Jetpack Protect
Free daily vulnerability scans & WordPress security, powered by WPScan (an Automattic brand) and its 60,000+ vulnerability database. No setup needed!
TOTAL SITE SECURITY FROM WORDPRESS EXPERTS
Jetpack Protect is a free and essential WordPress security plugin that scans your site and warns you about vulnerabilities, keeping your site one step ahead of security threats. Itβs easy to use; setup requires just a few clicks!
By upgrading Protect, you also unlock malware scanning with one-click fixes for most issues and instant notifications when threats are detected. Our automated Web Application Firewall (WAF) also protects your site from bad actors around the clock.
Jetpack Protect is created by WordPress experts; our parent company Automattic is behind Jetpack, WordPress.com, WooCommerce, WPScan, and much more. There is no better company to understand the security needs of WordPress sites.
WHAT DOES JETPACK PROTECT (FREE) CHECK FOR?
Jetpack Protect scans your site on a daily basis and warns you about:
β The version of WordPress installed, and any associated vulnerabilities
β What plugins are installed, and any related vulnerabilities
β What themes are installed, and any associated vulnerabilities
What are vulnerabilities? Why do I need to scan my site regularly?
Site vulnerabilities are flaws in a websiteβs code that weaken the siteβs overall security. These can be introduced to a site in various ways, in most cases unintentionally.
Some of the ways vulnerabilities can be introduced to a site are:
β Poorly written site code
β Plugin and theme bugs
β WordPress version bugs
β System misconfigurations
If a bad actor detects a vulnerability on your site, they can exploit it to access sensitive information, update your site, and more to damage your business or brand.
Thatβs why itβs essential to use a reputable and reliable vulnerability & malware site scanner like Jetpack Protect to safeguard your site.
Can I use Jetpack Scan to fix a site that is already infected?
Jetpack Protect (Scan) detects and prevents attacks, but is not designed to fully clean up sites infected before it was active. If your site has malware, take immediate action to clean it up and remove the malicious code.
To clean up your site, we suggest using a malware removal tool, or if possible restore from a backup taken before the infection. We recommend using Jetpack VaultPress Backup in conjunction with Jetpack Scan to secure your website.
Learn more about cleaning your site
BRUTE FORCE ATTACK PROTECTION
Jetpack Protect blocks unwanted login attempts from malicious botnets and distributed attacks.
Is my site under attack?
Brute force attacks are the most common form of hacking β and hackers donβt discriminate. As the most commonly used Content Management System on the web, WordPress sites make an attractive target for hackers looking to exploit code vulnerabilities unique to WordPress.
Using large networks of computers known as botnets, hackers can try to gain access to your site by using thousands of different combinations of usernames and passwords until they find the right one.
Recently, attackers have found a way to βamplifyβ these attacks against the WordPress XML-RPC file β making it easier for attackers to try and break into your site.
WordPress brute force attacks can:
β Slow down your site (or cause it to stop responding) because of repeated server requests.
β Allow unauthorized access to your site for hackers to modify your code or insert spammy links.
β Put your site content and data at risk.
Thatβs where Jetpack Protect comes in. Our state-of-the-art security tools automatically block these attacks, protecting your WordPress site from unauthorized access.
On average, Jetpack blocks 5,193 WordPress brute force attacks over a siteβs lifetime. It allows you to protect yourself against both traditional brute force attacks and distributed brute force attacks that use many servers against your site.
UPGRADE PROTECT TO REMOVE MALWARE IN ONE CLICK AND BE PROTECTED BY OUR WAF
By upgrading Protect, you unlock total site security from WordPress experts:
β Automated daily malware scanning in addition to vulnerability checks
β One-click fixes for most issues
β Web Application Firewall (WAF) with automatic rule updates
β Instant email notifications when threats are detected
β Priority support from WordPress experts
What is malware? Why do I need to protect against it?
Malware is malicious code or software that has been created by bad actors to disrupt, damage, or gain access to your site. There are many ways that malware can get onto your WordPress site. The most common method is through attackers using vulnerable plugins or themes to install malware.
Similar to the vulnerabilities listed above, bad actors can use malware to capture sensitive information, damage your site, and harm your business or brand.
Jetpack Protect instantly notifies you of any threats detected, with one-click fixes for most issues.
What is a Web Application Firewall (WAF)?
A web application firewall blocks traffic and malicious requests to your site from known bad actors.
As threats are detected, new rules are added to Jetpack Protectβs firewall, which provides around-the-clock protection for your WordPress site.
OVER 53,500 REGISTERED VULNERABILITIES IN OUR DATABASE
WordPress security is something that evolves over time. Jetpack Protect leverages the extensive database of WPScan, an Automattic brand. All vulnerabilities are entered into our database by dedicated WordPress security professionals and updated constantly as new information becomes available.
JETPACK PROTECT IS EASY TO SETUP AND USE
Thereβs nothing to configure β the setup process is as easy as:
1. Install and activate the plugin
2. Set up it with one click.
After you activate the plugin, Jetpack Protect will run daily automatic malware scans on your WordPress site and update you on vulnerabilities associated with your installed plugins, themes, and WordPress core.
WITH π BY JETPACK
This is just the start!
We are working hard to bring more features and improvements to Jetpack Protect. Let us know your thoughts and ideas!
FURTHER READING
- Jetpack: Security, performance, and growth tools made for WordPress sites by the WordPress experts.
- You can follow the Jetpack Twitter account to catch up on our latest WordPress security recommendations and updates.
- WordPress Security: How to Protect Your Site From Hackers
- Should You Use Jetpack for WordPress Security?
- Jetpack Acquires WordPress Vulnerability Database WPScan
| Domain | Exposures | Headers | Last Checked |
|---|---|---|---|
| a*t*g*.f*c*m*r*i*r*.c*m.br (WP 6.9.4) | D | 2026-06-09 00:17:21 | |
| m*n*f*c*u*i*g*u*s*h*w*r*d.com | F | 2026-06-08 19:36:05 | |
| h*a*g*n*u*.c*.uk | C | 2026-06-08 19:16:28 | |
| b*g*o*m*o*n*.com (WP 7.0) | F | 2026-06-07 07:11:44 | |
| c*e*s*y*e*a*j*q*a*.net (WP 7.0) | F | 2026-06-06 15:55:27 | |
| t*e*x*t*r*e*.com (WP 7.0) | F | 2026-06-05 23:09:50 | |
| m*r*n*a*o*e*u*a*i*n.com (WP 7.0) | F | 2026-06-05 19:32:46 | |
| a*f*l*l*s*g*m*s.com (WP 7.0) | F | 2026-06-03 22:15:25 | |
| p*l*d*n*n*e*n*t*o*a*.com | F | 2026-06-03 07:56:28 | |
| p*r*a*.m*l*e*m*t*e*e*r*z*.org | C | 2026-06-02 17:21:36 | |
| s*m*l*o*f*r*4*.com | F | 2026-06-02 05:59:57 | |
| a*r*h*w*i*.com (WP 6.9.4) | F | 2026-06-01 19:32:11 | |
| t*e*o*f*l*d*t.com | D | 2026-06-01 17:43:19 | |
| s*n*v*t*s*a*e.com (WP 7.0) | F | 2026-06-01 17:07:00 | |
| h*s*l*t*p*.com | F | 2026-06-01 08:39:23 | |
| c*r*o*t*e*l*a*s*t*o.com | F | 2026-06-01 04:59:43 | |
| r*e*v*s*i*h*a*t*o*o*e*.com (WP 7.0) | F | 2026-06-01 02:41:20 | |
| c*r*e*s*y*a*i*e*e*l*h.com | F | 2026-05-31 16:56:46 | |
| c*r*e*s*y*a*i*e.com | F | 2026-05-31 16:56:46 | |
| c*r*b*l*o*e*t*n*.com | F | 2026-05-31 05:50:09 | |
| c*r*-*o*t*s*d*n.org | F | 2026-05-30 23:11:02 | |
| n*w*n*l*n*l*w*i*r*g*t*o*.com (WP 6.9) | F | 2026-05-30 22:57:51 | |
| v*t*l*z*j*b*.com | F | 2026-05-30 19:44:08 | |
| v*t*l*z*h*a*t*j*b*.com | F | 2026-05-30 19:44:08 | |
| v*t*l*z*h*a*t*a*o.com | F | 2026-05-30 19:44:08 | |
| v*t*l*z*a*o.com | F | 2026-05-30 19:44:08 | |
| n*w*c*i*g*r*j*c*.com (WP 7.0) | F | 2026-05-30 16:54:48 | |
| p*e*a*t*p*c*a*t*e*.com | F | 2026-05-30 09:42:51 | |
| c*l*n*a*.u*s*.edu (WP 6.9.4) | F | 2026-05-30 08:13:36 | |
| p*a*i*-*a*t*e*s.com | F | 2026-05-30 07:10:03 | |
| p*a*s*w*r*.com (WP 7.0) | F | 2026-05-30 02:34:46 | |
| l*d*a*.com | F | 2026-05-29 02:38:02 | |
| r*b*p*r*h.com | F | 2026-05-29 02:01:19 | |
| l*b*n*a*d*s*o*i*t*s.com | B | 2026-05-28 12:55:16 | |
| f*r*t*l*s*p*e*s*r*l*.com (WP 7.0) | F | 2026-05-28 12:05:42 | |
| f*r*t*l*s*l*.com (WP 7.0) | F | 2026-05-28 12:01:56 | |
| c*r*s*u*c*e*t*v*.com | F | 2026-05-28 00:10:05 | |
| p*k*m*.com (WP 6.3.8) | F | 2026-05-27 22:41:54 | |
| t*y*l*j*a*b*t*n*l.com (WP 7.0) | F | 2026-05-27 21:24:36 | |
| c*a*s*u*i*s.com (WP 7.0) | F | 2026-05-27 11:44:41 | |
| p*e*n*l*y*h*l*c*r*.com (WP 7.0) | F | 2026-05-27 07:56:02 | |
| p*b*e*s*d*v*l*a*.com (WP 7.0) | F | 2026-05-27 05:22:51 | |
| r*o*s*o*f*e*t*h.com | F | 2026-05-27 03:54:40 | |
| r*o*i*g*o*p*n*d*g*t*l*a*k*t*n*.com | F | 2026-05-26 21:50:56 | |
| d*l*g*n*e*a*r*c.com | F | 2026-05-26 08:05:13 | |
| a*c*b*s*.io | F | 2026-05-26 02:42:34 | |
| b*s*n*s*o*f*r*h*b.com | F | 2026-05-25 22:58:05 | |
| d*g*t*l*a*a*y*t.com (WP 7.0) | F | 2026-05-25 21:05:18 | |
| m*g*u*s*h*w*r*d.com | F | 2026-05-25 18:21:49 | |
| u*l*m*t*d*l*s.com | F | 2026-05-24 13:41:36 | |
| h*m*r*u*e*.ca | F | 2026-05-24 06:46:38 | |
| o*a*l*s*c*r*t*s*l*t*o*s.com | F | 2026-05-24 04:00:30 | |
| k*u*r*u.com (WP 7.0) | F | 2026-05-23 17:34:49 | |
| i*p*c*s*l*r.org | F | 2026-05-23 17:28:25 | |
| w*l*o*e*o*e*a*d*s*y.com | F | 2026-05-23 17:28:25 | |
| w*l*o*e*o*e*h.com | F | 2026-05-23 17:28:25 | |
| z*.s*r*e*l*b.com (WP 6.9.4) | F | 2026-05-23 17:05:36 | |
| k*e*o*n.com (WP 7.0) | F | 2026-05-23 12:43:33 | |
| h*d*o*s*l*.com (WP 7.0) | F | 2026-05-23 11:49:16 | |
| b*n*v*.com | D | 2026-05-22 14:47:52 | |
| f*c*a*a*t*e*t*l*o*u*.com (WP 6.9.1) | C | 2026-05-22 06:48:15 | |
| b*h*i*o*f*o*e*m*u*d.org | D | 2026-05-22 03:48:43 | |
| y*l*i*s*i*e*.com (WP 7.0) | F | 2026-05-22 01:29:20 | |
| d*a*r*l*m*e*h.com (WP 7.0) | F | 2026-05-21 15:59:26 | |
| t*e*h*y*a*i*i*i*i*t*v*.org | D | 2026-05-21 14:25:55 | |
| a*l*.org | F | 2026-05-21 12:26:32 | |
| h*g*v*l*c*t*i*n*v*t*o*.com | F | 2026-05-21 09:37:18 | |
| h*g*t*h*c*n*a.com | D | 2026-05-21 09:07:49 | |
| r*y*n*p*u*.c*.uk | F | 2026-05-20 22:18:41 | |
| g*p.v*w.m*b*u*h*s*.me (WP 6.9.4) | F | 2026-05-19 15:00:11 | |
| a*c*e*t*h*t*n*o*s*r*a*o*y.com (WP 6.9.4) | F | 2026-05-19 03:17:00 | |
| a*c*o*-*o*e.com (WP 6.9.4) | F | 2026-05-19 01:53:36 | |
| d*n*-*t.com | F | 2026-05-18 18:14:39 | |
| d*v*b*o*i.p*n*h*o*s*t*.io (WP 6.9.4) | A | 2026-05-18 17:54:36 | |
| p*w*s*t*n*.c*.uk | F | 2026-05-18 15:01:56 | |
| e*n*n*r*e*c*r*i*n*.com (WP 6.9.4) | F | 2026-05-18 06:20:49 | |
| h*a*t*y*f*n*n*e*.com (WP 6.9.4) | F | 2026-05-17 21:24:09 | |
| h*a*t*c*r*i*c.com | F | 2026-05-17 14:11:09 | |
| r*d*d*f.com (WP 6.5.8) | F | 2026-05-17 10:56:19 | |
| j*m*i*a*r*i*i*g.com | F | 2026-05-16 21:52:18 | |
| k*o*l*d*e.r*p*d*e*r*i*g*y*l*s.com | F | 2026-05-16 21:11:56 | |
| z*y*e*t*y*a*.com (WP 6.9.4) | F | 2026-05-16 20:11:33 | |
| t*m*y*e*.com (WP 6.9.4) | F | 2026-05-16 18:19:34 | |
| t*t*l*a*e*i*s.com | F | 2026-05-15 20:04:37 | |
| a*l*o*l*n*.com | F | 2026-05-14 14:40:10 | |
| y*a.t*x.m*b*u*h*s*.me | A | 2026-05-14 13:55:24 | |
| c*n*r*c*s*a*i*g.com | D | 2026-05-13 11:33:55 | |
| j*b*v*t*l*z*.com | F | 2026-05-13 08:07:46 | |
| s*o*i*i*e*i*i*g.com | F | 2026-05-13 02:30:26 | |
| t*n*a*v*g*s*n*i*e.com | F | 2026-05-13 01:52:37 | |
| n*k*l*n*.com | F | 2026-05-13 01:30:26 | |
| g*b*i*d*t.com | F | 2026-05-12 05:38:53 | |
| n*p*e*u*a*i*n.com (WP 6.9.4) | F | 2026-05-11 17:51:19 | |
| m*k*i*o*u*i*n*s.com (WP 6.9.4) | F | 2026-05-11 15:09:49 | |
| a*g*s*5*c*4*5*b*2*8*9*1*5*-*n*p*i*t.a*u*e*d*e.net (WP 6.9.4) | B | 2026-05-11 06:21:57 | |
| w*l*i*-*t*.com (WP 6.9.4) | F | 2026-05-11 03:31:51 | |
| m*i*s*s*a*t*p*c*s.com | F | 2026-05-11 02:37:26 | |
| m*i*e*b*o.com | F | 2026-05-10 20:30:43 | |
| j*v*j*c*e*.com (WP 6.9.4) | D | 2026-05-10 20:04:23 | |
| g*o*a*c*z*n*.com (WP 6.6.2) | F | 2026-05-10 17:57:57 |