Item logo image for WP Security Report

WP Security Report

https://teamofmonkeys.com/
5.0(

3 ratings

)
ExtensionTools8 users
Item media 5 (screenshot) for WP Security Report
Item media 1 (screenshot) for WP Security Report
Item media 2 (screenshot) for WP Security Report
Item media 3 (screenshot) for WP Security Report
Item media 4 (screenshot) for WP Security Report
Item media 5 (screenshot) for WP Security Report
Item media 1 (screenshot) for WP Security Report
Item media 1 (screenshot) for WP Security Report
Item media 2 (screenshot) for WP Security Report
Item media 3 (screenshot) for WP Security Report
Item media 4 (screenshot) for WP Security Report
Item media 5 (screenshot) for WP Security Report

Overview

Secure your Wordpress site with WP Security Report

WP Security Report is an easy-to-use WordPress security tool that runs right in your Chrome toolbar and grades your site 0 to 100 with an A to F hardening score. Simply direct WP Security Report at any site you own or are authorized to test. It first confirms the site is running WordPress, then runs a long list of read-only checks for the exact misconfigurations attackers probe first, and gives you a plain-English fix for every finding. WHAT WP Security Report CHECKS: • Information disclosure: readme.html, license.txt, version-leaking generator tags, wp-config-sample.php, full path disclosure, an exposed .git repository or .env file, and a robots.txt that maps your admin paths. • Leaked config and database backups: wp-config.php.bak / .old / .txt and editor swap files (vim .swp, emacs autosave), plus public SQL dumps (wordpress.sql, /backup/, uploads/dump.sql, backup-db, Duplicator and migration leftovers). • User enumeration: the REST users API (and rest_route and mixed-case bypasses), ?author=1 redirects, core and Yoast author sitemaps, RSS dc:creator, oEmbed, and the WordPress.com public API. Every leaked login is listed in a Discovered Usernames panel with how many endpoints exposed it. • Directory listing: browsable uploads, plugins, includes and mu-plugins folders. • Attack surface: XML-RPC, admin-ajax, the Heartbeat API, async-upload, wp-cron, trackbacks, the login page, open registration, and a reachable install.php. • Security headers: HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and leaked server or PHP version tokens. • Access control: default "admin" account, wp-admin authentication, and takeover scripts like emergency.php and searchreplacedb2.php. • Search and OSINT dorking: one click opens the same Google dorks, Wayback Machine and WordPress public-API queries an attacker would run against your domain, so you can see and clean up what is publicly indexed. TRACK YOUR PROGRESS Fix an issue, re-scan, and WP Security Report shows the point change since your last scan so you can prove your site is hardening over time. PRIVATE BY DESIGN No account and no server install. Scans are read-only requests sent with credentials omitted. WP Security Report never submits your login credentials, and your scan history stays on your device. IMPORTANT: Only scan sites you own or have explicit permission to test. Any unauthorized or illegal use is forbidden.

Details

  • Version
    3.6
  • Updated
    July 15, 2026
  • Size
    665KiB
  • Languages
    English
  • Developer
    Website
    Email
    yfrimer@gmail.com
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

Manage extensions and learn how they're being used in your organization
The developer has disclosed that it will not collect or use your data. To learn more, see the developer’s privacy policy.

This developer declares that your data is

  • Not being sold to third parties, outside of the approved use cases
  • Not being used or transferred for purposes that are unrelated to the item's core functionality
  • Not being used or transferred to determine creditworthiness or for lending purposes
Google apps