Scan for Over 1200 Vulnerable WordPress Plugins & Other WordPress-specific Misconfigurations
Scan for Vulnerable WordPress Plugins
Acunetix identifies WordPress installations, and will launch security tests for over 1200 popular WordPress plugins, as well as several other vulnerability tests for WordPress core vulnerabilities. In addition, Acunetix will also conduct other WordPress-specific configuration tests such as weak WordPress admin passwords, WordPress username enumeration,
wp-config.php backup files, malware disguised as plugins and old versions of plugins.
The WordPress plugins detected, are listed in the WordPress plugins Knowledge Base including a description, version number detected and latest version of plugin to update to. Similar checks are also performed on other Content Management Systems such as Joomla! and Drupal.
WordPress Configuration File Disclosure
Although most of the common configuration settings are available through the WordPress admin interface, the WordPress administrator might need to alter certain settings from
wp-config.php directly. This is often done by first creating a backup of the known working configuration, before proceeding with manually altering the file in a text editor. However, the backed up file becomes available to whoever is able to guess the name of the backup file.
Username Enumeration and Weak Password Guessing
Acunetix runs tests for username enumeration of WordPress accounts. Enumerating usernames gives attackers a head-start when attacking your WordPress installation, since an attacker would have the necessary information to launch a password dictionary attack against the enumerated usernames.
Based on the users identified during the scan, Acunetix will also attempt to detect if the enumerated users are using weak passwords based on a password list, as well as other combinations, including the use of leetspeak.
Not just WordPress
In addition to detection of vulnerable versions of WordPress core, plugins and misconfigurations, Acunetix can also detect vulnerabilities in Joomla! and Drupal installations. Following WordPress, Joomla! and Drupal are among the most widely deployed Content Management Systems (CMSs) and have their own share of vulnerabilities and misconfigurations.