Home > Article > System Tutorial > How to Use WPSeku to Find WordPress Security Issues?
However, these security issues can be avoided if we follow usual WordPress best practices. In this article, we’ll show you how to use WPSeku, a WordPress vulnerability scanner in Linux that can be used to find security holes in your WordPress installation and block potential threats.
WPSeku is a simple WordPress vulnerability scanner written in Python. It can be used to scan local and remote WordPress installations to find security issues.
To install WPSeku in Linux, you need to clone the latest version of WPSeku from Github as follows.
$ cd ~ $ git clone https://github.com/m4ll0k/WPSeku
After completion, enter the WPSeku directory and run as follows.
$ cd WPSeku
Use the -u option to specify the WordPress installation URL and run WPSeku as follows:
$ ./wpseku.py -u http://yourdomain.com
The following command uses the -p option to search for cross-site scripting (x), local folder embedding (l) and SQL injection (s) vulnerabilities in WordPress plugins. You need to specify the location of the plugin in the URL:
$ ./wpseku.py -u http://yourdomain.com/wp-content/plugins/wp/wp.php?id= -p [x,l,s]
The following command will perform a brute force password login via XML-RPC using the -b option. Alternatively, you can use the --user and --wordlist options to set the username and wordlist respectively, as shown below.
$ ./wpseku.py -u http://yourdomian.com --user username --wordlist wordlist.txt -b [l,x]
To browse all WPSeku usage options, type:
$ ./wpseku.py --help
That’s it! In this post, we show you how to get and use WPSeku for WordPress vulnerability scanning in Linux. WordPress is secure, but only if we follow WordPress security best practices. Do you have ideas to share? If so, please leave a message in the comment area.
About the author:
Aaron Kili is a Linux and F.O.S.S enthusiast, soon to be Linux system administrator, web developer, and currently a content creator at TecMint. He loves working with computers and believes in sharing knowledge.
The above is the detailed content of How to Use WPSeku to Find WordPress Security Issues?. For more information, please follow other related articles on the PHP Chinese website!