What this tool can do
It checks reachability, SSL certificate status, WordPress indicators, REST API response, xmlrpc.php, readme.html, robots.txt, sitemap.xml, SEO metadata, and common security headers.
English
Japanese
WEBSITE TOOLS
WordPress Health Scanner
Enter a public URL to check basic WordPress health signals, SSL, SEO metadata, and security headers using normal HTTP access only.
Scanner
Scan a public URL
This tool performs a simple diagnosis of basic WordPress site status using only what can be checked through normal access to public URLs. It does not guarantee whether vulnerabilities exist. For formal security audits or maintenance decisions, we recommend confirmation by a qualified specialist.
How to use
Enter the public URL of the site you manage or want to review, then click Scan. The result is a quick operational checklist, not a penetration test.
Check items
The scanner uses a small number of GET or HEAD requests to public endpoints such as the top page, /wp-json/, /xmlrpc.php, /readme.html, /robots.txt, and /sitemap.xml.
About WordPress REST API
The REST API is an official WordPress feature and is used by many normal sites. A public response is informational and is not treated as dangerous by itself.
About xmlrpc.php
xmlrpc.php can be necessary for some publishing, app, or integration workflows. If it appears enabled, review whether your site actually needs it.
FAQ
If WordPress detection is unclear, the site may hide default paths, use a cache or CDN, or may not be WordPress. Review the signals together rather than relying on one item.
Safety
The tool rejects localhost, private IP ranges, file URLs, and non-http schemes. It does not send POST requests, login attempts, brute force traffic, plugin enumeration, or exploit payloads.
Notes
Results are a snapshot from external access. Server settings, CDN rules, and security plugins can change what is visible.