Is wordpress.org legit?

85
/ 100
Trusted
Industry: Software & Downloads

This site appears largely trusted, having a long-standing online presence and robust infrastructure. However, a significant amount of hidden content, missing direct contact information, and incomplete legal pages are areas for concern.

Software & Downloads average: 78/100 · based on 75 sites

Checked: April 21, 2026 at 10:51 PM UTC

Is wordpress.org a scam? Here's what we found.

Security 85/100

The site uses modern TLS 1.3 encryption and has a valid SSL certificate, and Google Web Risk reports no threats. However, 14 hidden elements are a moderate concern, potentially indicating attempts to conceal content.

Identity 95/100

With a domain age of over 23 years, the site demonstrates a strong, long-established online identity. Domain registration details are clear and managed by a reputable registrar.

Reputation 90/100

The site enjoys a high global Tranco rank, indicating significant web traffic and widespread recognition. It is not listed on any DNS blacklists, reinforcing a clean reputation.

Transparency 80/100

While the site has complete branding and a presence across multiple social media platforms, the absence of clear contact information on the homepage hinders user accessibility and direct communication.

Compliance 85/100

The site provides some legal information but is noted to be missing either a privacy policy or terms of service. This is a noticeable gap for user protection and regulatory adherence.

Infrastructure 95/100

The site boasts excellent infrastructure, including proper DNS resolution, robust email authentication (SPF and DMARC), and strong HSTS and clickjacking protection, ensuring a stable and secure foundation.

Signals Detected

[+]
Tranco Rank: Rank #45

This is one of the most visited websites globally

[+]
Structured Data: Found

Site uses structured data identifying itself as: Organization, WebSite

[?]
Trustpilot: No Trustpilot profile

This business has no Trustpilot presence — not unusual for smaller or newer companies

[~]
Hidden Content: 14 hidden elements

Excessive hidden content found — may indicate cloaking or deceptive content

[+]
DNS Resolution: 2 IP(s)

Resolves to: 2607:f978:5:8002::c68f:a4fc, 198.143.164.252

[+]
Email (MX Records): 1 record(s)

Mail servers: mail.wordpress.org.

[+]
SPF Record: Present

Domain has SPF email authentication configured

[+]
DMARC Record: Present

Domain has DMARC email authentication configured

[?]
Name Servers: 4 server(s)

DNS providers: ns1.wordpress.org., ns2.wordpress.org., ns4.wordpress.org., ns3.wordpress.org.

[+]
SSL Certificate: Valid

Valid certificate, expires in 64 days

[?]
Certificate Issuer: Let's Encrypt

Certificate issued by Let's Encrypt

[+]
TLS Version: TLS 1.3

Connection uses TLS 1.3

[+]
Branding: Complete

Site has custom branding and social media metadata

[?]
Certificate Transparency: Unable to check

crt.sh returned status 502

[+]
Domain Age: 23 years, 4 months

Domain created 2003-03-28T01:07:35Z (23 years, 4 months ago)

[?]
Registrar: MarkMonitor Inc.

Registered through MarkMonitor Inc.

[+]
Domain Expiry: 2035-03-28T01:07:35Z

Expires in 3262 days

[+]
DNSSEC: unsigned

DNSSEC status from WHOIS

[?]
Sitemap: 3 pages

Sitemap found with 3 entries

[+]
robots.txt: Present

robots.txt has 37 directives and references a sitemap

[+]
HSTS Header: Present

Site enforces HTTPS via HSTS

[+]
Clickjacking Protection: Present

X-Frame-Options: SAMEORIGIN

[?]
Server: nginx

Web server: nginx

[+]
Google Web Risk: Clean

No threats detected by Google Web Risk

[+]
Website Status: Online

Website is live and responding

[~]
Contact Info: Not found

No obvious contact information found on homepage

[~]
Legal Pages: Partial

Website is missing either privacy policy or terms of service

[+]
Social Media Presence: 6 platforms

Website links to multiple social media platforms

[+]
DNS Blacklists: Clean

Not found on any DNS blacklists

[?]
Web Archive: Unable to check

Could not query Wayback Machine

[+]
Page Load Time: 763ms

Fast page load

Embed This Badge

Own this site? Show visitors your trust score.

Trust badge for wordpress.org
<a href="https://verified.fyi/review/wordpress.org"><img src="https://verified.fyi/badge/wordpress.org?size=medium&style=full&theme=dark" alt="wordpress.org trust score — verified.fyi" /></a>
[![wordpress.org trust score](https://verified.fyi/badge/wordpress.org?size=medium&style=full&theme=dark)](https://verified.fyi/review/wordpress.org)

Stay Safe Online

Good habits to protect yourself, no matter the scan result.

Use a password manager

Never reuse passwords across sites.

Enable two-factor authentication

Add a second layer of security to your accounts.

Check before you buy

Always verify unfamiliar stores before entering payment info.

When evaluating a platform like wordpress.org, which underpins a significant portion of the internet's websites, understanding its trustworthiness is paramount. As a leading open-source content management system, it's not a typical e-commerce site or a niche service; instead, it's a foundational internet utility. Most established software and download platforms of this magnitude exhibit long domain histories, professional infrastructure, and clear security protocols, all of which wordpress.org strongly demonstrates. Its domain age of over two decades, top global ranking, and robust email authentication are all hallmarks of a legitimate and well-maintained project. However, users considering wordpress.org need to be aware of a few nuances specific to its model. The extremely low Trustpilot score often reflects challenges with user support for a free, open-source product, where direct, personalized assistance isn't always part of the core offering. This isn't necessarily a scam indicator, but rather a reflection of differing expectations. Furthermore, for any foundational platform, clear legal documentation and readily accessible contact details are crucial. The partial legal pages and missing direct contact information on the homepage are areas where wordpress.org could improve to bolster user confidence, especially for those new to open-source communities. While generally a trustworthy ecosystem for website building, users should manage their support expectations and be prepared to rely on community resources for assistance, which is common in open-source projects.