Gravityscan Help

How Gravityscan Complements Wordfence

Gravityscan is a Vulnerability Scanner and Malware Scanner for Any Website

Gravityscan is a world-class website vulnerability scanner. That means that Gravityscan finds security holes, also called vulnerabilities, in websites. Gravityscan’s vulnerability scanner works with any website and works especially well with PHP websites that have WordPress, Joomla, Drupal, Magento and vBulletin installed.

In addition, Gravityscan is also a malware scanner that can detect a huge range of malware on any website. If you install the Gravityscan Accelerator, it can also detect malware in your website source code. The Accelerator needs PHP installed on your website to run, but it can scan any file on your website.

You don’t need to install anything to use Gravityscan. Simply visit, enter your website URL, hit scan, and Gravityscan will start looking for¬†vulnerabilities and malware on your website. You will need to upgrade to Pro to view vulnerability details.

Wordfence is a Firewall and Malware Scanner for WordPress

Wordfence is, first and foremost, a firewall for WordPress. That means that Wordfence actually stops attackers from getting into your website. Gravityscan does not stop attackers. Gravityscan can only find security holes (vulnerabilities) and detect whether you have already been hacked (malware scanning).

Wordfence’s firewall has a wide range of features designed to block attackers from entering your website. This includes a real-time threat defense feed, IP blacklist, rate limiting firewall, two factor authentication and much more. For more info visit

In addition to being a world-class firewall, Wordfence also provides malware scanning for WordPress. You can use either Wordfence or Gravityscan to scan WordPress for malware. They both do a great job and are designed by the same team. If you use any other publishing platform, you must use Gravityscan to scan it for malware. Gravityscan is designed to support a wide range of platforms and knows how to scan each specific platform.

Wordfence does perform vulnerability scanning on your WordPress themes and plugins. It does not check for vulnerabilities in PHP, Apache, Nginx or other publishing platforms. Gravityscan can scan WordPress themes and plugins, PHP, Apache, Nginx and a range of other platforms for vulnerabilities.

I use Wordfence. Do I need Gravityscan?

Yes you do. Gravityscan will provide a more comprehensive vulnerability scan on your website than Wordfence can because it also checks PHP, Apache, Nginx and any other web applications it finds for vulnerabilities (you must upgrade to Pro and prove site ownership to view vulnerability details). Wordfence only scans your WordPress plugins and themes for vulnerabilities.

I use Gravityscan. Do I need Wordfence?

If you use WordPress, you definitely need Wordfence. Wordfence blocks attacks by providing your website with a firewall. Gravityscan does not block attacks. Gravityscan only lets you know if you have a security hole (a vulnerability) or if you have malware (if you’ve been hacked).

If you use WordPress, you should immediately install Wordfence to get a world-class firewall that will block attacks and prevent hackers from compromising your website and installing malware.

I have both Gravityscan and Wordfence. Should I use both for malware scanning?

We recommend you do a scan with both products for maximum coverage.¬†If your Wordfence scan fails, then Gravityscan will provide backup malware detection. If your website is damaged so that PHP code is no longer executing and Wordfence is disabled, Gravityscan’s remote scan will still detect malware if any appears on your site.


Wordfence only works on WordPress. It blocks attacks and scans for malware. Wordfence can also let you know if you have a vulnerable WordPress theme or plugin. You need to install the Wordfence plugin in your WordPress site to use it.

Gravityscan works with any website. It detects a large range of vulnerabilities and finds malware on any site. Gravityscan does not require any installation.

Report a Bug