Gathering data about WordPress sites without ever having admin access can be difficult, but it’s not impossible. The WP Snooper scanner uses a few different techniques to determine the active theme and plugins in use.
Finding the active WordPress theme
The easiest way of finding the active WordPress theme is to open up the HTML source of the site and look for the main theme stylesheet.
The main stylesheet will be located in /wp-content/themes and should always be named style.css. It should look something like the below:
<link rel='stylesheet' id='understrap_style-css' href='https://wpsnooper.com/wp-content/themes/understrap/style.css?ver=0.9.4' type='text/css' media='all' />Above, we can see that the theme is in a folder called “understrap”. This is usually the name of the theme but can occasionally be misleading.
In most cases, you can now browse directly to the stylesheet to get some more information.
https://wpsnooper.com/wp-content/themes/understrap/style.cssBrowsing to the above URL should show something like this:
/*
Theme Name: UnderStrap
Theme URI: http://understrap.com
Version: 0.9.4
...This then shows the theme display name, the version, plus some information about the author.
Finding active plugins
You can find installed plugins using a similar process. Look through the head of the HTML source and find where the plugin stylesheets and scripts are loaded.
Here’s an example of a stylesheet loading a plugin CSS file:
<link rel="preload" href="https://wpsnooper.com/wp-content/plugins/webtoffee-gdpr-cookie-consent/public/css/cookie-law-info-public.css" />Searching for the “webtoffee-gdpr-cookie-consent” string in the WordPress plugin repository will give you more information on the plugin.
Or you could just use the theme and plugin detector!
