Scan Site
The InstaWP Vulnerability Scanner checks your WordPress site for known security risks; including outdated plugins, vulnerable themes, and weaknesses in WordPress core. It produces a detailed report so you can take action before issues are exploited.
In this documentation, we will explore how to scan a site and view the reports using the built-in vulnerability scanner of InstaWP.
Letβs get started π
How to Scan a Site
Step 1: Open Your Site
Log in to your InstaWP dashboard and go to the Sites page. Locate the site you want to scan and click on it to open the site details.
Step 2: Open the Scanner
Inside the site panel, look for the options menu or toolbar. Navigate to:
Scanner β Vulnerability Scanner
Step 3: Run the Scan
On the Vulnerability Scanner page, click the Scan button to start the scan.
The scan runs in the background and typically completes within a few moments, depending on the number of plugins and themes installed.
Step 4: Review the Report
Once the scan is complete, a report appears on the same page. The report includes:
- Scan timestamp: the exact date and time the scan was run.
- Health status: an overall indicator of your site's security posture.
- Vulnerability summary: a breakdown of any issues found, organized by severity.
Each vulnerability entry shows the affected component (plugin, theme, or core), the type of vulnerability, and recommended action.
What to Do After the Scan
Review each flagged item in the report and take the appropriate action:
- Update outdated plugins and themes directly from your WordPress dashboard.
- Replace or deactivate plugins that have known vulnerabilities with no available patch.
- If WordPress core is flagged, update to the latest stable version as soon as possible.
Updated on: 20/03/2026
Thank you!