{"id":12848,"date":"2019-03-28T23:42:23","date_gmt":"2019-03-28T23:42:23","guid":{"rendered":"http:\/\/www.appservgrid.com\/paw92\/?p=12848"},"modified":"2019-03-28T23:42:23","modified_gmt":"2019-03-28T23:42:23","slug":"wpseku-a-vulnerability-scanner-to-find-security-issues-in-wordpress","status":"publish","type":"post","link":"https:\/\/www.appservgrid.com\/paw92\/index.php\/2019\/03\/28\/wpseku-a-vulnerability-scanner-to-find-security-issues-in-wordpress\/","title":{"rendered":"WPSeku \u2013 A Vulnerability Scanner to Find Security Issues in WordPress"},"content":{"rendered":"

WordPress is a free and open-source, highly customizable content management system (CMS) that is being used by millions around the world to run blogs and fully functional websites. Because it is the most used CMS out there, there are so many potential WordPress security issues\/vulnerabilities to be concerned about.<\/p>\n

However, these security issues can be dealt with, if we follow common WordPress security best practices. In this article, we will show you how to use\u00a0WPSeku<\/strong>, a WordPress vulnerability scanner in Linux, that can be used to find security holes in your WordPress installation and block potential threats.<\/p>\n

WPSeku<\/strong>\u00a0is a simple WordPress vulnerability scanner written using Python, it can be used to scan local and remote WordPress installations to find security issues.<\/p>\n

How to Install WPSeku \u2013 WordPress Vulnerability Scanner in Linux<\/h3>\n

To install\u00a0WPSeku<\/strong>\u00a0in Linux, you need to clone the most recent version of\u00a0WPSeku<\/strong>\u00a0from its Github repository as shown.<\/p>\n

$ cd ~\r\n$ git clone https:\/\/github.com\/m4ll0k\/WPSeku<\/pre>\n
Once you have obtained it, move into the\u00a0WPSeku<\/strong>\u00a0directory and run it as follows.<\/p>\n
$ cd WPSeku\r\n<\/pre>\n
Now run the\u00a0WPSeku<\/strong>\u00a0using the\u00a0-u<\/code>\u00a0option to specify your WordPress installation URL like this.<\/p>\n
$ .\/wpseku.py -u http:\/\/yourdomain.com \r\n<\/pre>\n
\n
\"WordPress<\/a><\/p>\n
WordPress Vulnerability Scanner<\/p>\n<\/div>\n
The command below will search for cross site scripting, local file inclusion, and SQL injection vulnerabilities in your WordPress plugins using the\u00a0-p<\/code>\u00a0option, you need to specify the location of plugins in the URL:<\/p>\n
$ .\/wpseku.py -u http:\/\/yourdomain.com\/wp-content\/plugins\/wp\/wp.php?id= -p [x,l,s]<\/pre>\n
The following command will execute a brute force password login and password login via XML-RPC using the option\u00a0-b<\/code>. Also, you can set a username and wordlist using the\u00a0--user<\/code>\u00a0and\u00a0--wordlist<\/code>\u00a0options respectively as shown below.<\/p>\n
$ .\/wpseku.py -u http:\/\/yourdomian.com --user username --wordlist wordlist.txt -b [l,x]   \r\n<\/pre>\n
To view all WPSeku usage options, type.<\/p>\n
$ .\/wpseku.py --help\r\n<\/pre>\n
\n
\"WPSeku<\/a><\/p>\n
WPSeku WordPress Vulnerability Scanner Help<\/p>\n<\/div>\n
WPSeku Github repository:\u00a0https:\/\/github.com\/m4ll0k\/WPSeku<\/a><\/p>\n
That\u2019s it! In this article, we showed you how to get and use WPSeku for WordPress vulnerability scanning in Linux. WordPress is secure but only if we follow WordPress security best practices. Do you have any thoughts to share? If yes, then use the comment section below.<\/p>\n
Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
WordPress is a free and open-source, highly customizable content management system (CMS) that is being used by millions around the world to run blogs and fully functional websites. Because it is the most used CMS out there, there are so many potential WordPress security issues\/vulnerabilities to be concerned about. However, these security issues can be … <\/p>\n
Continue reading “WPSeku \u2013 A Vulnerability Scanner to Find Security Issues in WordPress”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-12848","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/12848","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/comments?post=12848"}],"version-history":[{"count":1,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/12848\/revisions"}],"predecessor-version":[{"id":12849,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/12848\/revisions\/12849"}],"wp:attachment":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/media?parent=12848"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/categories?post=12848"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/tags?post=12848"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}