Additional menu

Find WordPress Vulnerability with WPScan before Someone Hack

Find WordPress Vulnerability with WPScan before Someone Hack

Geek Flare Blog post is sponsored by Netsparker Web Application Security Scanner.

More than 2 million websites are powered by WordPress and holding number one position with 67% of market share in CMS world.

wordpress-market-share

Recent Vulnerability Report by Acunetix shows that around 8% of vulnerabilities found in websites are related to WordPress.

wordpress-vulnerability-stats

Do you perform web vulnerability scan regular to your website or blog? If you aren’t then you should!

WPScan vulnerability scanner sponsored by SUCURI helps you to identify the security-related problems on your WordPress website.

WPScan is not a plugin, so you need to use this either on UNIX flavor (Ubuntu, CentOS, Debian, Fedora, Mac OSX) or pre-installed Linux distributions like Kali Linux, BackBox Linux, Pentoo, SamuraiWTF, BlackArch.

WPScan is useful if your website is on a private network or Intranet where the Internet is not available.

If you are on Windows OS then sorry!

Let’s take a look at how to use WPScan on CentOS and Kali Linux to search the security vulnerabilities.

Using WPScan on CentOS

  • Login into CentOS with root and open Terminal
  • Install GIT & pre-requisites components using yum commands
# yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch rpm-build git
  • Clone the WPScan repository from git
# git clone https://github.com/wpscanteam/wpscan.git
  • It will create a new folder called “wpscan”. Go to wpscan folder
# cd wpscan
  • It’s time it install using the following command
# gem install bundler && bundle install --without test

This will take few seconds to install and once done; you are all set to perform the scan.

To run the scanner, you have to use ruby wpscan.rb with URL parameter. Let’s take few examples.

To check the plugin vulnerabilities

# ruby wpscan.rb --url geekflare.com --enumerate vp

To check the theme vulnerabilities

# ruby wpscan.rb --url geekflare.com --enumerate vt

Using WPScan on Kali Linux

The beauty of using Kali Linux is you don’t have to install anything. WPScan is pre-installed.

Let’s find out how to run the scanner.

  • Login into Kali Linux with root and open Terminal
  • Run the scan using wpscan command
# ruby wpscan.rb --url www.example.com --enumerate

Above command will run all the available tools. You may also refer official site for more information.

Hosting your site on shared hosting and can’t install WPScan, don’t worry. Test your site with these online tools.

I hope this helps you to find a security flaw in your WordPress site. To add complete and continuous security to your site, you may consider using SUCURI WAF.

Reader Interactions

Chandan Kumar
About Chandan
Chandan Kumar is the founder of Geek Flare. Learn more here and connect with him on Twitter.

Comments

  1. Wps scan not working
    Its just show [ERROR] Function ‘getdtablesize’ not found in [libc.so]
    Plz help me

Leave a Reply

Your email address will not be published. Required fields are marked *

41 Shares
Share
Tweet
Stumble
Share