Osom WP/Woo Detector Pro

About

Osom WP/Woo Detector Pro — the most advanced WordPress & WooCommerce detection extension for Chrome.

Instantly know if any website runs WordPress or WooCommerce. Get deep insights into the theme, page builder, security setup, plugins, hosting, and CMS version — all in one click. Then run a professional security audit with a letter grade, actionable findings, and a one-click exportable report. Built by Osom Studio, a WordPress agency with 10+ years of experience building enterprise WordPress and WooCommerce solutions.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

⚡ INSTANT DETECTION (automatic on every page)

The extension runs silently in the background and analyzes every page you visit. A badge appears on the icon:
• WP (blue) — WordPress detected
• WC (purple) — WooCommerce store detected
• ? (gray) — possible WordPress, run Security Audit to confirm

No clicks needed — just browse and see the badge light up.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

🔍 50+ DETECTION METHODS

Unlike basic detectors that only check the meta generator tag, Osom WP/Woo Detector Pro uses 50+ detection methods across 9 tiers:

Tier 1 — Meta tags & generator
Tier 2 — Link tags (REST API, oEmbed, pingback, EditURI, RSS, DNS prefetch)
Tier 3 — Script analysis (wp-includes, wp-content, WooCommerce scripts, emoji loader, script handles & IDs)
Tier 4 — Body & HTML classes (page-template, postid, woocommerce-page, builder classes)
Tier 5 — HTML comments (Gutenberg block markers, cache plugin signatures, SEO plugin signatures)
Tier 6 — DOM structure (admin bar, WooCommerce elements, JSON-LD, nonce fields, builder elements, block theme markers)
Tier 7 — Global JavaScript objects (wp, wpApiSettings, WC params, builder frontends)
Tier 8 — Cookies (WordPress login, WP settings, WooCommerce cart)
Tier 9 — Mixed content scan (insecure HTTP resources on HTTPS pages)

This multi-layered approach means the extension can detect WordPress even on hardened sites that hide the generator tag and use security plugins to obscure WP fingerprints.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

🔒 SECURITY AUDIT WITH GRADE & SCORE (one-click)

Click "Run Security Audit" to perform a comprehensive security assessment. The extension probes HTTP endpoints, analyzes headers, validates file exposure, and checks the WordPress version — then gives you a clear result:

• Letter grade (A through F) and numeric score (0–100)
• Findings sorted by severity: Critical, High, Medium, Low
• Each finding includes a description, impact explanation, and step-by-step remediation with ready-to-use code snippets
• Good practices section — highlights what the site is already doing right (hidden login, blocked XML-RPC, enabled HTTPS, active CDN/WAF, etc.)

What gets checked:
• Exposed sensitive files — config backups, environment files, git repositories, debug logs, database dumps, PHP info pages (every file is content-validated to prevent false positives — a custom 404 page won't trigger fake alerts)
• WordPress version currency — compared in real-time against the latest stable release from the official WordPress API, with clear "up to date" / "outdated" status
• Login security — default login URL exposure, XML-RPC status, user registration state
• User enumeration — REST API user endpoint, author archive enumeration
• Directory listing — uploads, plugins, themes, includes directories
• Security headers — HSTS, CSP, X-Frame-Options, content type options, referrer policy
• Mixed content — HTTP resources loaded on HTTPS pages (scripts, stylesheets, images, iframes, media, embeds) with per-type breakdown
• wp-cron.php — public accessibility check
• Server information disclosure — PHP version, server software headers

Zero false positives: every sensitive file probe downloads and validates the actual response content, not just the HTTP status code. A server returning an HTML error page for a non-existent file won't trigger a fake critical finding.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

📋 ONE-CLICK REPORT EXPORT

After running the Security Audit, click "Copy Report to Clipboard" and get a complete, professionally formatted plain-text report — ready to paste into an email, Slack message, or client proposal.

The report includes: full detection results, technology stack, all security findings with descriptions and fix instructions, good practices, and the overall grade. Generated in seconds, branded with your agency name.

Perfect for: client site audits, pre-sales assessments, security review documentation, competitor analysis reports.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

🎨 THEME DETECTION WITH FULL METADATA

Detects the active theme from stylesheets and scripts, then the Security Audit fetches the theme's style.css to extract the full header:

• Theme Name, Version, Author, Author URI, Theme URI
• Parent theme (automatically detected and probed)
• Requires WP, Requires PHP, Text Domain, Tags, License
• Block Theme / Full Site Editing detection for modern WordPress themes

Child themes are automatically recognized and the parent theme is probed separately.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

🏗️ PAGE BUILDER DETECTION

Identifies 13 page builders through multiple signals — DOM classes, data attributes, inline scripts, global JS objects, script handles, CSS custom properties, and REST API namespaces.

Shows the primary builder with a confidence score, version when available, and lists any additional builders detected on the same site.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

⚙️ INFRASTRUCTURE DETECTION

Beyond the CMS itself, the extension identifies the broader technology stack:

• Cache plugin — detected from HTML comments, script signatures, and inline markers
• SEO plugin — detected from HTML comments, schema markup, and script handles
• CDN / WAF — detected from HTTP response headers
• Hosting provider — identified from hostnames, HTTP headers, and server signatures
• Security plugins and firewalls — detected from scripts, cookies, inline code, HTML comments, HTTP headers, and endpoint behaviour

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

🧩 PLUGIN DETECTION

Identifies installed plugins through multiple channels:
• /wp-content/plugins/ paths in scripts and stylesheets
• REST API namespaces
• Script handles and inline configurations

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

📊 FULL SIGNAL TRANSPARENCY

Every detection is backed by individual signals you can inspect. Expand "All Detection Signals" to see exactly what was found, sorted by confidence level (high / medium / low). No black boxes — you see every data point that contributed to the result.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

WHO IS THIS FOR?

→ WordPress developers & agencies — audit any WP site's tech stack and security in seconds, export a professional report for your client
→ Sales & business development — identify prospects running WordPress or WooCommerce
→ Security researchers — quick hardening assessment without manual testing
→ Competitors analysis — see what theme, builder, and plugins your competitors use
→ Anyone curious — just browse the web and discover how many sites run on WordPress

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

PRIVACY

• No data collection — all analysis runs locally in your browser
• No external API calls for detection (only direct requests to the site you're visiting, plus one call to the official WordPress version API during audits)
• No tracking, no analytics, no accounts required
• Open detection methodology — inspect every signal in the popup

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

WHAT'S NEW IN v3.0

• Security Audit — full professional-grade security assessment with letter grade, scored findings, impact descriptions, remediation code, and good practices
• WordPress version check — real-time comparison against the latest stable release
• Mixed content detection — finds insecure HTTP resources on HTTPS pages
• One-click report export — copy a complete audit report to clipboard
• Cache, SEO & CDN detection — identifies the full infrastructure stack
• Block Theme / Full Site Editing detection
• 13 page builders supported (up from 10)
• Content-validated file probes — zero false positives on sensitive file checks

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Built with ❤️ by Osom Studio (www.osomstudio.com) — a WordPress and WooCommerce development agency specializing in custom WordPress & WooCommerce solutions for enterprises. We rescue sites from agency hell.

Questions or feature requests? Visit www.osomstudio.com or reach out — we'd love to hear from you.