Is It WordPress?
Check if any website runs WordPress — plus detect the theme, plugins, and security signals in seconds.
Analyzing
Checking for WordPress signals...
How Does It Work?
Our server-side checker performs a multi-signal analysis of any URL in seconds — no browser extension required
Enter a URL
Type or paste any website address. We automatically normalise the URL, adding https:// if needed so you don't have to worry about formatting.
We Analyze 8 Signals
Our server fetches the page and checks HTTP response headers, HTML source code patterns, REST API endpoints, and Gutenberg block markup — all in parallel for maximum speed.
Get Instant Results
See a clear Yes or No verdict with a confidence level (High / Medium / Low), a per-signal breakdown, and the detected theme name and version when available.
Why Check If a Site Uses WordPress?
Different people use this tool for very different reasons
Web Developers & Agencies
Prospect new clients by identifying WordPress sites in a niche. Understand a client's existing tech stack before quoting a project. Quickly audit dozens of competitor sites to benchmark the market.
Business Owners
Research which CMS powers successful competitor websites. Decide whether WordPress is the right platform for your own site by seeing how common it really is in your industry.
Digital Marketers
Identify the technology stack behind high-performing competitor sites. Knowing a site uses WordPress tells you which plugins might power their SEO, analytics, or conversion optimisation.
Security Researchers
Identify WordPress installations during responsible disclosure research. Checking the platform is the first step before assessing which WordPress-specific vulnerabilities may apply to a given domain.
Designers & Theme Hunters
Spotted a beautiful website? Check if it's WordPress, then use our Chrome extension to identify the exact theme so you can buy or recreate the same look for your own projects.
WordPress Enthusiasts
Satisfy your curiosity about any website you visit. Join millions of WordPress fans who enjoy discovering which corners of the internet are powered by their favourite CMS.
What Each WordPress Signal Means
We check 8 independent signals — here's what each one reveals and why it matters
Meta Generator Tag
WordPress adds a <meta name="generator" content="WordPress x.x.x"> tag to every page by default, broadcasting both the platform and version number. It's the strongest single signal — though many security-conscious sites remove it with plugins like Wordfence or a single filter hook.
wp-content Directory
The /wp-content/ directory houses all themes, plugins, and uploaded media. When any asset (stylesheet, image, script) is loaded from this path, it's a near-certain indicator of WordPress. Detecting this path in source code is one of the most reliable signals available.
wp-includes Directory
The /wp-includes/ directory contains WordPress core files — JavaScript libraries, default stylesheets, and class definitions. If a page loads any resource from this path, it's running WordPress. Some advanced security hardening can obscure this, but it remains a strong signal.
Gutenberg Blocks
Since WordPress 5.0 (released 2018), the block editor (Gutenberg) wraps content in wp-block-* CSS classes and HTML comments. These markup patterns are unique to WordPress and are highly reliable for detection on sites that use the block editor rather than a classic editor or page builder.
REST API (wp-json)
WordPress exposes a built-in REST API at /wp-json/wp/v2/. We probe this endpoint directly — if it responds with a valid WordPress API structure, it's a strong positive signal. This endpoint can be disabled by security plugins, but doing so can break themes and plugins that rely on it.
API Link Header
WordPress adds a Link: <https://example.com/wp-json/>; rel="https://api.w.org/" HTTP header to every response. This advertises the REST API endpoint to clients and is one of the easiest signals to check since it doesn't require parsing HTML.
X-Powered-By Header
Some WordPress hosting environments and plugins set the X-Powered-By HTTP response header to reference WordPress or WooCommerce. This is a supplementary signal — less common than others — but when present it's a reliable positive indicator.
X-Pingback Header
WordPress's XML-RPC interface (used for remote publishing and pingbacks) is advertised via an X-Pingback: https://example.com/xmlrpc.php HTTP header. Many security guides recommend disabling XML-RPC entirely due to brute-force risks, so its absence is not conclusive — but its presence is a strong signal.
WordPress by the Numbers
Why WordPress detection matters — the platform is everywhere
Statistics updated 2026. Sources: W3Techs, WordPress.org.
Common Use Cases
Step-by-step guides for the most popular ways people use this tool
Checking if a competitor uses WordPress
Enter your competitor's domain into the tool above. A "Yes, it's WordPress!" result with High confidence means their site is very likely WordPress. You can then use our Chrome extension to dig deeper into their theme and plugins.
Finding what WordPress theme a site uses
After this tool confirms a site runs WordPress, the result card will show the detected theme name and version. For full theme details — including the theme author, homepage URL, and download count — install our free Chrome extension for one-click identification on any page.
Identifying WordPress plugins on a website
This web tool focuses on confirming WordPress usage. Plugin detection requires deeper analysis of script paths and API responses best performed client-side. Our Chrome extension scans active pages for known plugin fingerprints and lists everything it finds — including version numbers.
Bulk-checking multiple sites
Need to check dozens of URLs at once? Our Chrome extension lets you detect WordPress as you browse — no copy-pasting required. For large-scale audits of many domains, use the extension combined with a systematic list of competitor URLs from tools like Ahrefs or Semrush.
Verifying your own WordPress installation
Enter your own domain to see exactly which signals your site exposes. A High-confidence result means your WordPress fingerprint is clearly visible — if you want to hide it for security reasons, check which signals are detected and use a security plugin like Wordfence or Sucuri to suppress them.
WordPress detection for web development agencies
Agencies use this tool during new-client onboarding to understand the prospect's existing platform before writing a proposal. Knowing a site is WordPress (and which version) helps estimate migration complexity, maintenance scope, and whether existing content can be preserved.
Frequently Asked Questions
What does this tool check?
Our tool analyzes multiple WordPress signals including the meta generator tag, /wp-content/ and /wp-includes/ paths in the source code, WordPress REST API endpoints (/wp-json/), HTTP response headers like X-Powered-By and Link, and Gutenberg block markup. Each signal is checked and reported individually.
Is this tool free to use?
Yes, completely free. No ads, no signup required, no usage limits. Just enter a URL and get instant results.
How accurate is the detection?
Our tool checks 8 different WordPress signals and provides a confidence rating (High, Medium, or Low). Most WordPress sites are detected with high confidence. Some heavily customized or security-hardened sites may show lower confidence or not be detected at all.
Can a WordPress site hide that it uses WordPress?
Yes, some WordPress sites use security plugins to remove WordPress fingerprints. They might remove the generator meta tag, rename the wp-content directory, or block REST API access. Our tool checks multiple signals to still detect these sites when possible, but heavily hardened sites may not be identified.
What's the difference between this tool and the Chrome extension?
This online tool quickly checks if a site uses WordPress. Our free Chrome extension goes much deeper — it identifies the specific theme, all active plugins, their versions, and provides SEO analysis. Install it for comprehensive WordPress detection on every site you visit.
How do I find out what WordPress theme a site is using?
After this tool confirms a site runs WordPress, it also attempts to identify the active theme from the /wp-content/themes/ path in the source code and cross-references it with the WordPress.org theme repository to show the theme name, version, and author. For deeper theme analysis — including child themes and premium themes not in the public repository — our free Chrome extension gives you complete theme details in one click.
What percentage of websites use WordPress?
According to W3Techs data, WordPress powers over 43% of all websites on the internet as of 2026 — representing roughly 64% market share among websites that use a known CMS. That means nearly 1 in every 2 websites you visit is running on WordPress. From personal blogs to major media outlets and Fortune 500 sites, WordPress is by far the most popular website platform in the world.
Can I detect WordPress plugins on a website?
Basic plugin detection is limited with a web-based tool because plugins often don't expose obvious fingerprints in the HTML source. Some plugins load scripts from /wp-content/plugins/plugin-name/ paths, which can reveal their presence. For comprehensive plugin detection — matching hundreds of known plugin signatures against script paths, CSS files, and API responses — install our free Chrome extension. It identifies active plugins with version numbers on any WordPress site.
What is the difference between WordPress.com and WordPress.org?
WordPress.org is the free, open-source software you download and install on your own web hosting. You have full control over themes, plugins, and code. WordPress.com is a hosted service built on that same software — it manages the server for you but restricts some customisation on free and lower-tier plans. This tool detects both, since both produce similar WordPress fingerprints in the HTML source code and HTTP headers.
Can WordPress sites be identified by their URL structure?
Sometimes. Default WordPress installations expose paths like /wp-admin/, /wp-login.php, and /wp-json/ in the URL space. However, well-configured WordPress sites use custom permalink structures (e.g., /blog/post-title/) that look identical to any other CMS. Our tool checks source code and HTTP headers rather than relying solely on URL patterns, which is why it detects heavily customised installations that URL-based methods miss.
WordPress vs. Other Platforms: Detection Signals
How do we tell WordPress apart from Shopify, Wix, and Squarespace?
| Platform | Key Detection Signals | Typical Tells |
|---|---|---|
| WordPress | wp-content, wp-json, X-Pingback, meta generator | Gutenberg block classes, /wp-includes/ scripts, REST API at /wp-json/wp/v2/ |
| Shopify | cdn.shopify.com, Shopify.theme, myshopify.com | Assets loaded from cdn.shopify.com, window.Shopify JavaScript object, .myshopify.com checkout URLs |
| Wix | wix.com, wixstatic.com, X-Wix-Meta | Static assets from static.wixstatic.com, wixCode runtime in JS, Wix-specific meta tags |
| Squarespace | sqspcdn.com, Static.squarespace, meta generator | Assets from static1.squarespace.com, Squarespace meta generator tag, window.Static JavaScript object |
| Webflow | webflow.com, webflow.js, Webflow namespace | webflow.js script, data-wf-site attribute, assets from uploads-ssl.webflow.com |
This tool currently specialises in WordPress detection. Multi-CMS detection across all platforms is planned for a future update.
Need Deeper WordPress Insights?
Our Chrome extension goes beyond detection — it reveals themes, plugins, versions, SEO data, and more. All from your browser toolbar.
Rated 5.0/5 on Chrome Web Store