New project scans for WordPress holes
Developer Ryan Dewhurst has launched a new project called WPScan, a WordPress Security Scanner. The initial version can attempt to work out user names, crack weak passwords and identify vulnerabilities based on version. Dewhurst plans to add plugin detection and also identify the plug-in vulnerabilities, as well as add other checks.
The newly created project, developed by Dewhurst after creating a "Brute Force Tool" for WordPress, is designed to help security professionals of WordPress administrators assess their WordPress installations. The alpha quality Ruby code is licensed under the GPLv3 and is being hosted on Google Code.
WordPress has become somewhat known for security issues; many users configure a WordPress blog but fail to keep the blogging software behind it up to date. This failure can often allows attackers to use well known flaws to gain control of the blog.