Using WPScan to find WordPress vulnerabilities on your website

December 3, 2019

WPScan is an open source WordPress security scanner. You can use it to scan your WordPress website for known vulnerabilities within the WordPress core, as well as popular WordPress plugins and themes.

Since it is a WordPress black box scanner, it mimics a real attacker. This means it does not rely on any sort of access to your WordPress dashboard or source code to conduct the tests. In other words, if WPScan can find a vulnerability in your WordPress website, so can an attacker.

WPScan uses the vulnerability database called wpvulndb.com to check the target for known vulnerabilities. The team which develops WPScan maintains this database. It has an ever-growing list of WordPress core, plugins and themes vulnerabilities.

using-wpscan-to-find-wordpress-vulnerabilities-on-your-website Theme Builder Layout

Getting started with WPScan security scanner

WPScan is a Ruby application. You can run WPScan on Linux and macOS by installing the Ruby gem. You can also run it by cloning the WPScan Github repository.

The quickest way to get started with WPScan is to install the WPScan plugin on your WordPress website. You can also use a ready-made Docker image. If you’ve never used Docker and you do not want to install the plugin, you can find WPScan installed on free penetration-testing focused Linux distributions such as Pentoo and Kali linux.

WPScan WordPress security scanner features

WordPress enumeration scans

Enumeration attacks involve an attacker trying to either guess or confirm that something they are targeting exists on the target system. For instance, WordPress user enumeration is a process by which an attacker tries to detect which users exist on a website. While this in itself may not be a serious vulnerability, an attacker may be able to use this information as part of a larger attack.

As a black box scanner WPScan does not have access to source code. It uses enumeration techniques just like a real attacker would to find information about a WordPress target. Some of the most commonly enumeration scans that WPScan does during a scan are:

  • Detecting the versions of WordPress core, plugins and themes,
  • Checks for publicly accessible wp-config.php backups, or other database exports,
  • Enumeration of WordPress users.

WordPress username enumeration and weak password cracking (aka brute force attack)

As already discussed, WPScan can enumerate WordPress users as part of its enumeration features. However, WPScan can also go one step further by attempting to crack weak passwords.

This is useful to do in order to audit your WordPress website for weak credentials. Password cracking is achieved by passing WPScan a password dictionary of your choice. We are using a subset of the rockyou.txt dictionary in the example below.

using-wpscan-to-find-wordpress-vulnerabilities-on-your-website-1 Theme Builder Layout

WordPress theme and plugin vulnerability detection

WPScan can not only enumerate the versions of themes and plugins running on a WordPress site, but it can also check those theme and plugin versions against the massive wpvulndb.com WordPress vulnerability database.

Additionally, WPScan will also let you know if the version of WordPress you are running contains security vulnerabilities, in which case you would need to upgrade to the latest version of WordPress.

using-wpscan-to-find-wordpress-vulnerabilities-on-your-website-2 Theme Builder Layout

Beyond WordPress security scanners

Frequently running WPScan or other WordPress security scanners to make sure you’re not running vulnerable plugins and themes is a great way to make sure you keep your WordPress secure. If you install the WPScan plugin it will scan your website automatically, daily.  However, running WPScan alone is not enough. The following are some other security domains to shore-up on:

Source

Share this article:
 




eHost-square-ad Theme Builder Layout

We’re listening.

Have something to say about this article? Share it with us on Facebook, Twitter or LinkedIn:

SHARE IT HERE:

Related Posts

best-practices-for-managing-wordpress-activity-log-data Theme Builder Layout

Best practices for managing WordPress activity log data

The data stored in the WordPress activity log is sensitive and confidential. So should you back it up? Should you archive it and keep it secure?Many compliance regulations stipulate who can access such data, and how such data should be stored, secured and backed up....

how-to-remove-malicious-redirects-from-your-site Theme Builder Layout

How To Remove Malicious Redirects From Your Site?

Is your WordPress website maliciously redirecting your users to unknown websites like ones that sell medical products? Chances are you’ve been hacked.Visitors could also be redirected to unsecured sites that host adult content, sell counterfeit products, or try to...

how-to-detect-the-bt-wordpress-hack Theme Builder Layout

How to Detect the .bt WordPress Hack

Just recently we cleaned a WordPress site which was apparently hacked many years ago. The hack was still active and our client was lucky that we found it since he asked us to host the site for him(we’ll talk about this added service in a new blog post). Every time we...

Get ALL Your SEO, WordPress & Divi News

Join Our Daily Roundup

SEO News and More

SEO News and More

Subscribe ToThe Weekly SEO Trade News Updates

Get the latest SEO, SEM and SMM marketing intel, tips and tricks from one of the best SEO Gurus online. 

Every Tuesday morning we send out an aggregated email listing all new posts on SEO Trade News.

Excellent! Now check your email to confirm your subscription.