I came across an interesting tool for us WordPress bloggers..WPScan from http://www.ethicalhack3r.co.uk/security/introducing-wpscan-wordpress-security-scanner/
WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations. Its intended use it to be for security professionals or WordPress administrators to asses the security posture of their WordPress installations. The code base is Open Source and licensed under the GPLv3.
Features include:
- Username enumeration (from ?author)
- Weak password cracking (multithreaded)
- Version enumeration (from generator meta tag)
- Vulnerability enumeration (based on version)
- Plugin enumeration (todo)
- Plugin vulnerability enumeration (based on version) (todo)
- Other miscellaneous checks
This may make a good addition to the excellent WP Security Scan plugin from Semper Fi Web Design. WP Security Scan does a great job of checking for common issues with WordPress installations. I’ve used this plugin since it was released.
Do you have a favorite WordPress security plugin, tool, tip?? Let us know.
–Chris
Leave a Reply