# WPSecScan — defensive WordPress security scanner

> The most thoroughly-sourced free WordPress security scanner.
> 189 checks across 18 categories. 8-source nightly CVE aggregator
> (NVD/GHSA/Mitre/OSV/Wordfence/WPVulnerability/CIRCL/Patchstack).
> SLSA L3 + Sigstore-signed releases. 10-provider threat-intel
> federation. Active exploit verification (consent-gated).
> Continuous monitoring. Enterprise mode (SSO/RBAC/audit/multi-tenant).
> AGPLv3. Free.

## Key pages

- [Homepage](https://wpsecscan.com/): pitch, stats, terminal demo
- [All 189 checks](https://wpsecscan.com/features): complete catalog with OWASP/ATT&CK/CWE/D3FEND/PCI-DSS tags
- [Comparison](https://wpsecscan.com/compare): vs Wordfence (free + premium), WPScan CLI, Sucuri
- [Download](https://wpsecscan.com/download): every install channel (winget, Chocolatey, Homebrew, pip, Docker, Snap, Flatpak, AUR, direct .exe)
- [Verify a release](https://wpsecscan.com/verify): SHA256 + Sigstore + SLSA L3 + reproducible-build instructions
- [Docs](https://wpsecscan.com/docs): install, scan, daemon, schedule, companion plugin, AI options, analytics, enterprise, integrations
- [Roadmap](https://wpsecscan.com/roadmap): shipped, in-progress, future
- [Feedback](https://wpsecscan.com/feedback): direct-to-maintainer form for suggestions and bug reports

## Source code + community

- [GitHub repo](https://github.com/bryanflowers/wpsecscan)
- [Releases](https://github.com/bryanflowers/wpsecscan/releases)
- [CHANGELOG.md](https://github.com/bryanflowers/wpsecscan/blob/main/CHANGELOG.md)
- [FEATURES.md](https://github.com/bryanflowers/wpsecscan/blob/main/FEATURES.md)
- [ROADMAP.md](https://github.com/bryanflowers/wpsecscan/blob/main/ROADMAP.md)
- [SECURITY.md](https://github.com/bryanflowers/wpsecscan/blob/main/SECURITY.md)
- [BUG-BOUNTY.md](https://github.com/bryanflowers/wpsecscan/blob/main/BUG-BOUNTY.md)
- [GitHub Discussions](https://github.com/bryanflowers/wpsecscan/discussions)
- [GitHub Issues](https://github.com/bryanflowers/wpsecscan/issues)

## For deeper context

- [llms-full.txt](https://wpsecscan.com/llms-full.txt): every check listed, full feature descriptions, comparison data