Scan your WordPress blog for vulnerabilities

Site owners should always be aware of the possibility that their blog gets compromised. This can be because of an old version of WordPress that is installed or because of vulnerabilities in plugins or themes.It is not that difficult to stay up to date in regards to the blogging software itself and themes or plugins that are installed as additional features. While that takes care of some attack vectors, it still does not mean that the blog is completely safe from being compromised.

The online security script WordPress Scanner is a great tool which you can use to scan your WordPress blog for outdated files and other vulnerabilities. All you need to do is add a single line of code to the header of your blog so that the WordPress Scanner cgi script can access the information and knows that you are indeed the owner of the blog.

This tool is not perfect but it analyzes the version of your WordPress files which is probably the dominant attack vector when it comes to WordPress hacking and basic XSS vulnerabilities in the themes. The tool gives advice if vulnerabilities have been found on how to fix them.

Just make sure you run the script, follow the guidelines and remove the wpscanner entry from your header again. You would not want someone else to use the same tool to find out about vulnerabilities that you have not fixed yet, would not you?  This is a great little script which should become even better when the author adds checks for plugins.

Update: The script does not seem to be available anymore. You can use a different plugin for WordPress like Exploit Scanner instead which offers the advantage that you can install it as any other plugin in WordPress, so that no one can come along and use it to find out about potential vulnerabilities.

You can install the plugin from the admin dashboard or, if you prefer it that way, manually by uploading it to the plugin directory of your blog on the server it is running on.

Advertisement