WordPress is the most popular open source content management system (CMS). According to the latest W3Techs survey, almost 60% of all CMS instances use the platform — and 32.5 of all the websites on the Internet are WordPress sites. From the standpoints of deployment and usage, this is exciting: given its popularity, WordPress is well documented and full featured. But, it also means attackers are constantly looking to compromise vulnerable WordPress installations and the web servers behind them. To stay one step ahead you need Acunetix: a WordPress vulnerability scanner you can trust.
Detect a full range of WordPress vulnerabilities
Acunetix is a full-featured WordPress security scanner. Vulnerabilities that Acunetix can discover include:
- Out-of-date WordPress versions, both within WordPress core and plugins, that are missing critical security patches.
- Malware disguised as 3rd party WordPress plugins and WordPress themes.
- Weak passwords that can be used to launch a brute force attack.
- Names of WordPress users that can be used to compromise accounts or perform social engineering.
- Disclosure of publicly available wp-config.php files.
- Susceptibility to XML-RPC brute force attacks.
These results can be used by operations and development staff to update and secure existing WordPress installations. If out-of-date or unfamiliar plugins are detected, the team can quickly make educated decisions about whether to update the plugins or remove them from the site. Security teams can also use the findings as a basis for further penetration testing.
Up-to-date WordPress vulnerability database
When WordPress security vulnerabilities are released, attackers begin to scan for sites without the latest version of WordPress, or with vulnerable plugins, almost immediately. Stopping attackers in their tracks requires both a strong ongoing WordPress security program as well as timely response when vulnerabilities are announced.
From an ongoing perspective, Acunetix allows you to schedule frequent scans of your company’s web presence, enumerate WordPress websites, and focus on instances that need to be updated or decommissioned. Acunetix’s Continuous Scanning feature is particularly helpful with WordPress sites. With Continuous Scanning, Acunetix performs a full scan of the website once every week as well as a daily scan for critical vulnerabilities, and sends you those findings immediately. As new vulnerabilities are added to the Acunetix vulnerability database, Continuous Scanning ensures that you are testing for those vulnerabilities as soon as they are known. This keeps you in front of attackers.
Scan reports can then be configured for different audiences, to facilitate sharing vital security information and fit regulatory needs such as PCI DSS, HIPAA or Sarbanes-Oxley. Our user interface allows security analysts to easily configure scans for individual vulnerabilities, allowing the team to quickly and easily identify which WordPress sites need immediate attention.
Content Management Systems and beyond
Though your business depends on WordPress websites, it may not be your only web platform now. If it is, it may not be your only one in the future. Though you may be considering a specific WordPress tool, Acunetix is more flexible. It is a full-featured web application security testing tool that will evolve with your infrastructure. It detects security issues in any web application: from CMS platforms like WordPress, Joomla!, and Drupal to custom-built applications.
We use Acunetix for initial site enumeration and to ensure that we cover all common surface area and attacks with at least a minimum level of testing. Most of our testing is completed manually and we find logic issues, and so on, but occasionally we focus on difficult to find issues instead of simple issues, like a file upload flaw hidden in the corner of a site that Acunetix brings to our attention.