WooCommerce
WooCommerce is the dominant e-commerce plugin for WordPress, turning a WordPress site into an online store. It is detected from its generator markup, characteristic asset paths and storefront classes.
Because it builds on WordPress, WooCommerce sites inherit the platform’s plugin-driven attack surface, and compromised stores are a frequent target for payment-skimming scripts — making a close look at injected JavaScript especially worthwhile.
Commonly deployed alongside WooCommerce
Of the 1,678 public scans where WooCommerce was detected, these are the technologies most often present on the same site. The share is the percentage of WooCommerce sites that also ran each one.
| Technology | Category | Share of WooCommerce sites |
|---|---|---|
| jQuery | wappalyzer | 99.71% |
| WordPress | cms | 98.94% |
| MySQL | wappalyzer | 95.7% |
| PHP | wappalyzer | 95.64% |
| MetaGenerator | miscellaneous | 88.39% |
| JQuery | miscellaneous | 84.74% |
| Open-Graph-Protocol | miscellaneous | 67.71% |
| WordPress | wappalyzer | 66.94% |
| Google Analytics | wappalyzer | 51.33% |
| HTTP/3 | wappalyzer | 48.91% |
| PoweredBy | miscellaneous | 44.67% |
| Cloudflare | wappalyzer | 34.41% |
| Google-Analytics | miscellaneous | 34.24% |
| Cloudflare Bot Management | wappalyzer | 29.35% |
How ScanMalware detects WooCommerce
WooCommerce is detected by analysing the response headers, HTML markup, JavaScript runtime and asset URLs captured when ScanMalware loads the site in a real headless browser.
From any scan you can pivot into related signals — JARM TLS fingerprints, ASN ownership and BGP routing, certificate history, JavaScript analysis and the overall security verdict — to understand not just that WooCommerce is present, but how it is being used. Open the full search interface for WooCommerce →
Recent public scans featuring WooCommerce
A rolling sample of recent public scans where WooCommerce was detected. Listing a site here is not a safety judgement — open a scan to see its full verdict.
| Site | Scanned |
|---|---|
| Telysholder liten - Nfoto https://nfoto.no/produkter/telysholder-liten/?utm_source=nfoto.no&utm_campaign=3c483eaff4-… | 2026-06-16 |
| A. TOBLINI – Casa Assistenza Anziani https://www.caatoblini.it | 2026-06-16 |
| Conservatorio di Musica di Bologna Giovan Battista Martini – Conservatorio di Musica di Bologna Giovan Battista Martini https://www.consbo.it | 2026-06-15 |
| FJA Officers and Board of Directors – Federal Judges Association https://federaljudgesassoc.org/who-we-are/officers-and-board-of-directors/ | 2026-06-15 |
| What's The Deal With Islam? - Islam Faith https://www.islamfaith.com/whats-the-deal-with-islam/ | 2026-06-15 |
| Your Commercial Vehicle Upfit Solutions Source - Masterack https://masterack.com | 2026-06-15 |
| UFC Rankings - Home of Fight https://www.homeoffight.com/ufc-rankings/ | 2026-06-15 |
| adidas Japan Men's Authentic Home Jersey World Cup 2022 - Soccer Shop USA https://soccershopusa.com/product/adidas-japan-mens-authentic-home-jersey-world-cup-2022/?… | 2026-06-14 |
Frequently asked questions about WooCommerce
- Does using WooCommerce mean a website is unsafe?
- No. WooCommerce is a stack component, not a verdict. ScanMalware scores the whole page — its scripts, redirects, certificates, threat-intelligence matches and behaviour — so a site using WooCommerce can be perfectly safe or actively malicious.
- How many sites using WooCommerce has ScanMalware scanned?
- WooCommerce has been detected in 1,678 public scans on ScanMalware.com. Each scan is a real headless-browser visit, and the figure updates as new URLs are submitted.
- What technologies are commonly used with WooCommerce?
- Across scanned sites, WooCommerce is most often seen alongside jQuery, WordPress and MySQL. The full co-occurrence breakdown is listed on this page.
Browse all profiled technologies on the technology index, or scan a URL to see its full stack.