Is wp.com legit?

84
/ 100
Trusted
Industry: Hosting & Domains

This site is trusted. It exhibits strong security and infrastructure, with a very old, well-established domain, although some aspects of transparency are obscured by bot protection.

Hosting & Domains average: 77/100 · based on 38 sites

Checked: April 21, 2026 at 12:43 PM UTC

Is wp.com a scam? Here's what we found.

Security 95/100

The site demonstrates strong security practices, including a valid SSL certificate with modern TLS 1.3, HSTS enforcement, and effective clickjacking protection. Google Web Risk found no threats, indicating a clean and secure browsing environment.

Identity 90/100

With a domain nearly 30 years old and registered through a reputable enterprise registrar like MarkMonitor, the site's identity is exceptionally well-established and stable. The domain's extended expiry further solidifies its long-term presence.

Reputation 85/100

The site has an excellent global Tranco rank, indicating high popularity and established reputation. It is also clean on DNS blacklists. However, the inability to check the Web Archive slightly impacts a full historical reputation assessment.

Transparency 75/100

While legal pages are present, the bot protection preventing checks for contact info and social media presence slightly hinders full transparency. The site's branding is basic but adequate.

Compliance 90/100

The presence of both a privacy policy and terms of service pages indicates a good adherence to fundamental legal and user compliance standards. This provides essential information for users regarding data handling and site usage.

Infrastructure 90/100

The site features robust infrastructure, including proper DNS resolution, configured SPF and DMARC records for email authentication, and a robots.txt file. While DNSSEC is unsigned, this is not a major issue for wp.com which redirects quickly to a different domain.

Signals Detected

[+]
Tranco Rank: Rank #428

This is one of the most visited websites globally

[?]
Structured Data: None found

No structured data markup found

[?]
Trustpilot: No Trustpilot profile

This business has no Trustpilot presence — not unusual for smaller or newer companies

[+]
Domain Age: 29 years, 5 months

Domain created 1997-03-28T05:00:00Z (29 years, 5 months ago)

[?]
Registrar: MarkMonitor Inc.

Registered through MarkMonitor Inc.

[+]
Domain Expiry: 2028-03-29T04:00:00Z

Expires in 707 days

[+]
DNSSEC: unsigned

DNSSEC status from WHOIS

[+]
DNS Resolution: 2 IP(s)

Resolves to: 192.0.78.24, 192.0.78.25

[+]
Email (MX Records): 2 record(s)

Mail servers: mx1.dfw.wordpress.com., mx1.bur.wordpress.com.

[+]
SPF Record: Present

Domain has SPF email authentication configured

[+]
DMARC Record: Present

Domain has DMARC email authentication configured

[?]
Name Servers: 3 server(s)

DNS providers: ns3.automattic.com., ns2.automattic.com., ns1.automattic.com.

[+]
SSL Certificate: Valid

Valid certificate, expires in 72 days

[?]
Certificate Issuer: Let's Encrypt

Certificate issued by Let's Encrypt

[+]
TLS Version: TLS 1.3

Connection uses TLS 1.3

[?]
Sitemap: 1 pages

Sitemap found with 1 entries

[+]
robots.txt: Present

robots.txt has 45 directives and references a sitemap

[~]
Redirect Check: Redirects away

Site redirects to https://wordpress.com/

[+]
HSTS Header: Present

Site enforces HTTPS via HSTS

[+]
Clickjacking Protection: Present

X-Frame-Options: SAMEORIGIN

[?]
Server: nginx

Web server: nginx

[+]
Google Web Risk: Clean

No threats detected by Google Web Risk

[?]
Branding: Basic

Site has a favicon but no social sharing metadata

[?]
Website Status: Bot protection detected

Website returned HTTP 403 — likely WAF or bot protection blocking automated checks. The site is online but restricts non-browser access.

[?]
Contact Info: Unable to check

Bot protection prevented page inspection

[+]
Legal Pages: Privacy & Terms found

Website has both privacy policy and terms of service pages

[?]
Social Media Presence: Unable to check

Bot protection prevented page inspection

[?]
Web Archive: Unable to check

Could not query Wayback Machine

[+]
DNS Blacklists: Clean

Not found on any DNS blacklists

[?]
Certificate Transparency: Unable to check

Could not query certificate transparency logs

[+]
Page Load Time: 39ms

Fast page load

Embed This Badge

Own this site? Show visitors your trust score.

Trust badge for wp.com
<a href="https://verified.fyi/review/wp.com"><img src="https://verified.fyi/badge/wp.com?size=medium&style=full&theme=dark" alt="wp.com trust score — verified.fyi" /></a>
[![wp.com trust score](https://verified.fyi/badge/wp.com?size=medium&style=full&theme=dark)](https://verified.fyi/review/wp.com)

Stay Safe Online

Good habits to protect yourself, no matter the scan result.

Use a password manager

Never reuse passwords across sites.

Enable two-factor authentication

Add a second layer of security to your accounts.

Check before you buy

Always verify unfamiliar stores before entering payment info.

When evaluating a domain like wp.com, which serves as a gateway to the broader WordPress ecosystem, it's crucial to understand its established role rather than treating it like a brand new e-commerce site. For a hosting and domains provider, longevity and robust infrastructure are paramount. wp.com's nearly 30-year history speaks volumes; websites that have been around this long have weathered countless changes in the internet landscape and are typically highly reliable. From a trust perspective, its global popularity (Tranco Rank #422) means it's a known entity, not an obscure or fly-by-night operation. While the site does redirect to wordpress.com, this is a common branding strategy for large organizations managing multiple related properties, allowing a shorter, memorable domain to point to their primary service. The presence of contact information, legal policies, and a strong security posture are exactly what you'd expect from a legitimate, large-scale service provider in this industry. Users should always look for clear communication channels and comprehensive legal documentation when engaging with any hosting platform to understand their rights and responsibilities, all of which are present here.