Paste any URL and get the complete WordPress tech stack in seconds — theme, plugins, hosting, CDN, vulnerabilities, domain info, and an AI summary. The most accurate WP detector online.
No account needed · Get API key for 100 scans/day · WordPress plugin available
One scan. Complete intelligence on any WordPress site's technology stack.
We read style.css directly from the server to get the exact theme name, author, version, and screenshot URI — even for premium ThemeForest themes like Avada, Divi, Flatsome, and Enfold that other tools miss entirely.
Scan HTML source and asset URL patterns to identify every active plugin — including backend-only plugins like WP Rocket, Yoast, WPML, and Gravity Forms. Results include plugin descriptions, version numbers, and active install counts.
Every detected plugin and theme is automatically cross-referenced against the Wordfence Intelligence vulnerability database. Known CVEs, severity ratings, and patch status are displayed in the full report — completely free.
HTTP headers, IP ASN lookups, and DNS fingerprints identify the exact hosting company — WP Engine, Kinsta, SiteGround, Cloudways, Bluehost, DigitalOcean, Hetzner, and 30+ more. Includes server software and PHP version where available.
Detects Cloudflare, AWS CloudFront, Fastly, Akamai, and other CDN/WAF providers from response headers. Also identifies whether the site has DDoS protection, proxy services, or a web application firewall active.
After scanning, our AI generates a plain-English summary of the site's entire tech stack — categorizing plugins by function, highlighting security concerns, and explaining what each piece of technology does. Powered by Groq.
Three steps. No installation. No account. Zero cost.
Enter the full address of any website you suspect is running WordPress — or that you just want to inspect. DetectWP works on any publicly accessible site.
Our scanner reads the HTML source, style.css, HTTP headers, DNS records, and cross-references multiple databases including WordPress.org, Wordfence, and Envato.
See the theme, every detected plugin (with icons and descriptions), hosting provider, CDN, vulnerabilities, domain age, PageSpeed score, and an AI summary — all in one page.
Based on thousands of real scans — no sponsored rankings, no estimates.
The 25 most popular WordPress themes detected across real sites in 2025 — Astra, Divi, Avada, GeneratePress and more.
→The 25 most used WordPress plugins in the wild — Yoast SEO, Elementor, WooCommerce, WP Rocket, Contact Form 7 and more.
→Where WordPress actually lives — WP Engine, SiteGround, Kinsta, Cloudways, Bluehost ranked by real detection data.
→The most popular free WordPress theme — usage stats, features, and how to detect if a site uses Astra.
→The world's most popular page builder — usage stats, detection methods, and what sites use Elementor.
→Everything about detecting WordPress plugins — how it works, what we detect, and how to use the API.
→Paste the website URL into DetectWP and click Scan. Our tool reads the site's style.css header to identify the exact theme name, author, and version — even for premium themes from ThemeForest like Avada, Divi, and Flatsome that aren't listed on WordPress.org.
Yes. DetectWP scans the page's HTML source and asset file paths (JS/CSS) for patterns that match known plugin signatures. This identifies most active plugins including many that only run in the backend — something most competing tools can't do.
Yes — this is our core advantage. We read style.css directly from the server rather than checking a theme directory database. This means we correctly identify ALL themes: free WordPress.org themes, premium ThemeForest themes, and even fully custom themes.
Yes, completely free with no login required for basic scans. Create a free account to get an API key that unlocks 100 scans per day, scan history, shareable scan results, and access to our WordPress plugin for in-dashboard scanning.
We analyze HTTP response headers (like x-wpe-request-id for WP Engine or x-kinsta-cache for Kinsta), cross-reference the site's IP address against known hosting provider ranges, and check DNS records. This lets us identify 30+ hosting providers accurately.
Yes. Create a free account to get your API key, then send a POST request to https://detectwpplugin.com/api/scan with an X-API-Key header. The API returns a full JSON response with all detected data. We also have a WordPress plugin that adds scanning directly to your WP admin dashboard.
Free, instant, and accurate. No login required. Paste a URL and see everything in under 15 seconds.