WordPress Security Scan

WordPress Security Help and Sample Report

WordPress Security Scan Sample ReportWordPress is the worlds leading content management system. This makes it a popular target for attackers.

Perform a free automated WordPress security test by filling out the form below. Our scanning system examines your website in a non-intrusive manner and delivers a report to your email address detailing the security related information found.

An active scanner option is available that utilizes the wpscan scanner. This tool attempts to access known plugin URL’s in an attempt to enumerate all plugins on the system. Using this technique can find vulnerable plugins that are installed but not active as well as many other potential security vulnerabilities and configuration errors.
Enter target as the full path to the wordpress installation:

http://www.mysite.com/pathtowordpress/

Online WordPress Security Scan for the analysis of a WordPress CMS; includes checks for application security, wordpress plugins, hosting and web server.

This scanner has two options available, the first is a passive scan that downloads a few pages from the website and performs analysis on the raw HTML code. The second option is a more intrusive scan that attempts to enumerate plugins and users, this uses the open source security tool wpscan.

To use the Active scan mode you must have permission to scan the web site. The wpscan test will send over 2000 requests to your web server and can set off alarms.

Enter the URI of the WordPress installation to test.

Initiate the WordPress Security Scanner by completing the form

Enter details to begin a scan of your target web site URI.
Members can perform an active scan to detect plugins, vulnerabilities and users.










captcha







Get serious with WordPress management with these quality books


About the WordPress Security Scan

This security scan is not an in depth audit of the WordPress installation. It is a passive analysis that uses regular web requests to download a handful of pages from the target site and then performs some analysis on the resulting html.

Checks include:

  • WordPress Version Check
  • Site Reputation from Google, Norton and MyWot
  • Default admin account enabled
  • Directory Indexing on plugins
  • htaccess readable
  • robots.txt present
  • Sites Externally linked from main page (reputation checks)
  • WordPress Plugins that are detected passively and versions against latest versions.
  • Javascript linked
  • iframes present
  • internal site links
  • Hosting Reputation and Geolocation information
  • IP address sharing and reputation of sites sharing the IP address


Additional checks when using the WPScan Active Scanner:

  • Brute force installed plug-ins (over 2200 in current database)
  • Enumerate usernames
  • Test for vulnerable tim thumb files

Recommended service for WordPress Malware Monitoring and Cleanup

Recommended WordPress theme provider – Free and Professional themes available