Page cover

WPScan

WPScan is a free, open-source security tool designed for WordPress, used primarily to identify security vulnerabilities. It is well-suited for black box testing and offers comprehensive scanning capabilities.

Key Features:

  • Scans for vulnerabilities in WordPress core, plugins, and themes.

  • Enumerates users, plugins, themes, and weak passwords.

  • Integrates with the WPScan Vulnerability Database.

Command-Line Examples:

  • Scan for Vulnerabilities:

    wpscan --url example.com
  • Enumerate Users:

    wpscan --url example.com --enumerate u
  • Brute Force Password Attack:

    wpscan --url example.com --passwords /path/to/passwords.txt --usernames admin
  • Check for Vulnerable Plugins:

    wpscan --url example.com --enumerate vp

Regular scanning with WPScan is recommended as part of a robust WordPress security strategy.

Last updated