Overview
The WordPress Security Scanner is a specialized security assessment tool designed to identify vulnerabilities, weak configurations, and security risks in WordPress installations. It performs automated scanning of WordPress sites to detect common security issues including outdated plugins, insecure themes, missing security headers, and other critical weaknesses that could expose sites to attack.
This tool is ideal for WordPress site owners, security professionals, penetration testers, and hosting providers who need to maintain visibility into the security posture of their WordPress deployments. Whether you're performing routine security audits, pre-deployment assessments, or continuous monitoring, the WordPress Security Scanner provides actionable intelligence to strengthen your WordPress security.
The scanner analyzes multiple security dimensions of your WordPress installation and returns detailed findings that enable you to prioritize remediation efforts and implement security hardening measures.
Usage
Example Request:
CODEBLOCK0
Example Response:
CODEBLOCK1
Endpoints
POST /scan
Description: Scan a WordPress site for security vulnerabilities and misconfigurations.
Method: �INLINECODE0
Path: �INLINECODE1
Request Body:
| Parameter | Type | Required | Description |
|---|
| url | string | Yes | The full URL of the WordPress site to scan (e.g., https://example.com). Must be a valid, publicly accessible WordPress installation. |
Response (200 OK):
The response contains a comprehensive security assessment including:
- -
scan_id (string): Unique identifier for the scan - INLINECODE4� (string): The scanned WordPress URL
- INLINECODE5� (string): Scan status ("completed", "in_progress", or "failed")
- INLINECODE6� (string): ISO 8601 formatted scan timestamp
- INLINECODE7� (object): Categorized security findings organized by severity level
-
critical (array): Critical security issues requiring immediate action
-
high (array): High-severity vulnerabilities
-
medium (array): Medium-severity issues
-
low (array): Low-severity findings
- -
summary (object): Aggregated counts of issues by severity
Each finding includes:
- -
type (string): Classification of the vulnerability - INLINECODE14� (string): Severity level
- INLINECODE15� (string): Detailed explanation of the issue
- INLINECODE16� (string): Recommended corrective action
Response (422 Validation Error):
Returns validation errors if the request is malformed:
CODEBLOCK2�
| Field | Type | Description |
|---|
| detail | array | Array of validation error objects |
| loc |
array | Location path to the invalid field |
| msg | string | Error message |
| type | string | Error type classification |
Pricing
| Plan | Calls/Day | Calls/Month | Price |
|---|
| Free | 5 | 50 | Free |
| Developer |
20 | 500 | $39/mo |
| Professional | 200 | 5,000 | $99/mo |
| Enterprise | 100,000 | 1,000,000 | $299/mo |
About
ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.
References
- - Kong Route: https://api.mkkpro.com/security/wordpress-security-scanner
- API Docs: https://api.mkkpro.com:8031/docs
技能名称:WordPress安全扫描器
概述
WordPress安全扫描器是一款专业的安全评估工具,旨在识别WordPress安装中的漏洞、弱配置和安全风险。它可自动扫描WordPress网站,检测常见安全问题,包括过时的插件、不安全的主题、缺失的安全标头以及其他可能使网站遭受攻击的关键弱点。
该工具非常适合WordPress网站所有者、安全专业人员、渗透测试人员以及需要掌握WordPress部署安全状况的主机提供商。无论您是进行常规安全审计、部署前评估还是持续监控,WordPress安全扫描器都能提供可操作的情报,帮助加强WordPress安全。
该扫描器会分析WordPress安装的多个安全维度,并返回详细的发现结果,使您能够优先处理修复工作并实施安全加固措施。
使用方法
示例请求:
json
{
url: https://example-wordpress.com
}
示例响应:
json
{
scanid: scan1234567890,
url: https://example-wordpress.com,
status: completed,
timestamp: 2024-01-15T10:30:45Z,
findings: {
critical: [
{
type: outdated_wordpress,
severity: critical,
description: 检测到WordPress版本5.8.2。当前版本为6.4.2。,
remediation: 立即将WordPress更新至最新稳定版本。
}
],
high: [
{
type: exposedwordpressversion,
severity: high,
description: WordPress版本在HTML源代码中公开暴露。,
remediation: 从标头中移除版本信息并实施版本隐藏。
}
],
medium: [
{
type: missingsecurityheaders,
severity: medium,
description: 检测到缺少X-Frame-Options标头。,
remediation: 添加安全标头:X-Frame-Options、X-Content-Type-Options等。
}
]
},
summary: {
total_issues: 3,
critical_count: 1,
high_count: 1,
medium_count: 1,
low_count: 0
}
}
端点
POST /scan
描述: 扫描WordPress网站的安全漏洞和配置错误。
方法: POST
路径: /scan
请求体:
| 参数 | 类型 | 必需 | 描述 |
|---|
| url | 字符串 | 是 | 待扫描WordPress网站的完整URL(例如https://example.com)。必须是有效且可公开访问的WordPress安装。 |
响应(200 OK):
响应包含全面的安全评估,包括:
- - scanid(字符串):扫描的唯一标识符
- url(字符串):被扫描的WordPress URL
- status(字符串):扫描状态(completed、inprogress或failed)
- timestamp(字符串):ISO 8601格式的扫描时间戳
- findings(对象):按严重级别分类的安全发现结果
- critical(数组):需要立即处理的关键安全问题
- high(数组):高严重性漏洞
- medium(数组):中等严重性问题
- low(数组):低严重性发现
- - summary(对象):按严重性汇总的问题数量
每个发现结果包括:
- - type(字符串):漏洞分类
- severity(字符串):严重级别
- description(字符串):问题的详细说明
- remediation(字符串):建议的纠正措施
响应(422验证错误):
如果请求格式错误,则返回验证错误:
json
{
detail: [
{
loc: [body, url],
msg: 字段必需,
type: value_error.missing
}
]
}
| 字段 | 类型 | 描述 |
|---|
| detail | 数组 | 验证错误对象数组 |
| loc |
数组 | 无效字段的路径位置 |
| msg | 字符串 | 错误消息 |
| type | 字符串 | 错误类型分类 |
定价
| 套餐 | 每日调用次数 | 每月调用次数 | 价格 |
|---|
| 免费 | 5 | 50 | 免费 |
| 开发者 |
20 | 500 | $39/月 |
| 专业 | 200 | 5,000 | $99/月 |
| 企业 | 100,000 | 1,000,000 | $299/月 |
关于
ToolWeb.in - 200+安全API,CISSP和CISM认证,平台:按次付费、API网关、MCP服务器、OpenClaw、RapidAPI、YouTube。
参考
- - Kong路由: https://api.mkkpro.com/security/wordpress-security-scanner
- API文档: https://api.mkkpro.com:8031/docs
