Technofriends

[Wordpress] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog.

If you are someone who runs his website or blog on the Wordpress Platform, you need to be aware of the various vulnerabilities which might be attached with your website or blog as part of the Wordpress Platform. In this post, i will discuss about WP-Scanner, an interesting wordpress plugin which lets you identify the various vulnerabilities which are part of your website or Blog.

The WordPress Online Scanner will collect information about potential vulnerabilities found on your blog during the scanning process. To run wp-scanner, please download the wp-scanner activator plugin. Once downloaded, simply activate it launch the wp-scanner and then de-activate it once your done. De-activating the plugin is important, else, other people can also run the same scans on your blog and thereby identify the various security vulnerabilities associated with your blog or website.

Image: WP-Scanner Report

Here are the listed installation instructions for identifying Security Vulnerabilities on your Blog:

• Download the wp-scanner plugin here
• Unzip the plugin in your wp-content/plugin directory
• Enable the plugin from your wp-admin plugin menu
• Launch wp-scanner and run your test
• When done, please disable the plugin to prevent others scanning your blog.

If the you are unable to get the scan working, please manually add the <– wp-scanner –> html comment into your theme’s index.php file.

WordPress Scanner although in its infant phase, supports the following security checks:

• WordPress Version Check (currently supports 7 version checks). Future releases will include a file existence version check, for those blogs that have removed their version details.

• Tests the WordPress theme template for basic XSS vulnerabilities.

• Enumerates WordPress Plugins. Future releases will perform additional tests in this area.

You might also be interested in reading about Some notes on Ethical Hacking and Top 5 Security Peeve’s You Must Be Aware Of.

I would suggest the following tips for keeping your Wordpress Blog Secure:

1.) Always Keep Your Wordpress Installation Upgraded to the Latest Version.

2.) Always ensure that you modify the default passwords.

3.) Ensure that you prevent Directory Listing of your Themes and Plugins folder by putting up a blank index.html file.

4.) Ensure you have proper permissions for your Wordpress Folders. All folder permissions should be set to 755. Files should be set to 644.Files that you want to edit in the WordPress Theme editor should be 666. Never use 777 for WordPress permissions – you’re letting all users on the server do whatever they want with your site. On a shared or badly configured server, that can mean trouble.

5.) Limit Access to your Wordpress Admin area from specific IP Addresses. This involves modifying you .htaccess file.

What other tips do you propose?

You can follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Related posts:

1. Is Your Wordpress Theme Authentic and Secure?
2. [Security] WordPress Scanner Gets a MakeOver
3. [Wordpress] 10 Steps to a Secure WordPress Installation
4. [Wordpress Plugin] WPtouch makes your WordPress blog ready for iPhone, iPod & Android
5. [Security] Update Your Wordpress Blog To Wordpress 2.8.4 Now

This entry was posted on Monday, December 29th, 2008 at 5:41 pm and is filed under Wordpress, security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

19 Responses to “[Wordpress] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog.”

1. Daniel Craig on January 13th, 2009 at 6:29 am

   Hello, I was looking around for a while searching for web vulnerabilities and I happened upon this site and your post regarding ess] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog. | Technofriends, I will definitely this to my web vulnerabilities bookmarks!

2. Daniel Craig on January 29th, 2009 at 2:29 am

   Hello, I was looking around for a while searching for security online and I happened upon this site and your post regarding ess] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog. | Technofriends, I will definitely this to my security online bookmarks!

3. Daniel Craig on January 31st, 2009 at 6:29 am

   Hey, I was looking around for a while searching for network scanners and I happened upon this site and your post regarding ess] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog. | Technofriends, I will definitely this to my network scanners bookmarks!

4. [Security] WordPress Scanner Gets a MakeOver | Technofriends on February 3rd, 2009 at 5:03 pm

   [...] Wordpress Scanner (WP-Scan) which can be used to run security tests on your blog and figuring out various vulnerabilities has got a makeover. Previously, i mentioned about WP Scanner in my post [Wordpress] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog.  [...]

5. Daniel Craig on February 9th, 2009 at 10:29 am

   Hey, I was looking around for a while searching for security service and I happened upon this site and your post regarding ess] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog. | Technofriends, I will definitely this to my security service bookmarks!

6. Daniel Craig on February 26th, 2009 at 10:28 pm

   Hey, I was looking around for a while searching for vulnerabilities and I happened upon this site and your post regarding ess] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog. | Technofriends, I will definitely this to my vulnerabilities bookmarks!

7. Daniel Craig on March 7th, 2009 at 10:30 pm

   Hello, I was looking around for a while searching for network security system and I happened upon this site and your post regarding ess] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog. | Technofriends, I will definitely this to my network security system bookmarks!

8. Daniel Craig on March 22nd, 2009 at 2:29 pm

   Hey, I was looking around for a while searching for security guides and I happened upon this site and your post regarding ess] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog. | Technofriends, I will definitely this to my security guides bookmarks!

9. Daniel Craig on March 29th, 2009 at 2:29 am

   Hi there, I was looking around for a while searching for network vulnerabilities and I happened upon this site and your post regarding ess] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog. | Technofriends, I will definitely this to my network vulnerabilities bookmarks!

10. Daniel Craig on April 1st, 2009 at 1:29 am

    Hey, I was looking around for a while searching for network security scanner and I happened upon this site and your post regarding ess] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog. | Technofriends, I will definitely this to my network security scanner bookmarks!

11. Daniel Craig on April 1st, 2009 at 1:34 pm

    Hello, I was looking around for a while searching for mobile security and I happened upon this site and your post regarding ess] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog. | Technofriends, I will definitely this to my mobile security bookmarks!

12. Daniel Craig on April 1st, 2009 at 5:30 pm

    Hi, I was looking around for a while searching for network security issue and I happened upon this site and your post regarding ess] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog. | Technofriends, I will definitely this to my network security issue bookmarks!

13. Daniel Craig on April 2nd, 2009 at 10:05 pm

    Hey, I was looking around for a while searching for internet security 2 and I happened upon this site and your post regarding ess] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog. | Technofriends, I will definitely this to my internet security 2 bookmarks!

14. Daniel Craig on April 6th, 2009 at 5:29 am

    Hey, I was looking around for a while searching for security admin and I happened upon this site and your post regarding ess] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog. | Technofriends, I will definitely this to my security admin bookmarks!

15. Daniel Craig on April 7th, 2009 at 1:29 am

    Hey, I was looking around for a while searching for internet network security and I happened upon this site and your post regarding ess] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog. | Technofriends, I will definitely this to my internet network security bookmarks!

16. Daniel Craig on April 10th, 2009 at 9:29 am

    Hey, I was looking around for a while searching for security network info and I happened upon this site and your post regarding ess] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog. | Technofriends, I will definitely this to my security network info bookmarks!

17. Daniel Craig on April 12th, 2009 at 5:29 pm

    Hello, I was looking around for a while searching for security administrator and I happened upon this site and your post regarding ess] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog. | Technofriends, I will definitely this to my security administrator bookmarks!

18. Daniel Craig on April 27th, 2009 at 9:29 am

    Hi, I was looking around for a while searching for network security and I happened upon this site and your post regarding ess] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog. | Technofriends, I will definitely this to my network security bookmarks!

19. Daniel Craig on May 7th, 2009 at 5:29 am

    Hey, I was looking around for a while searching for network security model and I happened upon this site and your post regarding ess] WP-Scanner Lets You Know How Secure Is Your Wordpress Blog. | Technofriends, I will definitely this to my network security model bookmarks!

Leave a Reply