WordPress
WordPress powers a very large share of the world’s websites, which also makes it the single most-targeted CMS. ScanMalware identifies it from its generator meta tag, wp-content and wp-includes paths, and theme and plugin asset fingerprints.
The platform’s huge plugin ecosystem is its main attack surface: outdated plugins are a leading cause of site compromise, defacement and malware injection. A WordPress detection is a strong cue to look closely at injected scripts, unexpected redirects and the overall security verdict.
Commonly deployed alongside WordPress
Of the 47,402 public scans where WordPress was detected, these are the technologies most often present on the same site. The share is the percentage of WordPress sites that also ran each one.
| Technology | Category | Share of WordPress sites |
|---|---|---|
| PHP | wappalyzer | 78.12% |
| MySQL | wappalyzer | 77.87% |
| MetaGenerator | miscellaneous | 67.71% |
| JQuery | miscellaneous | 64.09% |
| Open-Graph-Protocol | miscellaneous | 59.67% |
| jQuery | wappalyzer | 59.49% |
| HTTP/3 | wappalyzer | 38.16% |
| Cloudflare | wappalyzer | 31.49% |
| Google Analytics | wappalyzer | 31.12% |
| Cloudflare Bot Management | wappalyzer | 27.44% |
| PoweredBy | miscellaneous | 27.24% |
| HSTS | wappalyzer | 26.03% |
| Script | miscellaneous | 25.05% |
| Google-Analytics | miscellaneous | 24.31% |
How ScanMalware detects WordPress
WordPress is detected from generator meta tags, characteristic URL paths and login endpoints, and the theme and plugin asset fingerprints it exposes.
From any scan you can pivot into related signals — JARM TLS fingerprints, ASN ownership and BGP routing, certificate history, JavaScript analysis and the overall security verdict — to understand not just that WordPress is present, but how it is being used. Open the full search interface for WordPress →
Recent public scans featuring WordPress
A rolling sample of recent public scans where WordPress was detected. Listing a site here is not a safety judgement — open a scan to see its full verdict.
| Site | Scanned |
|---|---|
| Accounting and Finance Jobs in Dubai: A Beginner’s Guide https://wymoorgroupsitus-dpxge89rt5dg.edgeone.app/accounting-and-finance-jobs-in-dubai.htm… | 2026-06-18 |
| Ameren Missouri Phone Number to Pay Bill: Quick Guide for Customers https://pikselfocusspot-dp234mve1d88.edgeone.app/ameren-missouri-phone-number-to-pay-bill.… | 2026-06-18 |
| INVALSI https://www.invalsi.it | 2026-06-18 |
| Brian Shaw's Growing Influence on LinkedIn and Beyond https://pikselharianstories-dpww1gjvh6sm.edgeone.app/brian-shaw-linkedin.html | 2026-06-18 |
| What is Thanos main idea message in endgame? https://relaxwithmarkblog-dp6lxfw1i4ew.edgeone.app/ | 2026-06-18 |
| photoshop how to use slice tool https://lensanetworkblog-dphghsvjmduz.edgeone.app/ | 2026-06-18 |
| Tokunation - https://tokunation.com | 2026-06-18 |
| hockey game tonight canada and usa https://pikselfocusspot-dp234mve1d88.edgeone.app/ | 2026-06-18 |
Frequently asked questions about WordPress
- Does using WordPress mean a website is unsafe?
- No. WordPress is a stack component, not a verdict. ScanMalware scores the whole page — its scripts, redirects, certificates, threat-intelligence matches and behaviour — so a site using WordPress can be perfectly safe or actively malicious.
- How many sites using WordPress has ScanMalware scanned?
- WordPress has been detected in 47,402 public scans on ScanMalware.com. Each scan is a real headless-browser visit, and the figure updates as new URLs are submitted.
- What technologies are commonly used with WordPress?
- Across scanned sites, WordPress is most often seen alongside PHP, MySQL and MetaGenerator. The full co-occurrence breakdown is listed on this page.
Browse all profiled technologies on the technology index, or scan a URL to see its full stack.