WordPress Security Scan

WordPress website security scannerOnline WordPress Security Scanner to test vulnerabilities of a WordPress installation. Checks include application security, WordPress plugins, hosting environment and web server.

This scanner has two options available, the first is a passive (safe) scan that downloads a few pages from the website and performs analysis on the raw HTML code. The second option is a more intrusive active scan that attempts to enumerate vulnerable plugins and users, this uses the popular open source WordPress security auditing tool WPscan.

Processing



About the WordPress Security Scan

This security scan will check a WordPress installation for common security related mis-configurations. Testing with the basic passive scan option uses normal web requests. The system will download a handful of pages from the target site, then performing analysis on the resulting html source.

With the more advanced Active Scan option, all checks from the Passive Scan are performed in addition the system will use the excellent WPScan tool to probe plugins, usernames and other vulnerabilities. This scan tests thousands of URL’s and will generate 404 not found errors in the Web Server log file.

WordPress Security Scan
WPScan Sample

Option 1: Security checks in Passive scan:

  • WordPress Version Check
  • Site Reputation from Google
  • Default admin account enabled
  • Directory Indexing on plugins
  • Sites Externally linked from main page (reputation checks)
  • List WordPress Plugins detected through basic HTML analysis (use the Active WPscan for more aggressive testing of plugins).
  • Javascript linked
  • iframes present
  • Hosting Reputation and Geolocation information

Option 2: Advanced WPScan:
The active WPScan option requires a SILVER membership.

  • Uses the WPScan tool to test the following
  • Brute force installed plug-ins (over 2200 in current database)
  • Enumerate usernames
  • Test for vulnerable timthumb files (a heavily attacked known exploit)


Visit the excellent WPScan project site for a guide to installing WPScan in Linux.


Option 2: Launch WordPress WPScan

Access to this scan is restricted.

Silver Membership is required to use this security scanner. Immediate access is available to new members or login now if you have a valid membership.

Member Login Scan Membership



       
  • Aggressively test the security configuration of a site from an external point of view with the Open Source WPScan.
  •    

  • Find known security vulnerabilities and configuration mistakes with a WordPress installation.



Wordpress SecurityWordPress is the worlds leading content management system. This makes it a popular target for attackers.

Analysis of compromised WordPress installations, shows that exploitation most often occurs due to simple configuration errors or through plugins and themes that have not had security fixes applied.

The checks performed by our WordPress security scan will point out any obvious security failures in the WordPress installation. As well as providing recommended security related configuration improvements to enhance the security of the website against future attacks.