Find WordPress Vulnerability with WPScan before Someone Hack

More than 2 million websites are powered by WordPress and
holding number one position with 67% of market share in CMS


Recent Vulnerability Report by Acunetix shows that around
8% of vulnerabilities found in websites are related to


Do you perform web
vulnerability scan regular to your website or blog? If you
aren’t then you should!

WPScan vulnerability scanner sponsored by SUCURI helps you to identify the
security-related problems on your WordPress website.

WPScan is not a plugin, so you need to use this either on UNIX
flavor (Ubuntu, CentOS, Debian, Fedora, Mac OSX) or
pre-installed Linux distributions like Kali
Linux , BackBox Linux, Pentoo, SamuraiWTF, BlackArch.

WPScan is useful if your website is on a private network or
Intranet where the Internet is not available.

If you are on Windows OS then sorry!

Let’s take a look at how to use WPScan on CentOS and Kali Linux
to search the security vulnerabilities.

Using WPScan on CentOS

  • Login into CentOS with root and open Terminal
  • Install GIT & pre-requisites components using yum
# yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch rpm-build git
  • Clone the WPScan repository from git
# git clone
  • It will create a new folder called “wpscan”. Go to wpscan
# cd wpscan
  • It’s time it install using the following command
# gem install bundler && bundle install --without test

This will take few seconds to install and once done; you are
all set to perform the scan.

To run the scanner, you have to use ruby
with URL parameter. Let’s take few examples.

To check the plugin vulnerabilities

# ruby wpscan.rb --url --enumerate vp

To check the theme vulnerabilities

# ruby wpscan.rb --url --enumerate vt

Using WPScan on Kali Linux

The beauty of using Kali Linux is you don’t have to install
anything. WPScan is pre-installed.

Let’s find out how to run the scanner.

  • Login into Kali Linux with root and open Terminal
  • Run the scan using wpscan command
# ruby wpscan.rb --url --enumerate

Above command will run all the available tools. You may also
refer official site for more information.

Hosting your site on shared hosting and can’t install WPScan,
don’t worry. Test your site with
these online tools .

I hope this helps you to find a security flaw in your WordPress
site. To add complete and continuous security to your site, you
may consider using SUCURI WAF .


Leave a Reply

%d bloggers like this: