Scan Wordpress site Vulnerabilities using WPScan

July 14th, 2019 by cedcraftscodes

WPScan is a tool we can use to scan the WordPress websites for security flaws. It is free for non-commercial use. It is important to scan your WordPress website for vulnerabilities because we do not want to lose countless hours of work writing blog posts.

In this tutorial, we only need Kali Linux. WPScan is pre-installed in Kali.

Step 1: Update the local database.

wpscan --update

1	wpscan --update

Step 2: Scan a WordPress website

Replace the blog.tld with the desired domain name. Please ensure you have permission with the site owner before scanning their website.

wpscan --url blog.tld

1	wpscan --url blog.tld

If you encounter that error, you can try adding the –random-user-agent option.

#Using Random User Agent.
wpscan --url blog.tld --random-user-agent
#You can also try the stealthy option. 
wpscan --stealthy --url blog.tld

#Using Random User Agent.

wpscan --url blog.tld --random-user-agent

#You can also try the stealthy option.

wpscan --stealthy --url blog.tld

We can see some information on the server, what version WordPress is currently running, plugins and more. This is important when doing reconnaissance since we need information like server info/plugins, and use that information to exploit vulnerable plugins or configurations.

Enumerating Users

You can use this command to enumerate all the username in the blog.

wpscan --url https://blog.tld/ --enumerate u

1	wpscan --url https://blog.tld/ --enumerate u

We can also limit the number of user WPScan will find.

wpscan --url https://blog.tld/ --enumerate u1-100

1	wpscan --url https://blog.tld/ --enumerate u1-100

For more option, you can execute to see more options you can use.

man wpscan

1	man wpscan

Step 3: Anonymity with TOR

We can preserve our anonymity by installing tor and making it work with WPScan. First, we need to install and start TOR Service

sudo apt-get install tor

1	sudo apt-get install tor

sudo service tor start

1	sudo service tor start

We need to use the –proxy option to allow us to use TOR with WPScann

wpscan --url blog.tld --proxy socks5://127.0.0.1:9050

1	wpscan --url blog.tld --proxy socks5://127.0.0.1:9050

Securing WordPress Website

There are tons of WordPress plugins which help improve our website security. We can use “Bulletproof Security Plugin” to scan our website for malware, restrict access for certain routes and monitor malicious user logins.

Spread the love