How to Find Out What WordPress Theme and Plugins Any Website Uses (Free Detector Tool)

You're scrolling through a beautifully designed WordPress site and a single question lodges in your head: "What theme are they using? What plugins make this work?"

Maybe you're researching competitors. Maybe you're picking a theme for your next project. Maybe a client sent you a link saying "build me one of these" and you need to reverse-engineer the stack before you quote. Whatever the reason, peeking under the hood of a WordPress site shouldn't take a developer.

This guide walks through exactly how WordPress theme and plugin detection works, the manual way to do it from your browser, and — if you'd rather skip all that — a free WordPress theme detector that gives you the full breakdown (theme, plugins, hosting provider, and domain registrar) in under 15 seconds.

Why find out what theme and plugins a WordPress site uses?

There are more good reasons than you'd think. Here are the most common ones I see from clients:

• Competitor research. You're about to launch in the same niche. Knowing exactly what stack your top three competitors use saves you weeks of trial and error.
• Theme inspiration. You found a layout you love and want to know if it's a public theme you can buy or a custom build. The theme slug tells you instantly.
• Plugin discovery. Spot the e-commerce, popup, form, or SEO plugin that's powering a feature you've been struggling to recreate.
• Performance audits. A slow WordPress site is usually slow because of a bloated theme, too many page-builder plugins, or a cheap host. Knowing all three lets you give an honest "fix this first" recommendation.
• Pre-quote technical scoping. Before quoting a redesign or migration, knowing the current stack (and whether the host is shared / managed / VPS) changes the price by thousands.
• Security checks. An out-of-date theme or a notoriously buggy plugin is a known attack surface. Spot it once and you've identified an entire category of risk.

How to detect a WordPress theme manually

If you have a few minutes and don't mind reading some HTML, you can find most of this info yourself. Here's the manual workflow:

1. Confirm the site is WordPress

Open the site, right-click anywhere, and choose View Page Source (Ctrl+U on Windows, ⌘+U on Mac). In the raw HTML, look for any of these telltale signs:

• Paths containing /wp-content/ or /wp-includes/
• A meta tag like <meta name="generator" content="WordPress 6.x">
• API references to /wp-json/
• Comments mentioning Gutenberg or Elementor or WPBakery

If any of those appear, it's WordPress.

2. Find the active theme slug

In the same page source, search (Ctrl+F) for wp-content/themes/. The directory name immediately after is the theme's slug — for example wp-content/themes/astra/ means the theme slug is astra.

Once you have the slug, open the theme's style.css file directly:

https://example.com/wp-content/themes/<slug>/style.css

The first ~20 lines of that file contain the theme's real name, version, author, and homepage URL — in a WordPress-standard header block. That's the canonical source of truth for theme metadata.

3. List the plugins

Search the page source again for wp-content/plugins/. Every plugin that loads public-facing CSS or JavaScript will appear there. Collect all the unique directory names — those are your plugin slugs (for example elementor, woocommerce, wordpress-seo, contact-form-7).

Caveat: Plugins that work entirely server-side (caching, security, backups, REST endpoints) often don't emit anything public — so manual detection only catches the "frontend-active" subset.

4. Identify the hosting provider

Open your browser's developer tools, switch to the Network tab, refresh the page, and click the main HTML request. In the response headers, look for:

• Server: LiteSpeed — often Hostinger, A2 Hosting, or NameHero
• Server: nginx + X-Powered-By: WP Engine — WP Engine
• X-Pantheon-Styx-Hostname — Pantheon
• Server: cloudflare — Cloudflare CDN (the real host is hidden behind it)
• X-Sucuri-ID — Sucuri WAF in front of the real host

For the hosts where headers don't give it away, you can resolve the domain to an IP and look up the IP's organisation (the ASN). That usually narrows it down to AWS, Google Cloud, DigitalOcean, Hostinger, Bluehost, SiteGround, GoDaddy, etc.

5. Look up the domain registrar

Use a free RDAP service like https://rdap.org/domain/<domain>. The JSON response includes the registrar's name, the registration date, the expiry date, and the nameservers — everything you'd traditionally get from a WHOIS query, but cleaner.

The fast way: a free WordPress theme detector

If reading HTML and ASN tables isn't how you want to spend the next ten minutes, you can use our free WordPress theme detector tool. Paste any WordPress URL, drop in your details, and you get the full breakdown instantly.

It runs server-side, so there's nothing to install — no browser extension, no Chrome flag, no command line. It works on every WordPress site on the public web. And it's free.

What our WordPress detector reveals

One submission returns five layers of information:

1. Whether the site is actually WordPress (and what version)

Some sites look like WordPress but are built on Webflow, Wix, Squarespace, Shopify, or a custom stack. The detector reads the HTML for the same fingerprints listed above and tells you confidently whether you're looking at WordPress — plus the major version when it's still exposed in the generator meta tag.

2. The active theme

You get the theme slug (the folder name), the human-readable theme name, the version, the author, and a link to the theme's homepage when one is set. Click through and you'll usually land on the theme marketplace listing — handy if you want to buy the same theme or research its capabilities.

3. Every public plugin

The detector scrapes every /wp-content/plugins/ reference in the public HTML, deduplicates, and translates the technical slug into a readable plugin name when it recognises one. So instead of guessing what seo-by-rank-math or js_composer means, you see Rank Math SEO and WPBakery Page Builder right away.

4. The hosting provider

This is the layer most tools get wrong. The detector combines HTTP header signals (Server, X-Powered-By, X-Sucuri-ID, X-LiteSpeed-Cache, X-Pantheon-Styx-Hostname, X-Served-By, X-CDN) with an IP-to-ASN lookup on the resolved server IP. The result is a confident guess like Hostinger, WP Engine, Kinsta, SiteGround, Cloudways, Bluehost, GoDaddy, AWS, Google Cloud, DigitalOcean, Hetzner, OVH, or the raw organisation name from the ASN when it's none of the above.

When the site is behind Cloudflare, Sucuri, or another CDN, the detector says so explicitly so you don't mistake the CDN for the origin host.

5. The domain registrar

Using the RDAP standard, the detector pulls the registrar name, registration date, expiry date, and nameservers. So in one report you find out the domain was registered through Namecheap in 2019 and renewed until 2027 — context that matters if you're planning a migration or pitching a long-term retainer.

Popular WordPress themes and plugins you'll find in the wild

Once you start running detections on real sites, patterns emerge fast. Here are the themes and plugins you'll see most often:

Top themes

• Astra — the most-installed lightweight theme; bundled into thousands of starter templates
• Hello Elementor — the canvas theme that ships with Elementor
• OceanWP — popular for WooCommerce stores
• GeneratePress — performance-focused, common on content sites
• Kadence — fast-growing in the page-builder ecosystem
• Divi — Elegant Themes' all-in-one design system
• Woodmart — the dominant premium WooCommerce theme
• Avada — long-running ThemeForest bestseller

Top plugins

• Elementor + Elementor Pro — the leading page builder
• WooCommerce — powers a huge share of WordPress e-commerce
• Yoast SEO / Rank Math SEO / All in One SEO — the big three SEO plugins
• Contact Form 7, WPForms, Fluent Forms, Gravity Forms — the form market
• WP Rocket, LiteSpeed Cache, WP Super Cache, Autoptimize — performance / caching
• Wordfence, UpdraftPlus — security and backups (often invisible to detection)
• WPBakery Page Builder (older sites) and Bricks / Breakdance (newer)
• Advanced Custom Fields (ACF) — the developer staple

Spotting one of these in a competitor's stack is often enough to copy the recipe — same theme + same SEO plugin + same caching layer gives you the same baseline.

Limitations of any WordPress theme detector

Three honest caveats:

• Hidden plugins. Plugins that don't emit public-facing CSS or JavaScript (caching, security, backups, admin-only tools, REST endpoints) are invisible to any scraper-based detector. Expect to see 5–15 plugins on a typical site, but the site might actually run twice that.
• Child themes look like their parent. If a site is using Astra Child with the parent Astra, the detector usually reports the child's slug. That's correct — it's the active theme — but you have to read the style.css header to see the parent relationship.
• CDNs hide the origin host. Cloudflare, Sucuri, BunnyCDN, and Fastly mask the real hosting provider. The detector flags this explicitly so you know the IP-based guess is the CDN edge, not the origin.

None of these are deal-breakers — they're just the inherent limits of analysing the public surface. For deeper auditing (admin access, server logs), you need the site owner's cooperation.

Frequently asked questions

Is the WordPress theme detector free?

Yes — completely free. You enter your name, email, and phone so we can follow up if you'd like help with your own site, but there's no paywall, no signup form, and no credit card.

Does it work on every WordPress site?

It works on any publicly-reachable WordPress site. If the site is behind authentication, geo-blocked, or under heavy bot-protection, the detector may not be able to fetch the HTML — in which case it'll tell you so instead of guessing.

Can I detect the theme of a site that isn't WordPress?

The detector tells you when a site isn't WordPress and still gives you the hosting provider and domain registrar. The theme and plugin layers are WordPress-specific, so they'll come back empty for non-WP sites.

How accurate is the hosting detection?

Very accurate when the host emits identifying headers (WP Engine, Kinsta, Pantheon, Sucuri, LiteSpeed). For generic Nginx / Apache setups, the detector falls back to an IP-to-ASN lookup, which identifies the network owner (Hostinger, AWS, DigitalOcean, Google Cloud, etc.) but not always the reseller. Cloudflare-fronted sites are flagged so you know the IP is the CDN, not the origin.

Will running the detector affect the target site?

No. The detector makes a single HTTP GET request — the same as any browser visiting the page — plus one short request to the theme's style.css file. It's indistinguishable from a normal visitor and has zero impact on the site's performance or analytics.

Why do you ask for my phone number?

Honest answer: so we can offer help if you need it. We only contact you if you ask us to. Many people who use the detector are scoping a website project — if that's you, we'd love to talk; if not, you'll never hear from us.

Is this better than other WordPress theme detectors?

Most other tools only tell you the theme. Ours gives you theme + plugins + hosting provider + domain registrar in one report — basically everything you'd need to either replicate a stack or quote a migration. It's also free, with no upsell, no "premium" tier, and no installation.

Ready to scan a site?

Open the WordPress Theme Detector →

Paste a URL, get the full breakdown in 15 seconds. Free, no signup beyond your details. If you find something interesting — or just want to chat about what you discovered — get in touch and we'll talk.