WordPress security tools
WordPress has become one of the biggest platforms that drive the web. Keep your WordPress installation secured with these security tools.
WordPress is a powerful framework and Content Management System (CMS). It powers some of the biggest websites and is a beloved platform for bloggers. With this popularity, WordPress has seen also some negative attention when it comes to security. Now that automatic updates reduce the risks in the core, there is still some room for improvement left. The WordPress security tools in this category help to perform a scan and do an assessment.
This tool category contains several types of scanners, each targetting different security areas. As usual, most of these tools have their own strengths and weaknesses. Therefore it is suggested to combine a few tools when scanning a website or WordPress instance. By creating your own preferred toolkit, you can better assess how well a WordPress installation is secured.
WordPress security tools are typically used for application security.
Users for these tools include developers, pentesters, security professionals, system administrators.
|Tool||Type||Description||Latest release||Release date||Score|
|droopescan||CMS vulnerability scanner||This plugin-based security tool helps to detect and test for weaknesses in common CMS systems like Drupal, SilverStripe, and WordPress.||1.41.0||May 6, 2018||85|
|Vane||WordPress vulnerability scanner||Vane is a forked project of the now non-free popular WordPress vulnerability scanner WPScan.||Unknown||Unknown||64|
|Wordpresscan||WordPress vulnerability scanner||Wordpresscan is a security scanner for WordPress installations. It is based on the work of WPScan with some ideas inspired by the WPSeku project.||1.0a0||Sept. 9, 2017||68|
|WordPress Exploit Framework||WordPress exploiting toolkit||The WordPress Exploit Framework (WPXF) is a framework written in Ruby. As the name implies, it aids in pentesting WordPress installations.||1.9.2||April 14, 2018||93|
|Wordstress||White-box scanner for WordPress installations||Wordstress is a security scanner for WordPress installations. It uses a white-box approach in scanning, which makes it different than most other scanners.||0.70.0||Jan. 27, 2016||60|
|wp_enum||User enumeration||The wp_enum tool helps with the discovery of WordPress users and accounts.||No version||March 5, 2017||40|
|WPScan||WordPress vulnerability scanner||WPScan is a security tool to perform black box WordPress vulnerability scans, including enumeration of used plugins||2.9.4||June 15, 2018||100|
|WPSploit||Scanner for WP themes and plugins||WPSploit helps developers and penetration testers to perform a code audit of WordPress themes and plugins. The tool runs a static code analysis on the systems itself for possible security flaws.||Unknown||Unknown||56|