What do you use to check the security of your wordpress?
As everyone knows, WordPress is the leader of CMS, which is why it is also the most constantly attacked for vulnerabilities. There are many security plugins to prevent your website from being compromised, there are plugins of all kinds, from free, free that have all its features but with a delay of 30 days in the main features and free up to date but with basic functionality in addition to the premium. If you do not have to invest in premium plugins I recommend the free one with basic features rather than a complete one with 30 days delay, because 30 days is a long time.
But have you ever tried how secure is your WordPress? For this there are many ways, today we bring you WPScan a very simple way for everyone with a database of vulnerabilities with constant updates and an API that will allow us 50 requests per day for free.
It also has a plugin for wordpress which we will not talk about but you can try, where the free version also allows 50 API requests per day with monthly notification by mail if it detects any, which as I say find out days after .... you can see the plans on their website.
Here we are going to see how to launch it from our machine, for this we have installed a WordPress with a vulnerability due to the Contact Form 7 plugin, which we will scan with this tool after installation.
The first thing is to install ruby since it is programmed in ruby.
The installation is very simple. Once installed we will see the help by typing
wpscan --hh
We already have the tool installed, now we will check our WordPress with vulnerability in Contact Form 7. In order to use the API you need to register at wpvulndb.com , where I recommend you also activate the checkbox "Receive a monthly digest for new vulnerabilities" to be up to date, we usually receive a few mails during the month.
Ok, we are supposed to have registered and have the API token, let's use the following basic command
And it will return us the vulnerabilities that have been in the different plugins by versions and which is the one that we have, in our case we have put the 5.0.3 of Contact Form 7 on purpose.
As we can see it tells us that the plugin is outdated and that we have version 5.0.3 with a privilege escalation vulnerability and its references.
If you take a look at the help you can see what else we can do, such as enumerate users, theme, plugins, the type of detection mixed,passive,aggressive, activate the verbose mode and even test brute force attacks with dictionaries.
Some example:
Scan vulnerable plugins in aggressive mode with verbose enabled.
Este sitio web utiliza cookies para mejorar su experiencia. Asumiremos que está de acuerdo con esto, pero puede optar por no participar si lo desea.Cookie SettingsAceptarRechazar
Privacidad & Cookies
Resumen de privacidad
Este sitio web utiliza cookies para mejorar su experiencia mientras navega por el sitio web. Fuera de estas cookies, las cookies que se clasifican como necesarias se almacenan en su navegador, ya que son esenciales para el funcionamiento de las funciones básicas del sitio web. También utilizamos cookies de terceros que nos ayudan a analizar y comprender cómo utiliza este sitio web. Estas cookies se almacenarán en su navegador solo con su consentimiento. También tiene la opción de optar por no recibir estas cookies. Sin embargo, la exclusión de algunas de estas cookies puede afectar su experiencia de navegación.
Las cookies necesarias son absolutamente esenciales para que el sitio web funcione correctamente. Esta categoría solo incluye cookies que garantizan funcionalidades básicas y características de seguridad del sitio web. Estas cookies no almacenan ninguna información personal.
No hay comentarios