WordPress is huge! Some even estimate 30% of public websites run it in some way or another. In fact, you’re reading this on a WordPress page. Are all of these sites secure? No! Not at all. While the latest up to date version of WordPress is very likely to be secure (until someone finds a zero-day in it), there are millions of plugins out there that were written by seasoned developers and less experienced developers. Vulnerabilities are found in these plugins every single day and WPScan can help us scan these and show us whether or not vulnerabilities are present!
🙋♂️ What is WPScan?
The WPScan CLI tool is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites. The WPScan CLI tool uses our database of 23,381 WordPress vulnerabilities.https://wpscan.com/wordpress-security-scanner
So WPScan is a tool that scans a WordPress instance for vulnerabilities. But what kind of vulnerabilities are we talking about?
- WordPress version scanning
- Installed plugins scanning
- Installed themes scanning
- Username enumeration
- Password bruteforcing
- Searching for wp-config files
- Database dumps
- Exposed error logs
- Media file enumeration
- and much, much more!
👷♀️ Setting up WPScan
WPScan is Ruby based and can be installed using the following command:
gem install wpscan
However, do note that it is commonly already installed on pentesting Linux distributions.
🐱🏍 Our first scan
Check out the video below for an example of a scan!
WPScan is a powerful service to help you shed light on every WordPress vulnerability to be found.
If you would like to recommend a tool for us to cover next week, then be sure to let us know down below. Also be sure to check out all the previous Hacker Tools articles, such as the last one on ReNgine.
Did you know that there is a video accompanying this article? Check out the playlist!