The ONLY Dedicated Search Engine for WordPress Blogs, versions, themes, and plugins

A free, no-frills searchable large list of WordPress blogs containing
MILLIONS
of self-hosted WordPress sites!
Each row of your results will include the domain name, the version, the theme, and the plugins.
This information is NOT available anywhere else, including Google!

Just fill in a field to try it for free!

Hello Guest
50 rows per query.
10 queries per day.

 

Premium Account Login
User:
Pass:

InDomain
InVersion InTheme InPlugins

Query is empty

IS WORDPRESS SECURE?

According to statistics from 40,000+ WordPress websites in Alexa top 1 million, more than 70% of WordPress installations are vulnerable to hacker attacks.
~ wpwhitesecurity.com

Of all the hacked WordPress sites Sucuri looked at, almost 40% were running out-of-date WordPress core.
~ kinsta.com/blog/is-wordpress-secure/

"According to the WPScan Vulnerability Database, ~74% of the known vulnerabilities they logged are in the WordPress core software..."
~ kinsta.com/blog/is-wordpress-secure/

In a survey from Wordfence of hacked website owners, over 60% of the website owners who knew how the hacker got in attributed it to a plugin or theme vulnerability.
~ kinsta.com/blog/is-wordpress-secure/

 

    WHO USES THIS SITE?

  • Google Dorkers

  • Pentesters

  • Penetration Testers

  • Security Researchers

  • Security Testers

  • Security Training Companies

  • Vulnerability Researchers

  • Theme Developers

  • Ethical Hackers

  • Savvy Webmasters

  • WordPress Developers

  • Security Watchdogs

  • Plugin Developers

How To Use This Site:

InDomain Search: (min 4 chars.)
How to Find your competitors:
Example: if you sell boats, a domain query for 'boats' will return a large list of WordPress sites with 'boats' in their domain name. From there you can link to them, follow them on Twitter, contact them, get a link from them, negotiate with them and check out their Version, Theme, and Plugins.
You can NOT do this with Google.

 

InVersion Search: (digit dot digit)
You can see who's running an older version of WordPress. This is a favorite attack vector of hackers. Just enter any exact version number, such as, '4.5' and the result will be a large list of WordPress sites, including their: domains, themes, and their plugins! You can see a list of WordPress versions here: WordPress Versions
You can NOT do this with Google.

 

InTheme Search: (min 4 chars.)
Many WordPress sites that are set up as eCommerce use a theme made for their products. So, just like the domain name search for 'boats', if you search the themes for 'boats', a large list of WordPress sites specializing in selling boats will be returned. Of course, you will also see their versions and their plugins.
You can NOT do this with Google.

 

InPlugin Search: (min 4 chars.)
Returns a list of sites that are running a certain plugin.
Example: search for 'layerslider' will return a large list of WordPress sites that are using the LayerSlider plugin. You also get their domain names, their WordPress Version, and their Theme.
You can NOT do this with Google.

 

Other data-mining services like ahrefs, moz.com, semrush.com, and majestic.com are great, they do a wonderful job at what they do. But they are mostly about checking backlinks and assigning a ranking-weight to each domain; they don't provide the same information that we do. No one does, not even Google!

However, we believe they are overpriced. We have no competition! We could charge ANYTHING!

 

Just look at what they want to charge you:

Service Smallest plan Premium plan
ahrefs.com
$99/month $1,000/mo
moz.com/products/pro/pricing
$99/month $1,000/mo
www.semrush.com/prices/
$99/month They don't provide the price of their premium plan! Why?
majestic.com/plans-pricing
$49/month $399/mo

 

 

We have the biggest, best, largest, most complete list of WordPress blogs on the internet!

 

We have no competition!
We could charge ANYTHING!

 


But, Our plans are simple and we think everyone
should be able to afford a Premium account!

 

Guest Account, no registration.
This page is your free guest account with no registration.
50 rows per query.
10 queries per day.

 

Premium Membership (Beta Version) $19.95

Only: $4.95/month for the first 25 members!
Up to 20,000 rows per query.
100 queries per day.

Why is the price so low?
Because we want to launch with a bang,
Because this is the Beta version, (there will surely be a few glitches here and there),
Because we run without a fancy air conditioned office.
and because we run with a very small staff, me!

 

 

 

IS WORDPRESS SECURE?

Wordpress Core Vulnerabilities:
2019-12-13 WordPress <= 5.3 - Improper Access Controls in REST API
2019-12-13 WordPress <= 5.3 - Stored XSS via Block Editor Content
2019-12-13 WordPress <= 5.3 - Stored XSS via Crafted Links
2019-12-13 WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass
2019-10-14 WordPress <= 5.2.3 - Admin Referrer Validation
2019-10-14 WordPress <= 5.2.3 - JSON Request Cache Poisoning
2019-10-14 WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation

Wordpress Plugin Vulnerabilities
2020-03-04 Appointment Booking Calendar < 1.3.35 - Authenticated Stored Cross-Site Scrip...
2020-03-04 Appointment Booking Calendar < 1.3.35 - CSV Injection
2020-03-04 WooCommerce Smart Coupons < 4.6.5 - Unauthenticated Coupon Creation
2020-03-02 Testimonial < 2.1.7 - Authenticated Stored Cross-Site Scripting (XSS)
2020-02-29 Booked < 2.2.6 - Broken Authentication to Export Users Data in CSV
2020-02-27 10Web Map Builder for Google Maps < 1.0.64 - Unauthenticated Stored XSS via P..
2020-02-27 Async Javascript < 2.20.02.27 - Subscriber+ Stored XSS via Plugin Settings Ch...

Wordpress Theme Vulnerabilities
2020-02-17 Fruitful Theme <= 3.8 - Unauthenticated Reflected Cross-Site Scripting (XSS)
2020-01-27 CarSpot < 2.2.3 - Multiple Vulnerabilities
2020-01-16 Reality <= 2.5.1 - Unauthenticated Reflected XSS
2020-01-15 ListingPro < 2.5.4 - Unauthenticated Reflected XSS
2020-01-14 Real Estate 7 < 2.9.5 - Multiple Vulnerabilities
2020-01-13 Travel Booking < 2.7.8.6 - Reflected & Persistent XSS Issues
2020-01-11 Houzez < 1.8.4 - Unauthenticated Cross-Site Scripting (XSS)

 

 

 

real time web analytics