WordPress is the favorite Content Management System(CMS). 30% of websites around the world are powered by WordPress. It is simple and easy to use. We can create our beautiful website with less effort. However, WordPress doesn’t consider as much secure as it should be. Securing and understanding the flaws of a WordPress website is a task often overlooked by website owners. However, with a handy tool called WPScan, entrepreneurs and web developers can easily evaluate their installation’s security and keep their prized website safer.
WPScan is a black box vulnerability scanner. Written in the Ruby programming language, WPScan helps detect problems with security configurations, themes, plugins, and user permissions. On Kali, Pentoo, and Samurai WTF WPScan is pre-installed. But the application can easily be installed on a Linux machine such as Ubuntu, Fedora, and Debian
Before we started looking at examples, I thought we should get a better understanding of the benefits and features of WPScan. Creating a modern WordPress website, in most cases, involves trying out a few themes and installing a series of plugins to enhance your website’s functionality. Once you get the hang of it, it becomes second nature and you will often find yourself with more themes and plugins than you need. However, uploading all that software can leave your website vulnerable, especially when updates are ignored, and when the software does not come from reliable sources to begin with. When WPScan performs a scan, the application will make a list of all your themes and plugins, evaluate their version number and then check if there are any known vulnerabilities present.
Beyond providing crucial information about your WordPress version, themes, and plugins, WPScan can also compile a list of users. Which we can then test to see if anyone is using a weak password. And the beauty of the application is that also this information can be acquired remotely without having administrator access!
To run a simple scan, use the following command:
wpscan —url www.example.com -r
Running a basic scan will reveal plenty of useful information about the installation. Vulnerabilities are highlighted in red.
User Enumeration
The idea is to collect a list of valid usernames. Once we have a list of usernames, we can test to see if anyone of our users is using a weak password.WPScan iterates through user ids by appending them to your site’s URL. For example, www.yourwebsite.com/?author=1, adding 2, and 3 etc… in the URL, will reveal the user’s login id.
wpscan —url www.example.com —enumerate u
Plugin Enumeration
Most WordPress websites have plenty of plugins installed. In many cases, more than needed. If you want to find which plugins are running on the site, use the following command:
wpscan —url www.example.com —enumerate p
Theme Enumeration
A WordPress website comes with many default themes and often webmasters like to experiment with their website’s design by installing a few more themes from trusted and untrusted sources. Like the plugin command, we can compile a list of themes like this:
As you can see WPscan is a great tool to evaluate the overall security of your WordPress installation and patch security weaknesses before they are exploited by a hacker.
Moving forward to keep your WordPress website safe you should try to:
- Stay up to date.
- Keep your themes and plugins up to date.
- Delete unnecessary themes and plugins (especially if they have not been updated in a while).
- Delete the default admin user.
- Naturally, use strong passwords.
- Configure a security plugin to limit login attempts and thwart away malicious requests.
- Host with a reliable company!
On a positive note, the overwhelming majority of raids on sites are made by automated bots. So, in many cases, it’s not a person who enters your site and spends many hours trying to break it, but rather, software that is surfing the net looking for vulnerable websites. So if your website is carefully set up and well configured, you should have no problem!
References & Images : https://torquemag.io
