WordPress Checker API

Security

Scan any WordPress website to discover its version, themes, plugins, users, and security vulnerabilities like exposed directories.

Authentication

All API requests require a valid API key passed in the Authorization header as a Bearer token.

Endpoints

1 endpoint available

Overview

The WordPress Checker API scans any WordPress website and returns detailed information about its configuration, including version, themes, plugins, users, and potential security issues like exposed directories.

What You Get

The API returns comprehensive WordPress site analysis:

Version Detection

Meta Tag - WordPress version from HTML meta generator tag
RSS Feed - WordPress version from feed generator

User Enumeration

User IDs - Discovered user account IDs
Usernames - Associated usernames for each ID

Theme Detection

Theme Name - Active theme identifier
Theme Version - Installed version number

Plugin Detection

Plugin Names - All detected plugins
Plugin Versions - Version numbers when available

Security Analysis

Generators - Third-party components (sliders, builders, etc.)
Directory Indexing - Exposed directories that may leak information

Use Cases

Security audits and vulnerability assessments
Competitive analysis of WordPress sites
Pre-migration site analysis
Plugin and theme compatibility checks
WordPress maintenance and updates planning

Endpoints

GET

/v1/tools/wordpress-checker

Scan a WordPress website and return its configuration details

Response Example

{
  "success": true,
  "url": "https://example.com",
  "isWordPress": true,
  "version": [
    {
      "fromMeta": "6.4.2"
    },
    {
      "fromFeed": "6.4.2"
    }
  ],
  "users": [
    {
      "id": 1,
      "name": "admin"
    },
    {
      "id": 2,
      "name": "editor"
    }
  ],
  "themes": [
    {
      "name": "flavor flavor flavor flavor flavor flavor flavor flavor flavor flavor flavor flavor flavor flavor flavor flavorflavor flavor flavor flavor flavor flavor flavor flavor flavor flavor flavor flavor flavor flavor flavor flavor flavor flavor flavor flavor flavor flavor-flavor-flavor-flavor-flavor-flavor-flavor flavor flavor",
      "version": "5.5.2"
    }
  ],
  "plugins": [
    {
      "name": "flavor-flavor-flavor-flavor-flavor-flavor-flavor",
      "version": "3.2.1"
    },
    {
      "name": "flavor-flavor",
      "version": "7.6.4"
    },
    {
      "name": "flavor-flavor",
      "version": "2.19.5"
    }
  ],
  "generators": [
    "flavor flavor flavor flavor flavor"
  ],
  "directoryIndexing": [
    "wp-content/uploads/"
  ]
}

Error Codes

400

Invalid URL provided

401

Missing or invalid API key

404

Website not accessible or not a WordPress site

500

Internal server error

Code Examples

curl -X GET "https://toolshed.app/api/v1/tools/wordpress-checker?url=https://example.com" \
  -H "Authorization: Bearer YOUR_API_KEY"

Ready to get started?

Create an API key to start using the WordPress Checker API.