WordPress security tools
Introduction
WordPress is a powerful framework and Content Management System (CMS). It powers some of the biggest websites and is a beloved platform for bloggers. With this popularity, WordPress has seen also some negative attention when it comes to security. Now that automatic updates reduce the risks in the core, there is still some room for improvement left. The WordPress security tools in this category help to perform a scan and do an assessment.
This tool category contains several types of scanners, each targetting different security areas. As usual, most of these tools have their own strengths and weaknesses. Therefore it is suggested to combine a few tools when scanning a website or WordPress instance. By creating your own preferred toolkit, you can better assess how well a WordPress installation is secured.
Usage
WordPress security tools are typically used for application security.
Users for these tools include developers, pentesters, security professionals, system administrators.
Tools
Popular WordPress security tools
Vane (WordPress vulnerability scanner)
application security, web application analysis
Vane is a forked project of the now non-free popular WordPress vulnerability scanner WPScan.
WPScan (WordPress vulnerability scanner)
penetration testing, security assessment, vulnerability scanning
WPScan can scan WordPress installations and determine if there are vulnerabilities in a particular installation.
WPSploit (scanner for WP themes and plugins)
code analysis
WPSploit helps developers and penetration testers to perform a code audit of WordPress themes and plugins. The tool runs a static code analysis on the systems itself for possible security flaws.
WordPress Exploit Framework (WordPress exploiting toolkit)
penetration testing, security assessment, vulnerability scanning, web application analysis
The WordPress Exploit Framework (WPXF) provides a set of tools to assess and exploit WordPress installations. It can be used for pentesting and red teaming assignments. The tool is less friendly for beginners, but more experienced pentesters will find no difficulty in using it.
Wordpresscan (WordPress vulnerability scanner)
application security, penetration testing, web application analysis
Tools like WordPresscan are useful to perform vulnerability scans on the popular WordPress platform. It can be used during development and on existing installations.
Wordstress (white-box scanner for WordPress installations)
application security, vulnerability scanning, web application analysis
WordPress is a popular choice among content management systems (CMS). Powering many websites and blogs, it is also a popular target. So regular updates and security testing can help to reduce the risk. WordStress can help with this testing.
droopescan (CMS vulnerability scanner)
web application analysis
Droopescan can be used to test the security of several Content Management Systems (CMS). It mainly focuses on Drupal, SilverStripe, and Wordpress installations.
wp_enum (user enumeration)
penetration testing, security assessment, vulnerability scanning
This utility scans for the available identities on a WordPress installation.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.