Tag Archives | wordpress

WordPress Security Testing with Nmap

With the popularity of WordPress as a publishing platform, security testing is an important part of ensuring the installation is secure. Nmap has a couple of NSE scripts specifically for the testing of WordPress installations. Using those scripts as a base I have developed a couple more that expand the capabilities of using Nmap to […]

Continue Reading

WordPress Statistics for the Top 500K Sites

The following WordPress statistics were compiled after downloading the main page of the top 500 thousand sites on the Internet according to Alexa. Statistics were generated after identifying WordPress sites through discovery of /wp-content/plugins/ and / or /wp-content/themes/ in the HTML source of the page. 104684 / 500K = 20.9%sites were found to be running […]

Continue Reading

WordPress User Enumeration

A common technique to reveal the usernames of a WordPress based site can be undertaken with this simple bash one liner. In many WordPress installations it is possible to enumerate usernames through the author archives, (usually ID:1). This is not a new trick and is available in a number of WordPress Security Testing tools. Here […]

Continue Reading

Top WordPress sites vulnerable 6 wks after plugin patch released

In this brief analysis I look at whether plugin security updates are being applied to the most popular WordPress based sites. Everyone knows WordPress is an incredibly popular platform for not only traditional blogs but also increasingly as a full blown content management system (CMS). This popularity combined with a makes it a popular target […]

Continue Reading

There are no WordPress Timthumb Hackers in Mongolia

What is Timthumb? Back in August 2011 a serious vulnerability was found in many popular WordPress themes and Plugins. The code that enabled automatic thumbnail creation when publishing with the WordPress content management system. While not a part of the WordPress core, the code had been reused by many developers including both commercial and free […]

Continue Reading

100K Top WordPress Powered Sites

This list of the top 100K high traffic WordPress powered sites has been compiled as part of our analysis of the Alexa Top 1 million ranked sites. Using a similar methodology as we did for the most popular WordPress themes analysis, this list has been compiled by looking for the presence of in the source […]

Continue Reading

SEO Showdown: WordPress SEO vs All in One SEO

As part of the on going analysis of the top websites in the world we are looking here at the two most talked about WordPress Search Engine Optimization plugins. All in One SEO is the number 1 most downloaded Search Engine Optimization plugin for WordPress, while the upcoming WordPress SEO by Yoast, is perhaps the […]

Continue Reading

Woothemes Framework Update Analysis

In this post I examine the fact that only 31% of Wootheme based sites in the top 1 million are running the latest version of the Wootheme Framework. WordPress themes are an important part of the security checklist when maintaining your WordPress installation. On 29th April 2012, an exploit was released for the Woothemes Framework. […]

Continue Reading

WordPress themes in top 1 million websites

WordPress themes have been extracted from our latest analysis of the worlds top 1 million websites (by alexa rank). Digging into the data shows interesting trends in the WordPress content management space, and can also provide insight into security vulnerabilities. Third party wordpress components that include plugins and themes can introduce exploitable security issues. Top […]

Continue Reading

Top 100K Sites WordPress Usage Infographic

WordPress.org have a post up detailing the “state of the word”. Around the same time we have been putting a wordpress infographic that highlights some of the findings from our analysis of wordpress usage among the top 100K sites (as rated by Alexa). WordPress Usage in the Top 100K Infographic

Continue Reading