What does StackOptic analyze?

StackOptic runs 18 analysis modules on any public website from a single URL. It detects 7,000+ technologies (CMS, frameworks, analytics, payments, CDN, hosting), evaluates SSL certificates and HTTP security headers with grades from A+ to F, measures Core Web Vitals (LCP, CLS, TBT, FCP), audits SEO meta tags and structured data, checks email security (SPF, DKIM, DMARC), analyzes AI & LLM readiness including bot access and llms.txt validation, extracts color palettes and typography, estimates carbon footprint, and generates permanent shareable reports.

Does it work on sites behind Cloudflare or bot protection?

Yes. StackOptic uses a real browser engine that loads pages exactly like a human visitor — executing JavaScript, rendering CSS, and handling redirects. This allows it to bypass Cloudflare, LiteSpeed, Sucuri, and other bot protection systems where traditional crawlers and HTTP-only tools fail.

What do I get on the free plan?

The free plan includes 5 analyses per day with access to all 18 modules, full scores, technology detection, and security grades. Every report is permanently accessible via a unique shareable URL — no login required to view. No credit card needed. AI-powered insights, re-analysis, PDF/JSON export, and comparison features are available on Pro ($24/mo) and Agency ($99/mo) plans.

What is AI & LLM readiness analysis?

This module evaluates how visible and citable your website is to AI search engines like ChatGPT, Perplexity, Google AI Overviews, and Claude. It audits access permissions for 8 major AI bots, validates llms.txt and llms-full.txt files, scores citation-ready content structure, and analyzes structured data (JSON-LD) for GEO readiness — helping you rank in the next generation of search.

How long does an analysis take?

Most analyses complete in under 10 seconds. StackOptic runs all 18 modules in parallel using a real browser session, so you get technology detection, security audit, performance metrics, SEO analysis, and AI readiness scoring simultaneously.

How accurate are the results?

Detection is based on real browser execution — DOM inspection, JavaScript runtime analysis, HTTP headers, and DNS records. With 7,000+ technology signatures and Lighthouse-calibrated performance scoring, StackOptic achieves high accuracy for mainstream technologies.

What security checks are performed?

The security module evaluates SSL/TLS certificates, 12+ HTTP security headers (HSTS, CSP, X-Frame-Options, Permissions-Policy, Referrer-Policy), HTTPS enforcement, and email authentication (SPF, DKIM, DMARC). Each site receives a letter grade from A+ to F with specific remediation steps.

Do you store the websites I analyze?

StackOptic only stores publicly available information that any visitor to a website would see — HTML content, HTTP headers, DNS records, and screenshots. We do not access private data, log in to websites, or perform any intrusive testing.

What technologies does wordpress.org use?

wordpress.org employs a variety of technologies, including the WordPress CMS, Nginx web server, Tailwind CSS framework, Google Fonts, and Google Analytics. It also utilizes Jetpack Photon, a WordPress-specific CDN, for image delivery. These technologies contribute to the site's functionality, performance, and user experience.

Who hosts wordpress.org?

wordpress.org is hosted by Internap Holding LLC in the United States. Internap is a hosting provider known for its focus on performance and reliability. This choice suggests a commitment to high uptime and fast loading times, which are critical for a website as prominent as wordpress.org.

Is wordpress.org secure?

wordpress.org has a decent security foundation, featuring a valid SSL certificate and strong email security with a 'reject' DMARC policy. However, the absence of HSTS, CSP, and DKIM represents significant security vulnerabilities that should be addressed to protect users and data more effectively.

What CMS does wordpress.org use?

wordpress.org uses its own WordPress CMS, currently running version 7.0. As the official site of the WordPress project, this allows them to showcase the latest features and capabilities of the platform while ensuring compatibility and optimal performance.

Back to Search

wordpress.org

https://wordpress.org· First analyzed 10 Feb 2026· Updated 01 Mar 2026

Export

wordpress.org

Mobile

Sponsored

Hosting Provider

Internap Holding LLC

IP Address

198.143.164.252

Server Location

🇺🇸 Chicago, United States

ASN

AS32475

Organization

Internap Holding LLC

Server

Nginx

Nameservers

ns2.wordpress.org.ns3.wordpress.org.ns1.wordpress.org.ns4.wordpress.org.

Performance

Core Web Vitals

Weight

First Contentful Paint

3.4 s10%

Speed Index

4.5 s10%

Largest Contentful Paint

—25%

Total Blocking Time

0.0 ms30%

Cumulative Layout Shift

0.00025%

2.1 MB

47 requests

Image Optimization

ResponsiveJetpack Photon (WordPress)

0–49

50–89

90–100

Architecture Stack

Monolithic

⚙️ SSR

WordPressv7.0

cms

WordPress.org Parent Theme, 2021 editionv1.0.0Custom

by WordPress.org

View Theme

Technology Stack

8 Technologies Detected

Analytics

Plugins

CSS Frameworks

Fonts

Tag Managers

Web Servers

SEO Analysis

A82/100

wordpress.orgwordpress.org

Blog Tool, Publishing Platform, and CMS – WordPress.org

Open source software which you can use to easily create a beautiful website, blog, or app.

Title Length55 chars

Recommended: 50-60 chars

Description Length90 chars

Recommended: 120-160 chars

Issues (1)

• Many images missing alt text (10/18)

2 issues found

Upgrade to view details

Crawlability

Sitemap

Type: index

3 URLs

3 sub-sitemaps

robots.txt

19 rules

Sitemap reference found

Local SEO

Local Search Readiness

19/100

Poor

5 13

This site doesn't appear to be a local business. Local SEO signals are optional for non-local websites.

Sponsored

AI & LLM Readiness

D46/100

Bot Access

17/25

Machine Read.

8/25

Schema Data

3/25

Citation

18/25

AI Bot Access

8/8 accessible

Training

OAI-SearchBot

GPTBot

ChatGPT-User

Google-Extended

ClaudeBot

PerplexityBot

Applebot-Extended

CCBotinfo

Machine Readability

llms.txt

llms-full.txt

Semantic HTML

Heading Hierarchy

Text ratio:2%

Words:557

Token eff.:Optimal

Structured Data

1 JSON-LD

Organization

sameAs entity links

Citation Readiness

Opening Summary21w

Descriptive Headingsavg 3w

Canonical URL

Open Graph3/3

Twitter Card0/3

Language Tag

Publish Date

Author Info

Lists

Tables

TL;DR / Summary

About Page Link

Recommendations (6)

AI readiness recommendation preview...

Upgrade to view recommendations

Sponsored

Accessibility

WCAG 2.1 Compliance

Evaluates how accessible your website is for users with disabilities, based on WCAG 2.1 guidelines. Checks images, forms, keyboard navigation, ARIA roles, and color contrast.

A+

90/100

Passed

Critical

Warnings

Images & Alt Text

18/20

Checks if images have descriptive alt text for screen readers and visually impaired users.

Semantic Structure

20/20

Evaluates proper use of HTML5 semantic elements (header, nav, main, footer) and heading hierarchy.

Forms & Inputs

15/15

Verifies form fields have labels, error messages are clear, and inputs are properly associated.

Color & Contrast

15/15

Tests text-to-background color contrast ratios against WCAG AA/AAA minimum requirements.

Keyboard & Focus

15/15

Ensures all interactive elements are reachable and operable via keyboard (tab, enter, escape).

ARIA & Roles

7/15

Checks correct use of WAI-ARIA attributes (roles, states, properties) for assistive technologies.

Carbon Footprint

SWDM v4 · Eco-Score

Carbon emissions estimated using the Sustainable Web Design Model v4 (SWDM v4). Factors in data center, network, and device energy across new and returning visitors. Grade thresholds based on HTTP Archive percentiles.

39/100

1.07 g

CO₂e / view

3.1 MB

Page Weight

40%

Cleaner Than

Resource Breakdown

JavaScript

552.8 KB

Images

1.7 MB

CSS

520.8 KB

Fonts

97.7 KB

HTML

169.4 KB

Other

58.6 KB

Green Hosting Not Verified

Internap Holding LLC

7 recommendations

•Carbon footprint recommendation preview...

Upgrade to view recommendations

Security Score

46%Poor

Interactive

HTTPS

No WAF

56d

Certificate Details

Type

Domain Validated (DV)

Certificate Authority

Let's Encrypt

Key Algorithm

ECDSA (secp256r1) (256 bit)

Signature

ECDSA with SHA-384

TLS Version

TLSv1.3

HTTP Protocol

HTTP/2+H3

Valid From

26.01.2026

Valid Until

26.04.2026

Subject Alternative Names (2)

*.wordpress.orgwordpress.org

SHA-256 Fingerprint

DE:CE:63:4F:14:16:35:9A:D8:AA:DD:A5:B7:7B:2D:57:ED:1C:36:D9...

Top Recommendations

Security recommendation preview

Upgrade to view recommendations

Upgrade to view header details

HTTP Headers

Developer Console

server

nginx

date

Sun, 01 Mar 2026 11:03:50 GMT

content-type

text/html; charset=UTF-8

strict-transport-security

max-age=3600

x-olaf

vary

Accept-Encoding, accept, content-type

Good Warning Issue

Email Infrastructure

Custom Mail Server

Score

SPF

DKIM

DMARC

DMARC Policy

Reject (Strictest)

MX Records (1)

mail.wordpress.org

Domain Information

wordpress.org

Domain Age

22y 11m

Created

28.03.2003

Expires

28.03.2035

Last Updated

06.07.2025

Registrar

MarkMonitor Inc.

DNSSEC

Not Enabled

Privacy & Compliance

Cookie Consent Banner

GDPR Indicators

Mobile Compatibility

Viewport & Responsive Test

Tests how well your website works on mobile devices. Checks viewport configuration, responsive layout, touch targets, font readability, and simulates rendering across different screen sizes.

83/100

Mobile Friendly9 breakpoints

Viewport Meta

The viewport meta tag tells mobile browsers how to scale the page. Without it, mobile devices render at desktop width.

Responsive Design

Uses CSS media queries or flexible layouts to adapt content to different screen sizes automatically.

Touch Icons

Apple touch icons and favicons displayed when users add the site to their home screen on mobile devices.

Readable Font Size

Base font size should be at least 16px on mobile to ensure text is readable without zooming.

Relative Units

Using em, rem, %, or vw instead of fixed px values allows content to scale properly across screen sizes.

No H-Scroll Risk

No elements wider than the viewport that would cause horizontal scrolling on mobile devices.

Tap Targets OK

Interactive elements (buttons, links) are at least 48x48px with enough spacing to prevent accidental taps.

No Fixed Widths

No elements with fixed pixel widths that could overflow on smaller screens and break the layout.

Viewport

width=device-width, initial-scale=1

2 recommendations

•Mobile compatibility recommendation preview...

Upgrade to view recommendations

Typography & Readability

EB Garamond + sans-serif

53/100

Readability

/30

32/40

16px · LH 1.88

Hierarchy

/20

18/25

4.38x ratio

WCAG

/25

5/15

Contrast: undefined

Performance

/25

13/20

2 fonts

Heading Font

EB Garamond

Serif70px

Body Font

sans-serif

Sans16px

Contrast Ratio

Reading Comfort

~53 CPL

Optimal (45–75)

70px

18px

16px

✅ Excellent readability: 16px body text is ideal for all devices.

✅ Strong hierarchy: Headlines are 4.4x larger than body text.

✅ Good performance: Using 2 font families keeps load times fast.

✅ Smart font loading: Using font-display: swap prevents invisible text during load.

⚠️ Risky: Text appears on background images without overlay protection.

✅ Optimal line length: ~53 characters per line is comfortable to read.

Buy on MyFonts

Business & Marketing Stack

2 Tools Detected

Growing

Behavior Analytics

Google Tag ManagerFree

Google AnalyticsFree

User behavior and product analytics

Sponsored

Scripts & Styles

16 Resources

Scripts

Styles

Async

Defer

Top Script Sources

wordpress.org(4)googletagmanager.com(2)stats.wp.com(1)

Website Identity

WordPress

Social Profiles

Facebook X (Twitter)Instagram LinkedIn TikTok Mastodon Threads Bluesky

Sponsored

Last analyzed: 01 Mar 2026 at 11:04

AI-Powered Analysis

Technical Deep Dive

Executive Summary

StackOptic's comprehensive analysis of wordpress.org reveals a technology stack built for scale and reliability, befitting its role as the home of the world's most popular Content Management System. The site leverages Nginx as its web server, hosted by Internap Holding LLC in the United States, and utilizes its own WordPress 7.0 CMS. Frontend enhancements include Tailwind CSS for styling and Google Fonts for typography. Performance is augmented with Google Analytics and Google Tag Manager for tracking and analytics. The site has a strong email security posture with a reject DMARC policy. Image optimization leverages Jetpack Photon, a WordPress-specific CDN. While the site incorporates responsive images, it lacks modern image formats like WebP or AVIF, and lazy loading is not implemented. Overall, wordpress.org demonstrates a mature technical foundation with opportunities for incremental performance improvements.

Technology Stack Deep Dive

Frontend Technologies

wordpress.org employs a combination of frontend technologies to deliver a user-friendly and visually appealing experience. The analysis reveals the following key components:

Tailwind CSS: This utility-first CSS framework enables rapid UI development and customization. Its presence suggests a focus on maintainability and consistency across the site's design.
Google Fonts: A widely used service providing a vast library of web fonts. Its integration allows for enhanced typography and visual branding.

These technologies contribute to the overall aesthetic and usability of wordpress.org. The choice of Tailwind CSS indicates a preference for a modern, component-based approach to frontend development, allowing for efficient styling and theming.

Backend & Server Infrastructure

The backend and server infrastructure of wordpress.org are designed to handle a significant volume of traffic and ensure high availability. The core components identified are:

Nginx: This high-performance web server is known for its stability, scalability, and efficiency in handling concurrent requests. Its selection as the primary web server underscores the importance of performance and reliability for wordpress.org.

The absence of explicit backend frameworks detected suggests a tightly integrated architecture with WordPress itself managing the core application logic.

Content Management & Frameworks

As expected, wordpress.org utilizes its own WordPress CMS:

WordPress 7.0: Being the official site, it's no surprise that wordpress.org is running a relatively current major version of the platform. This allows them to showcase the latest features and capabilities of the software, as well as quickly patch any security vulnerabilities. It is categorized as a CMS, providing content creation, management, and publishing capabilities.

Hosting & Infrastructure Analysis

Hosting Provider Profile

The scan data indicates that wordpress.org is hosted by Internap Holding LLC in the United States. Internap is a well-established hosting provider known for its focus on performance and reliability. They cater to businesses with demanding hosting needs, offering a range of services including bare-metal servers, cloud hosting, and colocation. The choice of Internap suggests a commitment to high uptime and fast loading times, which are critical for a website as prominent as wordpress.org.

CDN & Performance Infrastructure

While the scan indicates that wordpress.org does not use a traditional CDN (Content Delivery Network) directly provided by a major CDN vendor, it does utilize Jetpack Photon (WordPress) for image delivery. Jetpack Photon is a WordPress-specific CDN that automatically optimizes and serves images from a global network, reducing bandwidth consumption and improving page load times for users around the world. This partially mitigates the lack of a traditional CDN.

Geographic & Network Analysis

The server location is in the United States. This location is a strategic choice, potentially to cater to a large portion of its user base and to leverage the robust network infrastructure available in the US. The load time of 6309 ms indicates room for improvement in optimizing the site's performance, potentially through a more comprehensive CDN strategy.

Security Assessment

SSL/TLS Configuration

The website utilizes an SSL certificate issued by Let's Encrypt - E8. The certificate is a DV (Domain Validated) certificate, indicating that the issuer has verified the domain ownership. The key algorithm used is ECDSA (secp256r1), a modern and secure encryption algorithm. The use of HTTP/2 also contributes to improved performance and security. However, the absence of TLS version information is a potential area for improvement; ensuring support for the latest TLS versions is essential for maintaining a strong security posture.

Security Headers Analysis

The scan indicates that HSTS (HTTP Strict Transport Security) is not enabled. Enabling HSTS would enforce secure connections and prevent man-in-the-middle attacks. The absence of data for CSP (Content Security Policy) and X-Frame-Options suggests that these security headers are either not configured or not publicly exposed, posing a security risk. Implementing these headers can significantly enhance the website's security by mitigating cross-site scripting (XSS) and clickjacking attacks.

Overall Security Posture

wordpress.org has a decent security foundation with a valid SSL certificate and a modern encryption algorithm. However, the absence of HSTS, CSP, and X-Frame-Options represents significant security vulnerabilities. Implementing these security headers is crucial for protecting users and data. The domain has a very strong DMARC policy of reject which indicates a high level of security maturity regarding email infrastructure.

SEO & Technical Health

Meta Tags & Structure

The scan data indicates that the title tag and meta description are missing. This is a critical SEO issue, as these elements are essential for search engine rankings and user click-through rates. Optimizing these tags with relevant keywords and compelling descriptions is crucial for improving the website's visibility in search results.

Indexability & Crawlability

The presence of a robots.txt file and a sitemap indicates that wordpress.org is actively managing its search engine crawlability and indexability. These files help search engines understand the website's structure and prioritize content for indexing. The presence of both indicates strong SEO practices.

Email Infrastructure & Domain

The scan reveals details about the email infrastructure and domain security:

Email Provider: No specific email provider was detected.
SPF (Sender Policy Framework): SPF is enabled, which helps prevent email spoofing.
DKIM (DomainKeys Identified Mail): DKIM is not enabled. Enabling DKIM would further enhance email authentication and security.
DMARC (Domain-based Message Authentication, Reporting & Conformance): DMARC is enabled with a reject policy. This is the strongest DMARC policy, instructing email receivers to reject any emails that fail SPF and DKIM checks. This indicates a strong commitment to email security.
Email Security Score: The email security score is 75, reflecting a good level of email security.
Domain Age: The domain is 8374 days old, dating back to 2003-03-28. This long domain age is a positive signal for SEO.
Expiry Date: The domain expiry date is 2035-03-28, indicating a long-term commitment to the domain.
Registrar: The domain is registered with MarkMonitor Inc., a well-known corporate domain registrar.
DNSSEC: DNSSEC is not enabled. Enabling DNSSEC would provide an additional layer of security by preventing DNS spoofing.

Privacy & Compliance

The scan provides insights into the website's privacy practices:

Cookie Consent Platform: No cookie consent platform was detected, even though the site contains cookies set by Google Analytics. This indicates a potential compliance gap with GDPR and other privacy regulations.
Cookie Banner: No cookie banner was detected, reinforcing the potential compliance issue.
Privacy Policy: A privacy policy is present, which is a positive step towards transparency.
Tracking Scripts: Google Analytics is detected, indicating the use of analytics for tracking user behavior. It is vital that the website complies with privacy regulations regarding user tracking.

Image Optimization & Performance

The image optimization analysis reveals the following:

Image CDN: The site uses Jetpack Photon (WordPress), a WordPress-specific CDN for image delivery.
Lazy Loading: Lazy loading is not implemented. Implementing lazy loading would improve page load times by deferring the loading of offscreen images.
WebP/AVIF: The site does not use modern image formats like WebP or AVIF. Converting images to these formats would significantly reduce file sizes and improve performance.
Responsive Images: Responsive images are implemented, ensuring that images are appropriately sized for different devices.
Ad Networks: No ad networks were detected.

Professional Verdict

wordpress.org presents a robust technical foundation, leveraging a high-performance server (Nginx) and a reliable hosting provider (Internap). The use of Jetpack Photon for image delivery is a positive step, but the absence of a full CDN and modern image formats like WebP/AVIF presents optimization opportunities. Security can be significantly improved by implementing HSTS, CSP, and X-Frame-Options. Addressing the missing title tag and meta description is crucial for SEO. While email security is strong with a reject DMARC policy, enabling DKIM and DNSSEC would provide further protection. Overall, wordpress.org demonstrates technical maturity with clear areas for enhancement.

Analysis by StackOptic AIMar 1, 2026

AI-Powered Insights

Historical Analysis & Change Tracking