Sample Report

This is the URL of the WordPress installation that will be scanned for vulnerabilities.
All urls must start with http or https.


About the WordPress Vulnerability Scanner

Finds security weaknesses in the target WordPress website using the well known WPScan tool.

This is a black-box vulnerability scanner which performs multiple tests to identify security weaknesses in the target WordPress website. The scan is performed remotely, without authentication and it simulates an external attacker who tries to penetrate the target website.

List of tests performed

Here is the complete list of tests performed by WPScan:
Fingerprint the installed WordPress version
Show the vulnerabilities for the running Wordpress version
Enumerate the installed plugins and their versions
Show the vulnerabilities for the identified plugins
Enumerate the installed themes and their versions
Show the vulnerabilities for the identified themes
Enumerate the WordPress users


Parameters

  • Target URL: This is the url of the WordPress website that will be scanned. All urls must start with http or https.
    Don't forget to specify the complete path to the base directory of the WordPress installation. Ex. http://targetwp.com/blog/

How it works

The scanner connects to the target WordPress website and does a series of passive checks to identify the WordPress version, plugins, themes and users.

By analyzing the HTML source code and the HTTP headers, WPScan manages to extract all the necessary information to perform the assessment. The vulnerabilities presented are determined based on the specific versions of Wordpress or plugins/themes that have been identified.

The tool has also a database of WordPress vulnerabilities which is maintained and updated periodically.


How WordPress sites get hacked?

Since WordPress is a widely used platform, it often becomes a target for hackers. Their attacks are facilitated by the high number of outdated WordPress installations and outdated plugins and themes. These old versions of WordPress components contain vulnerabilities and security weaknesses that can be exploited.

A WordPress hack often starts by identifying which version of WordPress is running and what are the installed plugins and themes. The next step is to fingerprint the running versions of those components and to search for public vulnerabilities affecting them. A lot of public exploits are also available online.

For instance, a well known WordPress plugin called Revolution Slider is affected by multiple high risk vulnerabilities in some of its older versions.


These hacks can be prevented by periodically scanning the WordPress installation using a tool such as our WordPress vulnerability scanner and identifying vulnerable components. These must be updated and the WordPress installation becomes a secure and trustful.

×