WP Theme Detector

Details
Stay Up To Date
Asset Type

DOMAIN

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

300

WP Theme Detector Detail

WordPress content management system offers users various paid/free theme options. You can use WordPress Theme Detector tool to identify the name of the theme and to check whether the theme codes has backdoors/vulnerabilities.

WordPress Theme Security

WordPress has thousands of themes. What is more, it is right to say WordPress themes have their own sector. It is possible to have paid or free wordpress themes in almost all website categories. Some websites (warez) might show paid wp themes as free and present these wordpress themes to users. But it is important to be careful about these wp themes. They often contain a backdoor. Attackers can use these backdoors to obtain your information and website.

WordPress Theme Detector

 

Other than security, you can use Security for Everyone’s WordPress Theme Detector tool if you want to identify the theme of a WordPress website. To do this, you can start by typing your domain name in the form on top of the page and start scanning.

Or you can remotely check them by using open-source code tools such as wpscan, cmsscan. These tools will scan your website and provide you with a report.

wpscan --enumerate t --url https://securityforeveryone.com

[+] URL: https://securityforeveryone.com/ [127.0.0.1]
[+] Started: Sun Jun  7 18:34:17 2020

Interesting Finding(s):

[+] Headers
 | Interesting Entries:
 |  - Server: nginx
 |  - X-Powered-By: PHP/5.4.45
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

[+] XML-RPC seems to be enabled: https://securityforeveryone.com/xmlrpc.php
 | Found By: Headers (Passive Detection)
 | Confidence: 100%
 | Confirmed By:
 |  - Link Tag (Passive Detection), 30% confidence
 |  - Direct Access (Aggressive Detection), 100% confidence
 | References:
 |  - http://codex.wordpress.org/XML-RPC_Pingback_API
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
 |  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access

[+] https://securityforeveryone.com/readme.html
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://securityforeveryone.com/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 2.3.3 identified (Insecure, released on 2008-02-05).
 | Found By: Rss Generator (Passive Detection)
 |  - https://securityforeveryone.com/?feed=rss2, 
 |  - https://securityforeveryone.com/?feed=rss2, http://wordpress.org/?v=2.3.3

[+] WordPress theme in use: theme212
 | Location: https://securityforeveryone.com/wp-content/themes/theme212/
 | Style URL: https://securityforeveryone.com/wp-content/themes/theme212/style.css
 | Style Name: WordPress theme 212
 | Style URI: http://wordpress.org/
 | Description: A theme from Template-Help.com Collection...
 | Author: Template_Help.com
 | Author URI: http://www.Template-Help.com/
 |
 | Found By: Css Style In Homepage (Passive Detection)
 |
 | Version: 2.0 (80% confidence)
 | Found By: Style (Passive Detection)
 |  - https://securityforeveryone.com/wp-content/themes/theme212/style.css, Match: 'Version: 2.0'

[+] Enumerating Most Popular Themes (via Passive and Aggressive Methods)
 Checking Known Locations - Time: 00:00:38 <============================================================================================================================> (400 / 400) 100.00% Time: 00:00:38
[+] Checking Theme Versions (via Passive and Aggressive Methods)

[i] Theme(s) Identified:

[+] theme212
 | Location: https://securityforeveryone.com/wp-content/themes/theme212/
 | Style URL: https://securityforeveryone.com/wp-content/themes/theme212/style.css
 | Style Name: WordPress theme 212
 | Style URI: http://wordpress.org/
 | Description: A theme from Template-Help.com Collection...
 | Author: Template_Help.com
 | Author URI: http://www.Template-Help.com/
 |
 | Found By: Urls In Homepage (Passive Detection)
 |
 | Version: 2.0 (80% confidence)
 | Found By: Style (Passive Detection)
 |  - https://securityforeveryone.com/wp-content/themes/theme212/style.css, Match: 'Version: 2.0'

Some Advice for Common Problems

Be careful about the following items to have a secure WordPress theme:

  1. You need to use the latest version of WordPress and keep automatic updates open. When the developers publish an update for the WP themes, these updates must be installed immediately.

  2. You must never use wordpress themes downloaded from untrusted sources. These WP themes might have harmful codes or black SEO links.

  3. You must uninstall unused WP themes.

  4. It is important to protect the WordPress theme folder against directory listing vulnerabilities to prevent the attackers to from collecting the information from the vulnerable wordpress themes.

  5. WP themes’s version information should be disabled.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service