Adding WPScan to Your WordPress Website

Adding WPScan to Your WordPress Website

Andy Holland

WordPress is one of the most commonly used and popular content management systems around the globe. It is used to power blogs, ecommerce sites websites and there are millions using this system. It powers nearly 30% of the internet, however, its popularity has also made it a popular target for hackers! To secure your website from hackers, you can use the handy WPScan which evaluates security and helps you keep your website safe.

More About WPScan

WPScan is simply just a black box vulnerability scanner. It can help you detect problems in your website’s security as uploading lots of software when creating your site can leave it quite exposed to hacking. This is particularly true if you’re ignoring updates or the software is not all the that reliable. When a scan is performed using WPScan, it will create a list of all themes and plugins on the site. It will then take a look at their version number and scan them for any known vulnerabilities. What’s more, it can also create a list of users and it can do all of this with no administrator access.

Setting Up WPScan

To set up WPScan, you will first need to install Git. This tool allows for simple admission for installation and updates to a code repository. You will then have to add a few prerequisites. The main brand of the WPScan code then must be cloned and this creates a folder on the system with a code. This will also you to use Git and launch it with Ruby.

Running a Scan with WPScan

Use the commence ‘ruby wpscan.rb – – url’ to run a scan. Some users may also want to use an HTTP proxy. This will ensure that your hosting provider doesn’t flag up your IP as suspicious. If you find that your scan is being blocked, there is a random user-agent feature that is built-in. You will find lots of helpful information after running a basic scan and any vulnerabilities will be highlighted in red. Once you have this information, you can then start digging deeper to resolve any problems.

User, Plugin and Theme Enumeration

With user enumeration, you can collect a list of valid usernames and then test how strong their passwords are. Run a brute force test to see which usernames are using weak passwords.

The majority of WordPress websites out there will use lots of plugins and you can scan these too to check their safety. There is a huge database within WPScan and it contains lots of known vulnerable plugins. Certain commands will highlight these vulnerable plugins and it can also list all of the past vulnerabilities and when each was fixed.

Finally, with WPScan you can also compile a list of the themes used in a WordPress site. Again, it will highlight any security issues with these plugins, allowing you to pick this up and update your security.

WPScan is a brilliant tool for evaluating the security of your WordPress website and can help you fend off any hackers! Let us know if you have used this system before and whether it helped you improve site security.