Wpscan: Cease Feeling Vulnerable Nearly Wordpress

September 07, 2018 Add Comment Edit

Introduction

WordPress is the most pop content administration organization (CMS) on the planet today. You tin customize the await as well as experience of a WordPress website using third-party themes. If y'all desire a functionality non offered yesteryear the WordPress core, y'all volition most probable discover a third-party plugin that satisfies your requirement. With the plethora of themes as well as plugins comes a major challenge inwards assuring their quality. Intruders tin potentially exploit the vulnerabilities inwards poorly designed themes as well as plugins to gain unauthorized access to a WordPress website.

WPScan is a WordPress vulnerability scanner that is costless for non-commerical use. It scans your WordPress website as well as reveals whatsoever known vulnerabilities inwards the installed plugins as well as themes.

The residuum of this post explains how to install as well as run WPScan.

Installation

WPScan comes pre-installed on solely a handful of lesser-known Linux distributions. If y'all run Debian, Ubuntu, Centos or Fedora, y'all must download the WPScan origin as well as attain it yourself. Because WPScan is written inwards Ruby, to attain WPScan, y'all take away to install the Ruby evolution environment.

Your starting fourth dimension determination is to conduct a motorcar on which to attain WPScan. This is the motorcar y'all usage to launch WPScan later. Note that y'all tin (and should) run WPScan on a dissimilar motorcar than the WordPress host. The examples inwards this post are based on a Debian 8.2 machine, aka Jessie.

Your adjacent determination is how y'all volition install the Ruby evolution environment, including the supporting evolution libraries. The WPScan website outlines ii ways to install the necessary evolution surround on a Debian server: the Debian bundle administration organization as well as the Ruby Version Manager(RVM).

RVM is the WPScan-recommended method. It allows y'all to install multiple, self-contained Ruby environments on the same system. RVM puts a dedicated Ruby surround nether your Home directory (e.g., /home/peter/.rvm). You tin discover the RVM physical care for on the WPScan habitation page. I've followed the steps, as well as it works every bit advertised.

I opted instead for the Debian bundle manager method because it is a shorter physical care for as well as I did non take away the versatility (and the complexity) that RVM offers.

Below are the steps to install WPScan using the Debian bundle manager. The physical care for is largely based on what is on the WPScan habitation page. I've added a duet of missing packages that are truly required.

  1. Update your Debian repository.

    $ sudo apt-get update

  2. Install the supporting evolution packages.

    $ sudo apt-get install git brand gcc ruby ruby-dev libcurl4-openssl-dev zlib1g-dev

  3. Download the WPScan source.

    $ cd; git clone https://github.com/wpscanteam/wpscan.git

  4. Install WPScan.

    $ cd wpscan
    $ sudo jewel install bundler
    $ bundle install --without attempt --path vendor/bundle

Operation

The WPScan evolution squad maintains a WordPress vulnerability database. Before y'all scan your WordPress website, y'all should starting fourth dimension update the local re-create of the vulnerability database every bit follows:

$ cd $HOME/wpscan
$ ruby wpscan.rb --update

To scan a WordPress website for vulnerabilities, usage the next full general WPScan ascendency sequence.

$ cd $HOME/wpscan
$ ruby wpscan.rb --url http://yourWP.com --enumerate <options>

Notes:

  • The --url parameter specifies which WordPress website to scan.

  • The --enumerate parameter specifies which WordPress components to scan for vulnerabilities. I usage the next options:
    * vp: Scan solely vulnerable plugins.
    * vt: Scan solely vulnerable themes.
    * u: Scan users.
    * tt: Scan timthumbs.
    You tin combine multiple options amongst separating commas.
    For example, --enumerate vp,vt,u

  • For farther on-line help, run this command:

    $ ruby wpscan.rb --help

Results Analysis

I invoked WPScan to scan the WordPress website deployed on my desktop (localhost). The study is displayed below. Note that the output has been abbreviated inwards gild to better its overall readability.

WPScan managed to find:

  1. 3 vulnerabilities inwards the WordPress core.

    Those vulnerabilities were fixed inwards the most late released version of WordPress.

  2. 1 vulnerability inwards the WP Super Cache plugin.

    Again, the vulnerability was fixed inwards the most late released version of the plugin.

  3. No known vulnerability inwards the installed themes.

 $ ruby wpscan.rb --url localhost --enumerate vp,vt   --- [+] WordPress version 4.3 identified from meta generator     [!] iii vulnerabilities identified from the version publish      [!] Title: WordPress <= 4.3-Authenticated Shortcode Tags Cross-Site Scripting (XSS)         Reference: https://wpvulndb.com/vulnerabilities/8186     [i] Fixed in: 4.3.1      [!] Title: WordPress <= 4.3-User List Table Cross-Site Scripting (XSS)         Reference: https://wpvulndb.com/vulnerabilities/8187     [i] Fixed in: 4.3.1      [!] Title: WordPress <= 4.3-Publish Post as well as Mark every bit Sticky Permission Issue         Reference: https://wpvulndb.com/vulnerabilities/8188     [i] Fixed in: 4.3.1       --- [+] Enumerating installed plugins (only ones amongst known vulnerabilities)...    [+] We industrial plant life 1 plugins:    [+] Name: wp-super-cache - v1.4.4   [!] The version is out of date, the latest version is 1.4.6    [!] Title: WP Super Cache <= 1.4.4 - Cross-Site Scripting (XSS)       Reference: https://wpvulndb.com/vulnerabilities/8197   [i] Fixed in: 1.4.5    [+] Enumerating installed themes (only ones amongst known vulnerabilities)...   [+] No themes industrial plant life

Conclusion

WPScan is an of import tool inwards your defense strength against possible attacks on your WordPress websites. It is recommended that y'all schedule WPScan to run regularly to notice known WordPress vulnerabilities. Yet, running WPScan is solely one-half of your job. You rest vulnerable until y'all while the vulnerabilities.

In general, the WordPress community fixes most known vulnerabilities as well as distributes the fixes speedily after the vulnerabilities are starting fourth dimension reported. It is of import that y'all proceed your WordPress substance as well as the third-party themes as well as plugins up-to-date. If your WordPress platform is up-to-date, WPScan volition most probable supply a attain clean report, as well as y'all tin halt feeling vulnerable virtually your WordPress website.

Below are my other posts on WordPress:

Berlangganan update artikel terbaru via email:

0 Response to "Wpscan: Cease Feeling Vulnerable Nearly Wordpress"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel