Find WordPress Security Vulnerabilities with WPScan
WPScan is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites.
In this article, we’re going to install and use WPScan hacking tool. Let’s get started:
Table of Contents
WPScan comes pre-installed in Kali Linux. We can easily install WPScan on other distros. Run these commands to install WPScan:
sudo apt install patch build-essential zlib1g-dev liblzma-dev ruby-dev sudo gem install nokogiri sudo gem install wpscan # Or git clone https://github.com/wpscanteam/wpscan cd wpscan/ bundle install && rake install
Type this command to see all available options:
The output looks like:
Perform a scan of your website:
wpscan --url http://example.com --rua
--rua (random-user-agent) is used to randomly select the user agent.
Find vulnerable plugins & themes:
# plugins wpscan --url http://example.com --rua --enumerate ap # themes wpscan --url http://example.com --rua --enumerate at
Try to find users:
wpscan --url http://example.com --rua --enumerate u
Perform Brute-force attack: You can download password dictionaries from GitHub and can run attack.
Download password dictionaries:
sudo apt install wordlists ls /usr/share/wordlists/rockyou.txt.gz gzip -d rockyou.txt.gz ls -la /usr/share/wordlists/rockyou.txt
That’s it. Thanks for reading. ?
wpscan --url http://example.com --rua -P /usr/share/wordlists/rockyou.txt -U 'admin', 'admin2'
Preview may take a few seconds to load.
Below you will find some common used markdown syntax. For a deeper dive in Markdown check out this Cheat Sheet
Bold & Italic
Bold **double asterisks**
Three back ticks and then enter your code blocks here.
# This is a Heading 1
## This is a Heading 2
### This is a Heading 3
> type a greater than sign and start typing your quote.
You can add links by adding text inside of  and the link inside of (), like so:
To add a numbered list you can simply start with a number and a ., like so:
1. The first item in my list
For an unordered list, you can add a dash -, like so:
- The start of my list
You can add images by selecting the image icon, which will upload and add an image to the editor, or you can manually add the image by adding an exclamation !, followed by the alt text inside of , and the image URL inside of (), like so:
To add a divider you can add three dashes or three asterisks:
--- or ***