Since WordPress is the most popular blogging platform in the world, blogs that are powered by WordPress platform have increasingly received more attacks from hackers and automated scripts. As a blog owner, we’ve the responsibility to ensure that the risk of being attack is at the lowest.
David Kierznowski from BlogSecurity has recently released the next generation of WordPress Scanner. The scanner is completed re-written in PHP and is massively improved for WordPress vulnerability check compared to previous version. WordPress Scanner is a free online tool that blog administrators can use to provide a measure of their WordPress security level. Currently it is a BETA software and is continually being developed.
One of the most exciting feature according to the author is all the test cases are now in XML form. What it means is anyone can just write an additional test case and submit it to BlogSecurity for approval. But the author doesn’t mention how does the XML test case look like and how do we write our own test case if we’re interested. Perhaps some more information could be provided for us to understand how it works.
Running WordPress Scanner
WordPress Scanner is hosted and running in BlogSecurity server. In order to check for the security level, you need to download a plugin and activate it. This plugin simply adds <!- wpscanner -> to authorize WordPress Scanner to scan your blog. Without this plugin, WordPress Scanner will not scan your blog to prevent unauthorize scanning being used by hackers.
Download WordPress Scanner Plugin
After activating the plugin, simply go to WordPress Scanner, type in your blog address and click “start scan”. You will see a red status running while the scanning is in progress. Once it is completed, it will show you a report indicating what are the issues exist in your blog.
In the report, it will show you the security issue in your blog, together with description and risk level. But it lacks the information of how to fix the issue. And I do expect the scanner can provide the details test cases being executed and indicate which one pass and which one fail.
Conclusion
Here is the list of suggestions to be considered.
- Provide more information about the risk level.
- Provide more information about how to fix the issue.
- Provide more information or tutorial for people who want to develop new test case.
- Provide details test cases being executed.
Overall, it is a good security plugin for people without or with little security knowledge to identity the risk being faced by their blogs. Just try it today and you will like it.
Related Posts:
{ 3 comments… read them below or add one }
Great review of wp-scanner, I may reference this later on.
If there are recommendations that you wish to contribute, please email them over, it saves me time
The tool is currently still being developed.. I only released to get some initial feedback which has been sparse. It is not intended for active use, hence why I haven’t provided the XML layout of the tests and FAQ. Its an ongoing project, I’ll try get more done over the weekend.
Great review!
@David,
Sure, I’ll email you in future if I’ve more comments.
It’s really well done! Respect to author.