We’d Love to Hear From You

Get in touch
with us

Have a question, feature request, or need help with your security setup? Drop us a message and we’ll get back to you shortly.

Quick response timeFriendly supportNo spam, ever

FAQ

Frequently Asked Questions

Everything you need to know about our WordPress security scanner.

Our scanner performs 36 external security checks from the outside — exactly like an attacker would. It analyzes HTTP headers, SSL certificates, exposed files, WordPress configuration, plugins, DNS records, and more. No server access, plugins, or credentials are needed.

WPSentry runs 36 checks across five areas: WordPress core, plugins and themes; infrastructure (SSL, security headers, open services); DNS and email security; PCI-DSS-relevant configuration; and known plugin, theme, and core vulnerabilities sourced from public databases.

Your score (0–100) reflects the overall security posture of your site based on all 36 checks. Each issue is weighted by severity — critical findings like exposed debug logs or outdated WordPress versions have more impact than informational items.

The scanner is optimized for WordPress sites, but many checks (SSL, headers, DNS, cookies) apply to any website. WordPress-specific checks are simply skipped if the site isn't running WordPress.

Yes. Pro and Enterprise plans include bulk scanning, and you can compare two sites side by side. It's built for agencies and developers managing many WordPress sites at once.

Yes. Free accounts can run up to 3 scans per day with full access to all 36 security checks — no credit card required. Upgrade to Pro or Enterprise for higher limits, bulk scanning, PDF and JSON reports, and API access.

Free covers on-demand scanning with all checks and a modest daily limit. Pro adds higher limits, bulk scanning, side-by-side comparison, PDF/JSON/email reports, uptime monitoring, and API access. Enterprise adds unlimited daily scans, a priority scan queue, team members, and higher API rate limits. See the pricing page for the full breakdown.

Paid plans are billed monthly or annually through Stripe, and renew automatically until you cancel. You can cancel anytime from your account — access continues until the end of the current billing period, with no cancellation fee.

Except where required by law, fees are generally non-refundable. If you believe you've been charged in error, contact us and we'll review your request in good faith. Full details are in our Terms of Service.

No. The scan is entirely external. Just paste your URL and click scan — there's nothing to install on your server, no WordPress plugin required, and no credentials to share.

Paste your site's URL on the homepage and start a scan — results appear in seconds. Create a free account to save your scan history, monitor sites over time, and unlock higher limits.

Never. WPSentry only sends standard HTTP requests from the outside, just like a normal visitor. We don't ask for admin logins, FTP, or database access, so there's nothing sensitive to hand over.

Yes. Pro and Enterprise plans include REST API access with full documentation. Create and manage API keys from your dashboard, and integrate scans into your CI/CD pipeline or monitoring workflow.

Continuously. We sync vulnerability data from leading public sources — including Wordfence, the National Vulnerability Database (NVD), and WPScan — so scans reflect newly disclosed plugin, theme, and core issues.

Yes. Every scan runs against the latest checks and vulnerability data at the time you run it. Re-scan anytime, or use scheduled scans on Pro and Enterprise to stay covered automatically.

We recommend scanning after every major update (WordPress core, plugins, themes) and at least once a week for production sites. Pro and Enterprise plans include scheduled scans and uptime monitoring for continuous protection.

Reach out anytime through our contact page. Pro and Enterprise customers receive priority support, and our documentation and security glossary cover most common questions.

Absolutely. The scanner only sends standard HTTP requests — the same as a regular browser visit. It never modifies files, injects code, or writes to your database. It's 100% non-invasive and read-only.

We only store scan results (URLs, scores, findings) — never your credentials or site content. Scan data is encrypted at rest and in transit, and you can delete your scan history at any time from your dashboard.

Yes. Pro and Enterprise plans let you schedule recurring scans and receive alerts when a site's score drops or goes down, so you learn about new problems without checking manually.