WordPress is among the best blogging platform, it is a open source and currently a lot of bloggers using it for their blogs. WordPress has a amazing features and has changed the way of blogging, just like other platform security is the main concern for wordpress. There are different tips for WordPress security are available on the Internet, let suppose you are implemented relevant tips to secure your blog but you must use some automatic tools to perform the security of your blog.
There are different tools available to perform a quick penetration testing on web applications, beside these tools there is a new development to check the security of wordpress.
There are different holes has been found on wordpress plug in and on the installation bugs, WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations. Its intended use it to be for security professionals or WordPress administrators to asses the security posture of their WordPress installations.
- Password cracking
- Enumeration (version, plug in, username)
- Vulnerability enumeration
sudo apt-get install libcurl4-gnutls-dev
sudo gem install –user-install typhoeus
sudo gem install –user-install xml-simple
ruby wpscan.rb –url www.example.com
ruby wpscan.rb –url www.example.com –wordlist darkc0de.lst –threads 50