WordPress is the most popular online publishing platform, currently powering more than 26% of the web. There are approximately 76.5 million WordPress blogs. WordPress is an Open Source and anyone can start a blog or build a website in seconds without any technical knowledge. It is very easy to use. Secondly many WordPress Blogs are hacked everyday due to different vulnerabilities. WordPress websites are hacked due to known vulnerabilities in the Themes & Plugins being used by the website owners. WPScan is a tool specially made to check for the known WordPress vulnerabilities.
What Is WPScan
WPScan is a WordPress vulnerabilities scanner which is developed by WPScan Team. WPScan scans WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if any weak passwords, users, and security configuration issues are present. There is a database at WPVulnDB which is actually used to check for vulnerable software and the WPScan team maintains the ever-growing list of vulnerabilities there.
WPScan is very easy to use and the commands are also very easy. WPScan is built-in Kali Linux and we will be using it in Kali Linux. To launch WPScan Open Terminal & Write:
Scanning For Vulnerabilities
Now we will be pointing WPScan to out target website. By typing few commands WPScan will let us know whether there is any sort of Security Vulnerability and its risk too after that necessary countermeasures will be taken to secure our WordPress website. At first we will perform a quick scan on our target WordPress website and it will check for vulnerabilities and if found any will list it down. For Quick Scan type.
root@kali:~#wpscan -u https://example.com/
Where -u stands for the URL. Running the basic command above will perform a quick scan of the website to identify your active theme and basic security issues.
Scanning For Vulnerable Plugins
For scanning Plugins the command we used for quick scan will remain the same. The only addition will be ” –enumerate vp” where ‘v’ stand for ‘Vulnerable’ & ‘p’ for ‘Plugin’. So our final command will be.
root@kali:~#wpscan -u https://example.com/ --enumerate vp
This command will list down all the plugins being used on the target WordPress website and if any of the plugin will be vulnerable you will see red exclamation icons and references above it. Such plugins should be updated ASAP or removed if are not in use.
Scanning For Vulnerable Themes
For scanning the command will remain the same the only addition will be of ‘t’ and the final command will look like.
root@kali:~#wpscan -u https://example.com/ --enumerate vt
This command will list down all the themes being used and if any of it will be vulnerable red exclamation icon will be displayed and such theme should be changed or patched to prevent hack.
Scanning For Vulnerable Themes & Plugins Together
The previous both command are used to scan vulnerable plugins & themes separately. While we can scan for vulnerable plugins and themes together which will save out time. The command look like this for scanning plugins & themes together.
root@kali:~#wpscan -u https://example.com/ --enumerate vpt
This command will list down the vulnerable plugins and themes together.
Scanning For WordPress Username
Scanning for the accounts is known as username enumeration. When hackers know about the username it become very easy for them to perform a successful brute-force attack. After accessing the account they can takeover the control of the whole website.
To find out the login names of users on your WordPress website, we will use the ‘–enumerate u’ at the end of the command. So our final command will look like.
root@kali:~#wpscan -u https://example.com/ --enumerate u
It will not work in the case if FireWall is enabled or the WordPress Admin has installed any plugin which will stop the WPScan scanning.
Brute-Forcing User Account
WPScan performs Brute-Forcing attack on accounts. For this attack you will need to gather a WordList or PasswordList and will have to put in WPScan directory so that WPScan can easily use it. When you will have the WordList, simply add the ‘–wordlist’ argument along with the name of the wordlist file. You can also specify the number of threads to use at the same time to process the list. Depending on the length of the wordlist, it could take a lot of time or computer resources to complete. So our final command will look like.
root@kali:~#wpscan -u https://example.com/ --wordlist password.txt threads 50