Scan your Wordpress blog for vulnerabilities

Site owners should always be aware of the possibility that their blog gets compromised. This can be because of an old version of Wordpress that is installed or because of vulnerabilities in plugins or themes. It is relatively time consuming to check for updates and stay up to date to make it unlikely that someone would be able to hack your blog.

The online security script Wordpress Scanner is a great tool which can be used to scan your Wordpress blog for several vulnerabilities such as outdated versions of Wordpress or single files and XSS vulnerabilities in themes. All you need to do is add the line in the header of your blog so that the Wordpress Scanner cgi script can access the information and knows that you are indeed the owner of the blog.

This tool is not perfect but it analyzes the versions of your Wordpress files which is probably the dominant attack vector when it comes to Wordpress hacking and basic XSS vulnerabilities in the themes. The tool gives advice if vulnerabilities have been found on how to fix them.

Just make sure you run the script, follow the guidelines and remove the wpscanner entry from your header again. You would not want someone else to be able to check your blog for vulnerabilities, would not you ? This is a great little script which should become even better when the author adds checks for plugins.

• Reddit
• StumbleUpon
• Delicious
• Digg
• Twitter

Tags: wordpress security, wordpress update, wordpress vulnerabilites, wp scanner
Categories: Online Services, The Web

Related posts:

6 Responses to “Scan your Wordpress blog for vulnerabilities”

1. gnome says:

   July 9, 2007 at 7:23 pm

   No Blogger version then?

Trackbacks/Pingbacks

1. Futilidade Pública » Proteja seu blog em Wordpress | Não é pessoal, não é de tecnologia, não é de _orra nenhuma. says:

   July 9, 2007 at 10:21 am

   [...] Via Ghacks. [...]
2. links for 2007-07-12 — Alpesh Nakars’ Blogosphere says:

   July 12, 2007 at 2:16 am

   [...] Scan your Wordpress blog for vulnerabilities The online security script Wordpress Scanner is a great tool which can be used to scan your Wordpress blog for several vulnerabilities such as outdated versions of Wordpress or single files and XSS vulnerabilities in themes. (tags: wordpress wordpressmods) If you enjoyed reading this post, you may want to check out other related posts listed hereunder. Browse through the site and grab some free tech bytes. And don’t forget to subscribe to my rss feeds or updates via email. Visit here for subscription options that suit you. [...]
3. Check Your WordPress Blog For Security Vulnerabilities | One Tip A Day says:

   July 12, 2007 at 4:31 am

   [...] gHacks e9 = new Object(); e9.size = “468×60″; e9.noAd = 1; Share This | Leave A Comment (0) | [...]
4. „Patikrinimas iki 15 val.“ : nežinau.lt says:

   August 3, 2007 at 6:31 am

   [...] standartams. Saugumo tai nepridÄ—s, bet tvarkos ir suderinamumo su narÅ¡yklÄ—mis – turÄ—tų. Dar radau, kad galima pasitikrinti tinklaraÅ¡Ä?io ir jo Å¡ablonų saugumÄ… nuo XSS antpuolių su WordPress [...]
5. Blog Roundup for the 9th of July 2007 :: Christopher Ross says:

   October 27, 2008 at 3:48 am

   [...] It?s not just my holiday is it? is gratifying. It was satisfying to spend some time looking over Scan your Wordpress blog for vulnerabilities. I wanted to point to Pownce invites for NC folks only. I read How to properly hide the title of [...]