S E C U R I T Y

Loading

Details
Stay Up To Date
Parent Checks

  • Wordpress Scanner

Need Membership

Yes

Need Proof Of Ownership

No

Estimate Time (Second)

300

Wordpress Plugin Detector Detail

Did you know that WordPress websites are generally hacked via plugins and themes? You can check the security of your plugin by using our online tools. Update your plugins with vulnerabilities and protect yourself against attacks.

Why Is WordPress Plugin Security Important?

WordPress enables users to write their own plugins or use the plugins coded by other developers on their website. You might be using the latest version of WordPress or a strong password for the admin panel. But any vulnerability in one single plugin might compromise your website against attackers. Therefore, use trusted sources when you download a plugin (wordpress.org). If a normally paid plugin is offered for free, this plugin probably has a backdoor. Also, make sure that the plugin is updated.


Plugin Detection and Security Scan

You can easily check the vulnerability of the plugins on your WordPress with our free and online WordPress Plugin Scanner tool. To do this, you can start by typing your domain name in the form on top of the page and start scanning.

Or you can remotely check them by using open-source code tools such as wpscan, cmsscan. These tools will provide you with a report as if your website is attacked.

wpscan --enumerate p --url https://securityforeveryone.com

[+] URL: https://securityforeveryone.com/ [127.0.0.1]
[+] Started: Sun Jun  7 18:34:17 2020

Interesting Finding(s):

[+] Headers
 | Interesting Entries:
 |  - Server: nginx
 |  - X-Powered-By: PHP/5.4.45
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

[+] XML-RPC seems to be enabled: https://securityforeveryone.com/xmlrpc.php
 | Found By: Headers (Passive Detection)
 | Confidence: 100%
 | Confirmed By:
 |  - Link Tag (Passive Detection), 30% confidence
 |  - Direct Access (Aggressive Detection), 100% confidence
 | References:
 |  - http://codex.wordpress.org/XML-RPC_Pingback_API
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
 |  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access

[+] https://securityforeveryone.com/readme.html
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://securityforeveryone.com/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 2.3.3 identified (Insecure, released on 2008-02-05).
 | Found By: Rss Generator (Passive Detection)
 |  - https://securityforeveryone.com/?feed=rss2, 
 |  - https://securityforeveryone.com/?feed=rss2, http://wordpress.org/?v=2.3.3

[+] WordPress theme in use: theme212
 | Location: https://securityforeveryone.com/wp-content/themes/theme212/
 | Style URL: https://securityforeveryone.com/wp-content/themes/theme212/style.css
 | Style Name: WordPress theme 212
 | Style URI: http://wordpress.org/
 | Description: A theme from Template-Help.com Collection...
 | Author: Template_Help.com
 | Author URI: http://www.Template-Help.com/
 |
 | Found By: Css Style In Homepage (Passive Detection)
 |
 | Version: 2.0 (80% confidence)
 | Found By: Style (Passive Detection)
 |  - https://securityforeveryone.com/wp-content/themes/theme212/style.css, Match: 'Version: 2.0'

[+] Enumerating Most Popular Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] Plugin(s) Identified:

[+] wp-gbcf
 | Location: https://securityforeveryone.com/wp-content/plugins/wp-gbcf/
 |
 | Found By: Urls In Homepage (Passive Detection)
 |
 | The version could not be determined.

Some Advice for Common Problems

Be careful about the following items to have a secure WordPress:

  1. You need to use the latest version of WordPress and keep automatic updates open. When the developers publish an update for the plugins, these updates must be installed immediately.
  2. You must never use plugins downloaded from untrusted sources. These plugins might have harmful codes or black SEO links.
  3. You must uninstall unused plugins.
  4. It is important to protect the plugin folder against directory listing vulnerabilities to prevent the attackers to collect the information from the vulnerable plugins.
  5. Plugins’s version information should be disabled.