What Gets Detected on a WordPress Site
WordPress has a consistent directory and file structure that makes its technology signals more readable than most CMS platforms. The wp-content/themes/ and wp-content/plugins/ paths appear in asset URLs, making the active theme directory and any plugin loading external scripts identifiable from the page HTML. The WordPress version is often present in the generator meta tag and in versioned asset query strings (?ver=6.4.2 is a common example). The active theme name appears in the stylesheet link href.
Beyond WordPress core, the page builder (if any) is identifiable by its CSS class naming convention — Elementor uses elementor- prefixed classes extensively, Divi uses et_ prefixes, and WPBakery uses vc_ prefixes. These appear throughout the rendered HTML and are consistent enough to serve as reliable detection signals.
Plugin Detection — What Is Visible and What Is Not
A plugin is detectable if it loads an external script or stylesheet from the wp-content/plugins/ directory. Plugins that operate entirely server-side (sending email, running database queries, processing payments behind the scenes) leave no public signal in the HTML and cannot be detected passively. Plugins that add front-end elements — sliders, forms, chat widgets, cookie banners, analytics integrations — load assets from their plugin directory and are detectable.
Security plugins are a special case. Some security plugins (Wordfence, Sucuri) actively remove the WordPress version number from meta tags and randomize asset versioning to make passive detection harder. A site using these tools will show a WordPress detection with an unknown version rather than a specific version number.
Hosting and CDN Detection
Hosting environment signals come from HTTP response headers that the web server includes with every response. The Server header identifies the underlying server software (Apache, Nginx, LiteSpeed). X-Powered-By may identify the PHP version. Headers like X-Sucuri-ID, Cf-Ray (Cloudflare), and X-Cache identify CDN providers. Managed WordPress hosts (WP Engine, Kinsta, Flywheel) often set proprietary headers (X-WP-Engine, X-Kinsta-Cache) that directly identify the hosting platform.
CDN detection is more reliable than host detection because CDN providers consistently use their own header names. Cloudflare's Cf-Ray header is present on virtually every Cloudflare-proxied site. Fastly's X-Served-By and X-Cache headers are similarly consistent. Hosting provider identification is less reliable — a site on a generic VPS may expose only an Nginx server header with no additional identifying information.