The heart of tech

This article was published on June 17, 2011


WPScan scans your WordPress installation for security vulnerabilities

WPScan scans your WordPress installation for security vulnerabilities
Joel Falconer
Story by

Joel Falconer

Joel Falconer is the Features Editor at TNW. He lives on the Gold Coast, Australia with his wife and three kids and can sometimes be found g Joel Falconer is the Features Editor at TNW. He lives on the Gold Coast, Australia with his wife and three kids and can sometimes be found gaming or consulting. Follow Joel on Twitter.

There are a variety of security services out there for WordPress users, including Automattic’s own subscription based security and backup service, VaultPress.

But if you just want to scan your installation for security vulnerabilities and plug the holes yourself, WPScan may be the tool for you.

Released on ethicalhack3r, a blog by a British computer security student, WPScan is a Ruby script with a couple of dependencies, so make sure you follow the installation instructions on the blog if you’re not all that familiar with using Ruby scripts.

WPScan’s features include weak password cracking, username enumeration, plugin enumeration and a variety of other scans.