How to Use WP Scan
Everything you need to know to get started and get the most out of your scans.
ZIP Upload
Download your theme or plugin as a ZIP from your server via FTP or cPanel, then upload here. The file is extracted to a secure temp directory, scanned, then immediately deleted after the scan completes.
Path Scan
Enter the full server path to your WordPress theme or plugin directory, e.g. /var/www/html/wp-content/themes/mytheme. Files are scanned recursively up to 15 levels deep.
Scan Report Cache
Your last scan result is cached in your browser's localStorage for 2 hours. If you accidentally close the tab, a banner at the top lets you restore it.
Premium License
After purchase, your license key is emailed instantly. Log in, visit Dashboard, copy your key, paste it into the License Key field on the scanner page to unlock all features.
PayPal Setup
See the PayPal Integration Guide to configure live payments and IPN notifications.