Home > Blogger > Wordpress Security - Vulnerability Scanning
Wordpress Security - Vulnerability Scanning
Posted on Kamis, 24 Mei 2012 by internet marketing
WordPress is one of the best and most popular content management system (CMS) among bloggers and there are a lot of bloggers using WordPress as a CMS. Wordpress is on the hit list of the hackers and spammers, spammers use their malware to compromise a wordpress website that is why reverse engineering of malware is necessary.
However there are other CMS available, like Joomla!, but WordPress has its own importance and market. Since most bloggers are using WordPress the security is also important and a single dangerous vulnerability may lead to thousands of compromised WordPress blogs. From the penetration tester point-of-view an administrator must be aware at the system level, as well as the application level, of existing vulnerabilities in order to protect these website(s).
We provide our services to secure a wordpress website / blog more information.A quick tip to secure a WordPress (or any other) blog from the system/server software vulnerability is by auditing. This includes keeping up-to-date all the server’s software, browsers, anti-virus, using strong passwords and changing them very often, scanning the server for malware and backdoors, using firewalls, etc.,. WordPress software itself has different vulnerabilities; in fact security researchers discover new vulnerabilities on a daily basis.
So in this article we will cover some tools and plug-ins to audit WordPress software for security holes and vulnerabilities. We will also discuss the possible ways and tools that an attacker might use to hack into WordPress, and some of the best way(s) to secure a WordPress blog.
WordPress Security Audit & Vulnerability Scanning
A security audit is one of the most important steps to finding possible vulnerabilities in WordPress and in this section I will discuss some tools and plug-ins you can use to find them.
Plecost WordPress Fingerprinting Tool:
Plecost is a wonderful tool to audit a WordPress blog and it is available by default on the most famous penetration test tools i.e., Backtrack, Backbox and Blackbuntu. Plecost contains a database of available plug-ins and compares them against the common vulnerability and exposure (CVE) list to verify its vulnerability on WordPress.
Plecost can work in two modes – either by auditing the security of a single targeted URL or Google search results. Our goal is to audit a single URL.
Here is the result of a quick and a simple audit on WordPress using Plecost.
root@bt:/pentest/web/scanners/plecost# ./plecost-0.2.2-9-beta.py -i wp_plugin_list.txt -c http://127.0.0.1/wordpress
-------------------------------------------------
[*] Input plugin list set to: wp_plugin_list.txt
[*] Colored output set on.
-------------------------------------------------
==> Results for: http://127.0.0.1/wordpress <==
[i] WordPress version found: 3.3
[i] WordPress last public version: 3.3.1
[*] Search for installed plugins
[i] Plugin found: akismet
|_Latest version: 2.4.0
|_ Installed version: 2.3.0
|_CVE list:
|___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)
|___CVE-2007-2714: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2714)
|___CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743)
|___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)
|___CVE-2007-2714: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2714)
|___CVE-2006-4743: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4743)
[i] Plugin found: wp-security-scan
|_Latest version: 2.7.1.2
|_ Installed version: trunk
|_CVE list:
|___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)
|___CVE-2009-2334: (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2334)
|
You
can see that this WordPress software is outdated. The new version of
WordPress is available and the new version of the plug-ins are also
available, but they have not been updated. This is dangerous.
can see that this WordPress software is outdated. The new version of
WordPress is available and the new version of the plug-ins are also
available, but they have not been updated. This is dangerous.
Artikel Terkait
Category Article Blogger
Arsip Blog
-
▼
2012
(4523)
-
▼
Mei
(424)
- Cara Daftar Blackberry Smartfren Via SMS
- Smartfren Tak Terpengaruh SMS Interkoneksi
- Biaya Interkoneksi SMS Mulai Berlaku, Tri Ubah Ske...
- SMS Interkoneksi Resmi Di Aktifkan Tadi Malam
- Daftar Harga BlackBerry Terbaru Juni 2012
- Cheat Crossfire 1 Juni 2012 TERBARU
- Cheat LS Lost Saga 1 Juni 2012 Terbaru
- Video YouTube : Wujud Dan Spesifikasi Detail IPhone 5
- Bagian-Bagian iPad, Cara Menggunakan iPad serta Ca...
- Cara Membuat Web Browser Sendiri Dengan Fitur Dasar
- Download Soal SNMPTN 2012
- Download Lagu Dan Lirik Judika - Kereta Apiku
- Foto Bugil Cherry Belle Tanpa Sensor Beredar di Se...
- Foto Bugil Cherry Belle Beredar di Twitter | Didug...
- Download Smadav 9.0 Pro Full Version 2012 with Key...
- Daftar Harga Motor Honda Juni 2012
- Harga Motor Bulan Juni 2012
- Download Men In Black 3 Game for Android
- Facebook’s Promoted Post For Brand Pages
- Aplikasi Flipboard Beta untuk Android Secara Resmi...
- Cha Sun Hwa Ratu model dari Korea selatan
- Aki Hoshino Model Jepang yang bermuka imut
- Cewek Seksi Lembut Bikin Hati Jatuh CInta
- Foto Miss China Yang Heboh Berpose HOT
- Foto Hot Nheyla Putri Dari Majalah Model babe
- FOTO SEKSI BIANCA BAI Model Taiwan Yang Bikin Ngiler
- Foto Hot Zahra Jasmine Di Majalah Model
- Foto Seksi Pianis Muda dari vietnam
- Aksi Foto Model Baby Margaretha
- Koleksi foto terbaru Top Model Hongkong "Jessica C"
- Sexy 34F Chinese Hani girl Tong Xiaoxin
- FOTO: Yu Ram Ca, Si pebiliar sexy "Little Lightning"
- Makanan Ini Bikin Wajah Cepat Tua
- 13 Ucapan Sindiran Ala Wanita
- Kontes Payudara Terindah dan Terbesar Di Thailand
- Process Tamer Software untuk Mengurangi Beban CPU ...
- Daftar Lagu Indonesian Idol 1 Juni 2012 Spektakule...
- Cara Mudah Mencari Alamat Dengan Google
- Download Materi Kisi-Kisi PLPG Bahasa Indonesia
- Hasil dan Video Belanda vs Slovakia 2-0 31 Mei 2012
- Kamus Hacker atau Istilah Dari Hacker
- Riset: Wanita Paling Tak Sabar Pasang Status 'Marr...
- Cara Mencairkan Profit JSSTripler
- Pengumuman Penerimaan IPDN 2012
- Hasil Seleksi PPDB RSBI SMPN 1 Madiun 2012 Jalur PMDK
- NISN | Cara Mencari Nomor Induk Siswa Nasional
- Sinopsis Lengkap Sinetron Kugapai Cintamu | Episod...
- Jadwal Pendaftaran Mahasiswa Baru D3 dan D4 UNS So...
- Harga Acer Hari ini 31 Mei 2012
- Cara Mengubah Background Gambar Timeline Facebook ...
- Hp Facebook ini punya fitur unik, bisa dihidupkan ...
- You Dont Know Jack, Game Terbaru Facebook
- Kebijakan Tarif Interkoneksi Diberlakukan, Akhir D...
- Alasan Penundaan Penayangan Film G.I.Joe : Retalia...
- Rating Drama Korea Terbaru, A Gentleman’s Dignity ...
- Koleksi Kata Bijak Terbaru 2012
- Komponen Utama Dalam Komputer
- Download Facebook Browser 1.0
- Profil Lengkap Anggota / Personil JKT48
- Ini Dia Nominasi Indonesian Movie Awards 2012
- Daftar Penerima Penghargaan Piala WTN 2011
- Prediksi Skor Italia vs Luksemburg 30 Mei 2012
- Lowongan Kerja Jakarta Utara Juni 2012
- Lowongan Kerja Tangerang Juni 2012
- DESAINGRATIS.COM Solusi Desain Grafis Online
- Proxy Terbaru Juni - High Quality Proxy Terbaru
- Bagaimana Cara Membuka MMS Indosat?
- Daftar Kode Bank Seluruh Indonesia Lengkap
- Profil dan Foto - Foto 2PM
- Profil dan Foto - Foto Shinee
- Cara Menjaga Mata Tetap Sehat
- Download Joli OS (Operating System)
- Free Download Stylish Vcard - 11 Skins
- Gradient Teks HTML5 Canvas dan Javascript
- 6Linie Blogspot Template
- Pelajar Tepergok Bawa Golok | Magetan
- Hari Ini Konvoi Lagi, Ditindak | Madiun
- Video Mesum Pelajar JL (1) dan (MT) Beredar di Pon...
- IM3 Buzz, Aplikasi Instant Messaging Saingan Whats...
- Benarkah tarif SMS di Indonesia bakal naik?
- KFC Perusak Hutan Indonesia?
- Ini Dia Busana Dian Sastrowardoyo Di Festival Film...
- Sayur Yang Memicu Perut Kembung
- Posting Foto Uang Di Facebook, Ibu Gadis Ini Di Ra...
- Flame, Ancaman Cyber-Attack Terbesar Abad Ini
- Browser LunaScape : Peramban Canggih Dengan 3 Mesi...
- Cara Cepat Mengirim Pesan Ke Semua Teman Facebook
- GIMP, Aplikasi Grafis Gratis Untuk Windows
- Kaskus Saat Ini Ganti Alamat Domain Karena Masalah...
- Inilah Pemeran Pacar Steve Jobs di film jOBS
- Cara Menghilangkan Stress
- New Honda Civic, Belum Hadir Tapi Sudah Bisa Dipesan
- 10 Aturan Tak Tertulis Saat Bermain Twitter
- Video YouTube : Seperti Inilah Suasana Pabrik Temp...
- MotoGP : Karel Abraham Kalahkan Porsche Dan Pesawa...
- Avira AntiVir Rescue System May 28. 2012 Full
- 5 Jenis Nyeri yang Tidak Boleh Diabaikan
- Menikahi Gadis Perawan Dipercaya Bisa Sembuhkan HIV
- Fenomena Tina Agustina Mengeluarkan Air Mata Kristal
- Klasemen Euro 2012 | Piala Eropa 2012
-
▼
Mei
(424)