WordPress Security
If you are using WordPress for blogging or running your business, you may installed plugins to enhance the functions and features of your site. A few of these plugins might be dangerous for your site because it will make your site vulnerable to attack. The main question here is: how will you identify these plugins and which are posing a threat for your website?
You can use WPScan to determine the vulnerable plugins which are present in your WordPress site. When you use WPScan, you get an outline of the website similar to the site that the attacker will see. By seeing this outline, you can come to know about the security loopholes present in the WordPress site.
How to download and install WPScan?
It is important to know whether WPScan will work on your system. WPScan does not work on Windows systems; you will need a Linux or OSZ system to use WPScan for scanning your site. If you only have a Windows system in your possession, then you should download Virtualbox where you can install Linux distro to use WPScan that way.
To use WPScan, you have to install the git package. You can install the packages by giving the following command.
$ sudo apt-get install git
Wait for the installation process of git to be completed. After this, you have to install the dependencies for WPScan. You can do that by giving the command below.
$sudo apt-get install libcur14-gnutls-dev libopenssl-ruby libxmk2 libxm12-dv libxskt10dev ruby-dev ruby1.9.3
After the dependencies are installed, you need to clone the available package of WPScan from github to move ahead. You can do that by giving the following command.
git clone https://github.com/wpscanteam/wpscan.git
This command will create a new WPScan directory. You can install the required ruby gems in the directory through blunder. To do that, you have to enter the following command.
$ cd wpscan
$ sudo gem install bundler && bundle installs –without test development
The command mentioned above will finally install the WPScan in your system. All you need to do now is to learn how to use WPScan for detecting vulnerable plugins. WPScan scans the following things for looking at the security loopholes in your site:
- Plugins
- Themes
- Users
- Timthumb installations
How to enumerate plugins.
You can enumerate plugins with the below command.
$ ruby wpscan.rb –url http(s)://www.yoursiteurl.com- - enumerate p
Basically, in this command, you will have to use the ‘- -enumerate p-‘ argument.
To see the vulnerable plugins present on your website, you have to enter the command below.
$ ruby wpscan.rb - - url http(s)://www.yoursiteurl.com - -enumerate vp
If the plugin is vulnerable to attack, it will be mentioned in the ‘parameter’ part of the output.
An output example is given below to show you how to analyze the output result of the WPScan.
Title: Audio Player – player.swf playerID Parameter XSS
According to this output result, the audio-player plugin is a threat to your website as it is vulnerable to the XSS attack. When WPScan says that a plugin is vulnerable, you should test that plugin yourself to confirm whether it is definitively true. If it is true, contact the developer to ask for another available patch for it.
How to enumerate themes?
Enumerating themes is similar to enumerating plugins; the only difference is that you need to use the ‘- -enumerate t’ argument.
You can enumerate themes by executing the following command.
ruby wpscan.rb –url http(s)://www.yoursiteurl.com- - enumerate t
To see the vulnerable themes present in your website, you have to enter the command below.
ruby wpscan.rb - - url http(s)://www.yoursiteurl.com - -enumerate vt
If the plugin is vulnerable to attack, the same will be mentioned in the ‘parameter’ part of the output.
An output example is given below to show you how to analyze the output result of the WPScan.
Name : rockstar |Location: http://********.com/wp-content/themes/rockstar/ |Style URL: http://********.com/wp-content/themes/rockstar/style.css |Description: | |*Title: WooThemes WooFramework Remote Unauthenticated Shortcode Execution |*Reference: https://gist.github.com/2523147
The above output indicates that the ‘rockstar’ theme is not safe for your website as it is vulnerable to remote unauthenticated shortcode execution. This means that anyone can execute shortcode on that site without giving any proof that they are a valid user of the website.
How to enumerate users.
Enumerating users is particularly useful as it is something that is usually carried out by the attackers to gain the list of the users of the website in order to prepare for a brute-force attack. You can enumerate the users by giving the following command.
ruby wpscan.rb - - url http(s) ://www.yoursiteurl.com - - enumerate u
By giving the command as mentioned above, you will discover who the vulnerable users of your website are.
How to enumerate timthumb.
Attackers like installations of timthumb on you website because it makes the site vulnerable to many attacks. For this reason, it is particularly critical to enumerate timthumb in order to check whether you have installed any vulnerable timthumb on your site. You can do that by running the following command as shown below.
ruby wpscan.rb - - url http(s) ://www.yoursiteurl.com - - enumerate tt
The output result of the command will again show you whether that particular timthumb is in the vulnerable state.
Like all other software and systems, WPScan also needs to be updated to work efficiently. You can update the WPScan by executing the following command.
ruby wpscan.rb - -update
Try to update WPScan at a regular intervals to be sure that your site is secure. Once you update WPScan, try scanning all plugins, themes, users, and timthumbs again to confirm that there is no new threat to your website. Please remember to create a back-up of the database of your site before scanning it in order to avoid unnecessary problems in the future.