WPScan is a handy tool to scan your wordpress site for vulnerabilities. And it is better you do it your self before someone else do. The official website for WPScan can be found here: wpscan.org
Before we install. Please take note that when scanning a wordpress site, your activity will show in the apache logs.
To the install wpscan, run these commands
# sudo apt-get install git ruby ruby-dev libcurl4-gnutls-dev make
# git clone https://github.com/wpscanteam/wpscan.git
# cd wpscan
# sudo gem install bundler
# bundle install –without test –path vendor/bundle
Also please take not that if you have other users on that computers that should be able to run WPScan, you can not install it as root.
Now, to scan your own site you can run:
# ./wpscan.rb –url www.yoursite.com
And WPScan will give you it´s result.
There is a lot more you can do with this scanner. So please go to their website for documentation.
Happy scanning!
About Author
