WordPress is the most popular open source content management system (CMS). According to the latest W3Techs survey, almost 60% of all CMS instances use the platform and 32.5 of all the websites on the Internet are WordPress sites. From the standpoints of deployment and usage, this is exciting: given its popularity, WordPress is well-documented and full-featured. But it also means attackers are constantly looking to compromise vulnerable WordPress installations and the web servers behind them. To stay one step ahead, you need Acunetix: a WordPress vulnerability scanner that you can trust.
Detect a Full Range of WordPress Vulnerabilities
Acunetix is a full-featured WordPress security scanner. Vulnerabilities that Acunetix can discover include:
- Out-of-date WordPress versions, both WordPress core and plugins, that are missing critical security patches
- Malware disguised as 3rd party WordPress plugins and WordPress themes
- Weak passwords that can be used to launch a brute force attack
- Names of WordPress users that can be used to compromise accounts or perform social engineering
- Disclosure of publicly available wp-config.php files
- Susceptibility to XML-RPC brute force attacks
These results can be used by operations and development staff to update and secure existing WordPress installations. If out-of-date or unfamiliar plugins are detected, the team can quickly make educated decisions about whether to update the plugins or remove them from the site. Security teams can also use the findings as a basis for further penetration testing.
Up-to-Date WordPress Vulnerability Database
When information about WordPress security vulnerabilities is released, attackers almost immediately begin to scan for sites with an outdated version of WordPress or with vulnerable plugins. Stopping attackers in their tracks requires both a strong ongoing WordPress security program as well as timely response when vulnerabilities are announced.
From an ongoing perspective, Acunetix allows you to schedule frequent scans of your company’s web presence, enumerate WordPress websites, and focus on instances that need to be updated or decommissioned. The Acunetix Continuous Scanning feature is particularly helpful with WordPress sites. With Continuous Scanning, Acunetix performs a full scan of the website once every week as well as a daily scan for critical vulnerabilities, and sends you those findings immediately. As new vulnerabilities are added to the Acunetix vulnerability database, Continuous Scanning ensures that you are testing for those vulnerabilities as soon as they are known. This keeps you in front of attackers.
Scan reports can then be configured for different audiences to facilitate sharing vital security information and meet regulatory needs such as PCI DSS, HIPAA, or Sarbanes-Oxley. Our user interface allows security analysts to easily configure scans for individual vulnerabilities, allowing the team to quickly and easily identify WordPress sites that need immediate attention.
Content Management Systems and Beyond
Even if your business depends on WordPress websites, it may not be your only web platform now. If it is, it may not be your only one in the future. You may be considering a tool specific to WordPress, but Acunetix is more flexible. It is a full-featured web application security testing tool that will evolve with your infrastructure. It detects security issues in any web application: from CMS platforms like WordPress, Joomla!, and Drupal to custom-built applications.
We use Acunetix for initial site enumeration and to ensure that we cover all common surface area and attacks with at least a minimum level of testing. Most of our testing is completed manually and we find logic issues, and so on, but occasionally we focus on difficult to find issues instead of simple issues, like a file upload flaw hidden in the corner of a site that Acunetix brings to our attention.