How to Tell if a Website Uses WordPress in 2026 (6 Easy Ways)

WordPress still powers over 40% of all websites on the internet, but knowing how to tell if a website uses WordPress isn't always obvious — especially when site owners use custom themes, caching plugins, and other tools that mask the default WordPress footprint. This guide covers six reliable methods that work in 2026.

Why Check if a Site Uses WordPress?

There are plenty of legitimate reasons to identify a WordPress site:

Competitor research — understand what themes and plugins your competitors use

Security audits — know when a site is running outdated WordPress that may be vulnerable

Business development — agencies often target WordPress site owners for migrations or improvements

Technical curiosity — learning from sites you admire

Method 1: Use AIWebsiteDetector.com

The fastest way to tell if a website uses WordPress is to scan it at AIWebsiteDetector.com. Paste the URL and the scanner checks dozens of WordPress-specific signals including:

/wp-content/ paths in HTML

WordPress REST API endpoints

WordPress-generated tags

RSD (Really Simple Discovery) links

WordPress login page patterns

The result comes back in seconds and typically tells you not just that it's WordPress, but which major plugins and themes are detected.

Method 2: Check for /wp-admin and /wp-login.php

The most famous WordPress fingerprint is the admin login URL. Try appending these paths to any domain:

https://example.com/wp-admin

https://example.com/wp-login.php

If a WordPress login page loads (or you're redirected to one), the site runs WordPress. Note that some security plugins redirect or block these URLs for non-authenticated users — but even a 403 Forbidden response at these paths is a strong WordPress indicator.

Method 3: View Page Source and Search for wp-content

Press Ctrl+U (or Cmd+U on Mac) to view the page source. Then search (Ctrl+F) for:

wp-content — WordPress stores themes and plugins here

wp-includes — Core WordPress scripts and styles

wp-json — The WordPress REST API base path

wordpress — Often appears in generator meta tags

The wp-content path is the most reliable because virtually every WordPress site loads CSS and JavaScript from this directory. A typical WordPress source contains lines like:

Method 4: Check the Generator Meta Tag

In the page source, search for:

This tag appears on most WordPress sites by default. It even tells you the exact version number, which is valuable for security research. Many security-conscious WordPress admins remove this tag using plugins like Yoast SEO or custom functions.php code — but many sites leave it in place.

Method 5: Check the RSS Feed

WordPress automatically generates an RSS feed. Try:

https://example.com/feed/

https://example.com/?feed=rss2

If a valid RSS/XML feed loads with https://wordpress.org/ in the XML, the site is definitively WordPress. This method works even when the main site heavily masks its WordPress identity.

Method 6: Look for WordPress Cookies

Open DevTools (F12) → Application → Cookies. WordPress sets cookies with names like:

wordpress_logged_in_[hash]

wp-settings-1

wordpress_test_cookie

These only appear if you're logged in or if a login attempt was made, so this method is limited to sites where you have access. It's most useful for auditing sites you manage.

Comparison of Detection Methods

| Method | No Login Needed | Works on Hardened Sites | Speed |

Rename or block /wp-admin (via security plugins like Wordfence)

Use a CDN that rewrites /wp-content paths

Serve assets from a subdomain like static.example.com

Even then, the RSS feed and REST API (/wp-json/wp/v2/) often remain accessible and reveal the WordPress identity.

WordPress vs WordPress.com

Note that WordPress.org (self-hosted) and WordPress.com (hosted service) are different. WordPress.com sites have URLs like example.wordpress.com or use a custom domain but serve content from Automattic's infrastructure. The detection methods above work for both, though self-hosted WordPress is far more common.

What Else Can You Learn After Detecting WordPress?

Once you confirm a site uses WordPress, you can often learn more:

Theme: Check /wp-content/themes/ paths in the source

Plugins: /wp-content/plugins/ paths reveal installed plugins

Page builder: Look for Elementor, Divi, or Gutenberg-specific classes

Version: The generator tag or readme.html (try /readme.html) may reveal it

Tools like WPScan are purpose-built for WordPress technology enumeration and are commonly used in security audits.

Frequently Asked Questions

Can I tell what WordPress theme a site uses?

Often yes. The page source typically contains the theme name in the /wp-content/themes/[theme-name]/ path. Browser extensions like Wappalyzer also identify common themes.

What if wp-admin redirects me somewhere else?

Some security plugins redirect unauthorized /wp-admin access to the homepage or a 404 page. This is itself a WordPress indicator — non-WordPress sites simply return a 404 natively. Check other signals like the RSS feed or wp-content paths.

Is WordPress still popular in 2026?

Yes. WordPress maintains roughly 40-43% global CMS market share as of 2026. Despite competition from Webflow, Framer, and AI builders, its plugin ecosystem and content management capabilities keep it dominant for blogs, news sites, and complex content operations.

How do I detect specific WordPress plugins?

View the page source and look for /wp-content/plugins/[plugin-name]/. Common plugins leave distinctive CSS class names or script handles. AIWebsiteDetector.com automatically identifies many popular plugins.

Does Elementor count as WordPress?

Yes. Elementor is a page builder plugin that runs on top of WordPress. If a site uses Elementor, it's a WordPress site. You can identify Elementor specifically by looking for the class elementor-section or scripts from /wp-content/plugins/elementor/.

Next Steps

Now that you can identify WordPress sites, you might want to explore:

Webflow vs WordPress — comparing the two platforms

Best No-Code Website Builders — alternatives to WordPress

AIWebsiteDetector.com — scan any site instantly

WordPress detection is just the beginning. The real value comes from understanding what themes, plugins, and configurations power the sites you admire — and using that knowledge to inform your own builds.