API Documentation

Wordpress Security Scanner API - Developer reference for integrating security scans into your applications.

Quick Start

GET https://security.ng-prod.com/check?url=wordpress-site.com

Run all security tests on a Wordpress site in one request.

API Usage

Scan any Wordpress site for common security vulnerabilities with a single API call.

curl "https://security.ng-prod.com/check?url=example.com" | jq '.'

Rate Limiting

Limit: 3 scans per hour per website

Rate limits are tracked per IP address + target domain combination. The API returns rate limit information in both response headers and body:

Response Headers

X-RateLimit-Limit: Maximum requests allowed (3)
X-RateLimit-Remaining: Requests remaining
X-RateLimit-Reset: Unix timestamp when limit resets

Response Body

{
  "success": true,
  "rate_limit": {
    "limit": 3,
    "remaining": 2,
    "reset_at": 1761136627
  },
  "data": { ... }
}

Rate Limit Exceeded

When you exceed the rate limit, you'll receive a 429 status code:

{
  "success": false,
  "error": "Rate limit exceeded",
  "message": "You've scanned example.com too many times...",
  "rate_limit": {
    "limit": 3,
    "remaining": 0,
    "reset_at": 1761136627,
    "reset_in_minutes": 45,
    "domain": "example.com"
  }
}

Response Format

{
  "success": true,
  "rate_limit": {
    "limit": 3,
    "remaining": 2,
    "reset_at": 1761136627
  },
  "data": {
    "target": "https://example.com",
    "wordpress_detected": true,
    "findings": [
      {
        "title": "Sensitive User Data Exposed",
        "description": "REST API reveals emails, user roles for all users. Critical security risk.",
        "severity": "high",
        "severity_label": "Critical Risk",
        "icon": "x-circle"
      },
      {
        "title": "XML-RPC Enabled",
        "description": "Can be exploited for DDoS attacks and brute-force attempts. Disable if not needed.",
        "severity": "medium",
        "severity_label": "Medium Risk",
        "icon": "alert-circle"
      },
      {
        "title": "Version Exposed: 6.4.7",
        "description": "Publicly visible version helps attackers identify known vulnerabilities.",
        "severity": "medium",
        "severity_label": "Medium Risk",
        "icon": "alert-circle"
      },
      {
        "title": "REST API Enabled",
        "description": "Publicly accessible. Disable if not needed.",
        "severity": "info",
        "severity_label": "Info",
        "icon": "info"
      }
    ],
    "scan_duration_ms": 2341
  }
}