Is wordpress.org legit?

75
/ 100
Mostly Safe
Industry: Software & Downloads

WordPress.org is the legitimate and authoritative home of the world’s most popular content management system. You can trust this site for downloading software and accessing developer resources, as it is a foundational pillar of the internet with a clean security track record.

Software & Downloads average: 65/100 · based on 120 sites

Checked: May 20, 2026 at 7:24 PM UTC ·

Is wordpress.org a scam? Here's what we found.

Security 95/100

The site employs a robust security posture with properly configured modern TLS 1.3 and HSTS, ensuring a secure environment for software distribution.

Identity 90/100

With over two decades of consistent domain history and high global traffic, the identity of this site is well-established as the official home of the WordPress software project.

Reputation 85/100

As a foundational pillar of the web, its reputation is backed by its status as a widely recognized nonprofit and open-source project leader.

Transparency 75/100

The site provides a clear About page and identifies its project leadership well, though the lack of a standardized contact page is a typical oversight for large-scale open-source repositories.

Compliance 60/100

While this is a non-commercial software hub, the inconsistent presence of formal legal pages like Privacy Policies or Terms of Service is a notable gap for a site of this massive scale.

Infrastructure 90/100

The site uses high-quality professional infrastructure with properly configured email authentication and a reliable, long-term domain registration strategy.

Signals Detected

[+]
Tranco Rank: Rank #42

This is one of the most visited websites globally

[+]
Structured Data: Found

Site uses structured data identifying itself as: Organization, WebSite

[?]
Schema Name: WordPress

WordPress

[?]
Schema Description: Open source software which you can use to easily create a beautiful website, blog, or app.

Open source software which you can use to easily create a beautiful website, blog, or app.

[?]
Page Title: Blog Tool, Publishing Platform, and CMS – WordPress.org

Blog Tool, Publishing Platform, and CMS – WordPress.org

[?]
Page Description: Open source software which you can use to easily create a beautiful website, blog, or app.

Open source software which you can use to easily create a beautiful website, blog, or app.

[?]
Page Language: en-US

HTML declares lang="en-US"

[?]
Page Heading: Meet WordPress

Meet WordPress

[?]
Open Graph Type: website

og:type declared as website

[?]
Trustpilot: No Trustpilot profile

This business has no Trustpilot presence — not unusual for smaller or newer companies

[~]
Hidden Content: 14 hidden elements

Excessive hidden content found — may indicate cloaking or deceptive content

[+]
DNS Resolution: 2 IP(s)

Resolves to: 2607:f978:5:8002::c68f:a4fc, 198.143.164.252

[+]
Email (MX Records): 2 record(s)

Mail servers: smtp1-ord.wordpress.org., smtp2-ord.wordpress.org.

[+]
SPF Record: Present

Domain has SPF email authentication configured

[+]
DMARC Record: Present

Domain has DMARC email authentication configured

[?]
Name Servers: 4 server(s)

DNS providers: ns4.wordpress.org., ns2.wordpress.org., ns3.wordpress.org., ns1.wordpress.org.

[+]
SSL Certificate: Valid

Valid certificate, expires in 36 days

[?]
Certificate Issuer: Let's Encrypt

Certificate issued by Let's Encrypt

[+]
TLS Version: TLS 1.3

Connection uses TLS 1.3

[+]
Branding: Complete

Site has custom branding and social media metadata

[+]
Domain Age: 23 years, 5 months

Domain created 2003-03-28T01:07:35Z (23 years, 5 months ago)

[?]
Registrar: MarkMonitor Inc.

Registered through MarkMonitor Inc.

[+]
Domain Expiry: 2035-03-28T01:07:35Z

Expires in 3233 days

[+]
DNSSEC: unsigned

DNSSEC status from WHOIS

[?]
Sitemap: 3 pages

Sitemap found with 3 entries

[+]
robots.txt: Present

robots.txt has 37 directives and references a sitemap

[+]
HSTS Header: Present

Site enforces HTTPS via HSTS

[+]
Clickjacking Protection: Present

X-Frame-Options: SAMEORIGIN

[?]
Server: nginx

Web server: nginx

[+]
Google Web Risk: Clean

No threats detected by Google Web Risk

[?]
Web Archive History: Unable to check

Wayback CDX returned status 503

[+]
Website Status: Online

Website is live and responding

[~]
Contact Info: Not found

No obvious contact information found on homepage

[~]
Legal Pages: Partial

Website is missing either privacy policy or terms of service

[?]
Business Disclosure: Not found

No dedicated legal-entity disclosure page detected — common and expected outside the EU, but required for commercial sites in Germany, France, Spain, Italy, and other EU jurisdictions.

[+]
About Page: Found

Site publishes an About / Team / Company page — a transparency signal that the operator is willing to describe who runs the business.

[+]
Social Media Presence: 6 platforms

Website links to multiple social media platforms

[+]
DNS Blacklists: Clean

Not found on any DNS blacklists

[?]
Certificate Transparency: 13 certificates

13 certificates found for 14 unique names

[?]
Page Load Time: 1505ms

Average page load time

Embed This Badge

Own this site? Show visitors your trust score.

Trust badge for wordpress.org
<a href="https://verified.fyi/review/wordpress.org"><img src="https://verified.fyi/badge/wordpress.org?size=medium&style=full&theme=dark" alt="wordpress.org trust score — verified.fyi" /></a>
[![wordpress.org trust score](https://verified.fyi/badge/wordpress.org?size=medium&style=full&theme=dark)](https://verified.fyi/review/wordpress.org)

Stay Safe Online

Good habits to protect yourself, no matter the scan result.

Use a password manager

Never reuse passwords across sites.

Enable two-factor authentication

Add a second layer of security to your accounts.

Check before you buy

Always verify unfamiliar stores before entering payment info.

When evaluating whether a software distribution site is safe, we look for signs of longevity, brand authority, and security infrastructure. WordPress.org is the undisputed source for the WordPress software, managed by the nonprofit WordPress Foundation. Unlike commercial sites that might try to hide ownership, this domain has been a cornerstone of the web for over 23 years, operating with the transparency expected of a major open-source initiative. Because this is a hub for software downloads, security is of paramount importance. The site maintains a pristine reputation within the tech community; it is not a fake site or a mirror for malware, which is often a concern when users search for 'is WordPress.org a scam.' The technical infrastructure, including robust TLS configuration, ensures that the communication between your browser and their servers remains encrypted and protected. From a consumer safety perspective, the main thing to remember is the distinction between WordPress.org (the open-source project) and WordPress.com (the commercial hosting service). While WordPress.org is completely safe and free, users often get confused between the two. When you download software from this domain, you are getting the untouched, official version of the project. If you are looking for legitimate WordPress.org reviews, you will find that it is consistently upheld as the standard-bearer for web publishing platforms. While the lack of traditional e-commerce-style legal compliance documents might be noticeable to those used to buying consumer goods, here it simply reflects the site's identity as a free, nonprofit educational and software development resource. You can rely on this site as an official, secure, and genuine authority for your web development needs.