How to scan WordPress Websites With WPScan For Security Vulnerabilities

31/03/202328/08/2024

Temitope Odemo No Comments

WPScan-Banner

WordPress is a free Content Management System that you can easily use to quickly develop world-class websites. Over 60% of websites online were built with WordPress. In this article, you will learn how to scan WordPress Websites With WPScan For Security Vulnerabilities. Please see these interesting guides: WordPress site on Azure: How to create a website hosted in Azure, “Deploy WordPress on Azure App Service: How to install MySQL“, and how to Disable Touchpad on Windows 11.

However, current reports suggest that WordPress websites contain themes and plugins with security vulnerabilities. So, there is a need to discover where the vulnerability is and to quickly remediate it. Here is a YouTube Video showing these steps.

WPScan is a free tool that can scan your WordPress website and easily help to identify all the security issues on the site. Follow the steps below to scan WordPress Websites With WPScan For Security Vulnerabilities.

If you want to read more on WordPress check these: How To Fix WordPress error “The Link You Followed Has Expired”, How to Install and Configure WordPress on Your Windows Computer Using WAMP SERVER,

1. Using WPScan scan WordPress Websites on Kali OS

Launch your Kali system, search, and open wpscan, but in case you cannot find it use the following command to install wpscan on kali.

apt install wpscan -y

WPScan-on-Kali

Paste this command wpscan --url https://yourwordpresssite.com

WPScan-Process

The scan will display your confidence level and inform you of the area that is vulnerable and will need urgent attention.

Please see how to Install and Setup WordPress into a cPanel and Configure Your First WordPress Theme, how to Integrate a WordPress site with WP Telegram, how to fix WordPress error: There has been a critical error on this website, please check your site admin email inbox for instructions.

2. Using WPScan on Docker

Firstly, install docker and the package, launch Docker, and insert the following command that will Pull the WPScan docker image.

docker pull wpscanteam/wpscan

Pulling-WPScan-Docker-Image

Once the image is pulled successfully you will see it on the local image section of the Docker Desktop.

WPScan-Image-Pulled-Successfully

3. Running the WPScan docker command

Secondly, Once the image is pulled, run the following command:

docker run -it --rm wpscanteam/wpscan --url https://yourwordpresssite.com

WPScanning-on-Docker

Just like the WPScan on Kali, the WPScan on the Docker will also display confidence level and inform you of the area that is vulnerable and will need urgent attention.

Please see How to perform vulnerability scan on Microsoft SQL Server, How to get lists of installed Microsoft Windows Updates, and how to fix [MAILX ERROR: STATUS=BOUNCED] Fixing Mailx error when sending emails from Command line.

I hope you found this blog post How To Scan WordPress websites With WPScan For Security Vulnerabilities Interesting and helpful. In case you have any questions do not hesitate to ask in the comment section.

5/5 - (1 vote)

Security | Vulnerability Scans and Assessment docker, IMAGE, scan, security, vulnerability

Leave a Reply Cancel reply

You must be logged in to post a comment.