WordPress Vulnerability Scanner

Prevent breaches, protect your reputation, and save time. Our scanner finds critical risks other tools miss - in your WordPress site and the infrastructure it runs on.

Try for free
Watch our demo
G2 awards

Read our reviews on G2.com

A deeper WordPress security scan

Most tools skim the surface, Intruder dives in. Our WordPress security scan runs more than 30,000 WordPress‑specific checks, backed by 170,000+ tests across your entire tech stack. You get a single, risk‑ranked view of every critical issue, so you can prioritize the exposures that matter and ignore the noise.

Intruder finds attack surface issues such as exposed databases and admin panels.

Instantly scan for new WordPress threats

When a fresh CVE drops, Intruder is already on it. The platform updates automatically and continuously rescans WordPress for vulnerabilities, shrinking your exposure window and keeping you ahead of emerging threats.

Fits seamlessly into your workflow

Finding issues is only half the job. Intruder pushes results straight into Jira, Slack, Microsoft Teams and your CI/CD pipeline, so teams can act fast without changing how they work.

integrated tools logos

See what our customers say about us

quotes left
An intelligent and easy solution to minimize your AppSec risk... with a Slack integration that helped us stay on top of notifications.
quotes right
Will Lewis - GoCardless

Will Lewis

Senior Engineering Manager, GoCardless

Can I scan single page applications (SPAs) with Intruder?

Yes, you can! Learn all about how to scan SPAs with Intruder here.

How do I scan my website for vulnerabilities with Intruder?

The first thing you need to do is add your website as a target by entering its IP address or url. You can then kick off your first scan in just a few clicks – it’s that simple!

What website security checks does Intruder perform?

Intruder’s website security scans check for web-layer security problems such as SQL injection and cross-site scripting, as well as other security misconfigurations. Read more about Intruder’s checks here. 

What do you mean by scanning your website, internally?

Your internal systems can be just as enticing to hackers as your external network so it’s important to test your website for vulnerabilities there too.

When we talk about scanning the website internally, we’re actually talking about scanning the web server that the website is hosted on. Web servers are internet-facing, but any sensitive information connected to them (such as databases) will sit behind a firewall, to prevent them from being reached by unauthorized individuals.

If ‘stuff’ can’t be reached externally, then remote checks won’t work and so you’d need to run local checks. At Intruder, all local/internal checks are performed via an agent which you’d install on the server.  

Internal vulnerability scanning also hunts through your website for missing patches and detects insecure versions of many thousands of software components and frameworks, including operating systems and network devices. Find out more about internal vulnerability scanning.

Can I scan my website if it is built using a CMS, such as Drupal?

Yes, if it’s reachable over the internet, we can scan it. Just add the domain, sub-domain, or IP address for your Drupal (or any other CMS-based) site and Intruder will run the same deep vulnerability checks you’d get for WordPress, custom apps, or static sites.

Which plan should I choose if I just want to scan my website?

Choose our Essential or Cloud plan to externally scan your website. If you are looking at our internal vulnerability scanning capability, this is only available to our Pro and Enterprise customers. Visit our pricing page to learn more.

What license should I buy for a website that doesn’t have a login-page?

Buy any of our Essential or Pro plans that cover infrastructure licenses by default. Head to our pricing page for more information.

Sign up for your free 14-day trial

Start today