTTP status code. A server returning an HTML error page for a non-existent file won't trigger a fake critical finding. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📋 ONE-CLICK REPORT EXPORT After running the Security Audit, click "Copy Report to Clipboard" and get a complete, professionally formatted plain-text report — ready to paste into an email, Slack message, or client proposal. The report includes: full detection results, technology stack, all security findings with descriptions and fix instructions, good practices, and the overall grade. Generated in seconds, branded with your agency name. Perfect for: client site audits, pre-sales assessments, security review documentation, competitor analysis reports. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🎨 THEME DETECTION WITH FULL METADATA Detects the active theme from stylesheets and scripts, then the Security Audit fetches the theme's style.css to extract the full header: • Theme Name, Version, Author, Author URI, Theme URI • Parent theme (automatically detected and probed) • Requires WP, Requires PHP, Text Domain, Tags, License • Block Theme / Full Site Editing detection for modern WordPress themes Child themes are automatically recognized and the parent theme is probed separately. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🏗️ PAGE BUILDER DETECTION Identifies 13 page builders through multiple signals — DOM classes, data attributes, inline scripts, global JS objects, script handles, CSS custom properties, and REST API namespaces. Shows the primary builder with a confidence score, version when available, and lists any additional builders detected on the same site. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ⚙️ INFRASTRUCTURE DETECTION Beyond the CMS itself, the extension identifies the broader technology stack: • Cache plugin — detected from HTML comments, script signatures, and inline markers • SEO plugin — detected from HTML comments, schema markup, and script handles • CDN / WAF — detected from HTTP response headers • Hosting provider — identified from hostnames, HTTP headers, and server signatures • Security plugins and firewalls — detected from scripts, cookies, inline code, HTML comments, HTTP headers, and endpoint behaviour ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 🧩 PLUGIN DETECTION Identifies installed plugins through multiple channels: • /wp-content/plugins/ paths in scripts and stylesheets • REST API namespaces • Script handles and inline configurations ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 📊 FULL SIGNAL TRANSPARENCY Every detection is backed by individual signals you can inspect. Expand "All Detection Signals" to see exactly what was found, sorted by confidence level (high / medium / low). No black boxes — you see every data point that contributed to the result. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ WHO IS THIS FOR? → WordPress developers & agencies — audit any WP site's tech stack and security in seconds, export a professional report for your client → Sales & business development — identify prospects running WordPress or WooCommerce → Security researchers — quick hardening assessment without manual testing → Competitors analysis — see what theme, builder, and plugins your competitors use → Anyone curious — just browse the web and discover how many sites run on WordPress ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ PRIVACY • No data collection — all analysis runs locally in your browser • No external API calls for detection (only direct requests to the site you're visiting, plus one call to the official WordPress version API during audits) • No tracking, no analytics, no accounts required • Open detection methodology — inspect every signal in the popup ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ WHAT'S NEW IN v3.0 • Security Audit — full professional-grade security assessment with letter grade, scored findings, impact descriptions, remediation code, and good practices • WordPress version check — real-time comparison against the latest stable release • Mixed content detection — finds insecure HTTP resources on HTTPS pages • One-click report export — copy a complete audit report to clipboard • Cache, SEO & CDN detection — identifies the full infrastructure stack • Block Theme / Full Site Editing detection • 13 page builders supported (up from 10) • Content-validated file probes — zero false positives on sensitive file checks ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Built with ❤️ by Osom Studio (www.osomstudio.com) — a WordPress and WooCommerce development agency specializing in custom WordPress & WooCommerce solutions for enterprises. We rescue sites from agency hell. Questions or feature requests? Visit www.osomstudio.com or reach out — we'd love to hear from you.