WPScan is a tool we can use to scan the WordPress websites for security flaws. It is free for non-commercial use. It is important to scan your WordPress website for vulnerabilities because we do not want to lose countless hours of work writing blog posts.
In this tutorial, we only need Kali Linux. WPScan is pre-installed in Kali.
Step 1: Update the local database.
Step 2: Scan a WordPress website
Replace the blog.tld with the desired domain name. Please ensure you have permission with the site owner before scanning their website.
wpscan --url blog.tld
If you encounter that error, you can try adding the –random-user-agent option.
#Using Random User Agent.
wpscan --url blog.tld --random-user-agent
#You can also try the stealthy option.
wpscan --stealthy --url blog.tld
We can see some information on the server, what version WordPress is currently running, plugins and more. This is important when doing reconnaissance since we need information like server info/plugins, and use that information to exploit vulnerable plugins or configurations.
You can use this command to enumerate all the username in the blog.
wpscan --url https://blog.tld/ --enumerate u
We can also limit the number of user WPScan will find.
wpscan --url https://blog.tld/ --enumerate u1-100
For more option, you can execute to see more options you can use.
Step 3: Anonymity with TOR
We can preserve our anonymity by installing tor and making it work with WPScan. First, we need to install and start TOR Service
sudo apt-get install tor
sudo service tor start
We need to use the –proxy option to allow us to use TOR with WPScann
wpscan --url blog.tld --proxy socks5://127.0.0.1:9050
Securing WordPress Website
There are tons of WordPress plugins which help improve our website security. We can use “Bulletproof Security Plugin” to scan our website for malware, restrict access for certain routes and monitor malicious user logins.