Security | Vulnerability Scans and Assessment

How to scan WordPress Websites With WPScan For Security Vulnerabilities


WordPress is a free Content Management System that you can easily use to quickly develop world-class websites. Over 60% of websites online were built with WordPress. But current reports suggest that WordPress websites contain themes and plugins with security vulnerabilities. So, there is a need to discover where the vulnerability is and to quickly remediate it. WPScan is a free tool that can scan your WordPress website and easily help to identify all the security issues on the site. In this post, I will be showing you how to scan WordPress websites using WPScan on Kali and Docker. In this article, you will learn how to scan WordPress Websites With WPScan For Security Vulnerabilities. Please see these interesting guides: WordPress site on Azure: How to create a website hosted in Azure, and Deploy WordPress on Azure App Service: How to install MySQL.

Follow the steps below to scan WordPress Websites With WPScan For Security Vulnerabilities. If you want to read more on WordPress check these: How To Fix WordPress error “The Link You Followed Has Expired”, How to Install and Configure WordPress on Your Windows Computer Using WAMP SERVER, How to Install and Setup WordPress into a cPanel and Configure Your First WordPress Theme, Integrate a WordPress site with WP Telegram, How to fix WordPress error: There has been a critical error on this website, please check your site admin email inbox for instructions.

1. Using WPScan scan WordPress Websites on Kali OS

Launch your Kali system, search, and open wpscan, but in case you cannot find it use the following command to install wpscan on kali.

apt install wpscan -y

Paste this command wpscan --url


The scan will display your confidence level and inform you of the area that is vulnerable and will need urgent attention.

2. Using WPScan on Docker

Firstly, install docker and the package, launch Docker, and insert the following command that will Pull the WPScan docker image.

docker pull wpscanteam/wpscan

Once the image is pulled successfully you will see it on the local image section of the Docker Desktop.


3. Running the WPScan docker command

Secondly, Once the image is pulled, run the following command:

docker run -it --rm wpscanteam/wpscan --url

Just like the WPScan on Kali, the WPScan on the Docker will also display confidence level and inform you of the area that is vulnerable and will need urgent attention.

Here is a Youtube video showing these steps as well. Please see How to perform vulnerability scan on Microsoft SQL Server, How to get lists of installed Microsoft Windows Updates, and how to fix [MAILX ERROR: STATUS=BOUNCED] Fixing Mailx error when sending emails from Command line.

I hope you found this blog post How To Scan WordPress websites With WPScan For Security Vulnerabilities Interesting and helpful. In case you have any questions do not hesitate to ask in the comment section.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x