How to detect WP plugins used on a site in WordPress

Usually, you can detect WordPress itself by looking at the site's source code for the WordPress generator meta tag:

<meta name="generator" content="WordPress 3.0.1" />

However, some sites remove this tag to hide the fact that they're running WP.

There's foolproof way to detect the list of plug-ins that are running on a site, though. IMO this is an added security bonus -t all developers are as keen on updating their systems when things break (or vulnerabilities crop up) as the core team ... if a plug-in exposes a potential weakness on my system, the last think I want to do is advertise that fact.

However, any plug-in that adds code to the display (adding scripts, styles, meta tags, etc) might call itself out. Most scripts and styles will expose /wp-content/plugins/{plug-in name}/ in the URL. Some other front-end systems will use the name of the plug-in in some kind of an HTML comment like .

But, generally, there's easy way to generate a list of plug-ins used on a site unless a) you already know which plug-ins to look for or b) the site owner wants you to know.