In association with heise online

16 June 2011, 16:46

New project scans for WordPress holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

WordPress logo Developer Ryan Dewhurst has launched a new project called WPScan, a WordPress Security Scanner. The initial version can attempt to work out user names, crack weak passwords and identify vulnerabilities based on version. Dewhurst plans to add plugin detection and also identify the plug-in vulnerabilities, as well as add other checks.

The newly created project, developed by Dewhurst after creating a "Brute Force Tool" for WordPress, is designed to help security professionals of WordPress administrators assess their WordPress installations. The alpha quality Ruby code is licensed under the GPLv3 and is being hosted on Google Code.

WordPress has become somewhat known for security issues; many users configure a WordPress blog but fail to keep the blogging software behind it up to date. This failure can often allows attackers to use well known flaws to gain control of the blog.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit