WordPress Security Scanner- WPscan

WordPress is among the best blogging platform, it is a open source and currently a lot of bloggers using it for their blogs. WordPress has a amazing features and has changed the way of blogging, just like other platform security is the main concern for wordpress. There are different tips for WordPress security are available on the Internet, let suppose you are implemented relevant tips to secure your blog but you must use some automatic tools to perform the security of your blog. 

There are different tools available to perform a quick penetration testing on web applications, beside these tools there is a new development to check the security of wordpress.


There are different holes has been found on wordpress plug in and on the installation bugs, WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations. Its intended use it to be for security professionals or WordPress administrators to asses the security posture of their WordPress installations.

Key Features
  • Password cracking
  • Enumeration (version, plug in, username)
  • Vulnerability enumeration  

Wpscan Tutorial
Wpscan has been written on ruby so you can use it on cross operating system like Linux, Windows and others, however it has been written and tested on backtrack 5 GNOME. You have to install some dependencies on the terminal type
sudo apt-get install libcurl4-gnutls-dev
sudo gem install –user-install typhoeus
sudo gem install –user-install xml-simple  
The usage is very simple

ruby wpscan.rb –url www.example.com
ruby wpscan.rb –url www.example.com –wordlist darkc0de.lst –threads 50

Video Tutorial of Wpscan



Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Security Against Hacks: A Simple Game of Economics

One of the cold hard truths behind cybersecurity is that it's impossible to prevent a hack 100% of the time. It only takes one...

Certain Things That You Must Know About Microsoft MS-500 Exam and Its Practice Tests

If you want to be a Microsoft 365 security administrator, then there would be a number of responsibilities that will fall on your shoulders,...

Quick Ways to Avoid Being Watched by the NSA’s PRISM Program

Big brother is on the watch online. Today, a week hardly passes without news of government spying, whistleblowers, cell phone hacking, or even private photos...

Android Post Exploitation: Exploit ADB using Ghost Framework in Kali Linux

This article is the part of Android Hacking tutorial; it covers step by step guide to exploit Android ADB to get the persistent connection...

LOOKING FOR HACKING RECIPES FORM THE PRO?

Then sign up for FREE to the ehacking’s exclusive group. You will get the exclusive tips/tricks, tutorials, webinars & courses that I ONLY share with my fellow on this exclusive newsletter.