There are 5 reliable ways to check if a website is built on WordPress — and you can use most of them without installing anything. Whether you’re doing competitor research, verifying your own site’s CMS, or just curious about a website you’ve landed on, this guide covers all the methods, including what to do when a site actively hides its WordPress installation.
Method 1: Check the /wp-admin URL
The fastest check: add /wp-admin or /wp-login.php to the end of any domain.
- Go to
example.com/wp-admin - If you see the WordPress login screen → it’s WordPress
- If you get a 404 or redirect → they may have hidden their login page (common for security reasons)
Limitation: Many sites hide or rename their login URL using security plugins like WPS Hide Login. A 404 here doesn’t rule out WordPress.
Method 2: Use a CMS Detector Tool (Most Reliable)
These tools scan the site’s code and headers to identify the CMS — usually in under 5 seconds:
- BuiltWith (builtwith.com) – Most detailed, shows WordPress version, plugins, and hosting
- Wappalyzer (browser extension) – Detects CMS in real time as you browse
- IsItWP (isitwp.com) – Simple, WordPress-specific checker
- WhatCMS (whatcms.org) – Broader CMS detection, not just WordPress
For the best accuracy, use BuiltWith or install the Wappalyzer browser extension — it works passively on every site you visit.
Method 3: View Page Source
- Right-click anywhere on the page and select View Page Source
- Press Ctrl+F (or Cmd+F on Mac) and search for
wp-content - If
wp-contentappears in the source code, it’s WordPress — this folder is unique to WordPress
You can also search for wp-includes or wordpress in the page source for additional confirmation.
Method 4: Check the RSS Feed URL
WordPress automatically generates an RSS feed. Visit example.com/feed — if it returns an RSS/XML feed with WordPress-style markup, it’s very likely WordPress.
Method 5: Check for WordPress Generator Meta Tag
In the page source, search for generator. WordPress adds a meta tag like this:
<meta name="generator" content="WordPress 6.x" />If this tag is present, it’s WordPress and you’ll even know the version. Note: security-conscious sites often remove this tag using a plugin.
What If the Site Is Hiding That It’s Built on WordPress?
Some developers hide WordPress footprints for security. Here’s what they commonly change and how to still detect it:
- Removed generator meta tag → Use BuiltWith — it checks network headers and script patterns, not just meta tags
- Hidden /wp-admin login → Check page source for
wp-contentinstead - Renamed wp-content folder → Rare, and most CMS detectors still identify WordPress via JavaScript patterns
A professional developer can often identify WordPress just by looking at the site’s structure and script loading patterns — even with all visible clues removed.
Quick Comparison: Which Method to Use?
| Method | Speed | Works if WP is hidden? | Needs install? |
|---|---|---|---|
| /wp-admin check | ⚡ Instant | 🟡 Sometimes | No |
| BuiltWith / Wappalyzer | ⚡ Instant | ✅ Usually | Optional extension |
| View page source | Fast | 🟡 Sometimes | No |
| RSS feed check | Fast | 🟡 Sometimes | No |
| Generator meta tag | Fast | ❌ Often removed | No |
Frequently Asked Questions
Can a WordPress site be made completely undetectable?
It can be made harder to detect, but not truly undetectable. Tools like BuiltWith analyze network request patterns and JavaScript signatures that are difficult to fully mask.
Does detecting a site’s CMS cause any harm to the site?
No — all methods described here are passive and read-only. You’re simply reading publicly available information that any browser would see when loading the page.
