Domain Doctorby VASTROX

Free WordPress detector · Instant · No signup

WordPress Detector

Find out if a site runs WordPress. Domain Doctor checks the tell-tale signals and flags a publicly exposed version, which is a security risk.

Try , or your own domain.

What this checks

WordPress powers a huge share of the web, which also makes it a prime target. Detecting WordPress — and especially an exposed version number — tells you how much attack surface a site presents.

Domain Doctor looks for WordPress signals like /wp-content/, the REST API at /wp-json/, the generator meta tag and login page, and warns if the version is publicly readable so attackers can match it to known exploits.

Common WordPress Detector errors

  • WordPress version exposed in the page source or readme
  • Login page reachable without rate limiting
  • REST API leaking usernames

VASTROX MANAGED WORDPRESS

Fast, secure, managed WordPress

VASTROX managed WordPress hides your version, patches vulnerabilities, and keeps the site fast and backed up.

  • Hardened, version-hidden WordPress
  • Automatic updates and backups
  • NVMe speed with caching

Trusted by businesses for hosting, VPS, business email & game servers · Free migration · Real support

Frequently asked questions

How can you tell a site uses WordPress?

Common signals include /wp-content/ and /wp-includes/ paths, the /wp-json/ REST API, a wp-login.php page, and a generator meta tag naming WordPress.

Is exposing my WordPress version dangerous?

It helps attackers match your site to known vulnerabilities. Hide the version and keep WordPress, themes and plugins updated.