With more than 24% of websites on the Internet running WordPress, WordPress security is becoming an increasingly important factor in an organization’s security posture. Unfortunately, thousands of WordPress plugins contain high-severity vulnerabilities which could allow attackers to gain access to the WordPress administrative interface.
Scan for Vulnerable WordPress Plugins
Acunetix identifies WordPress installations, and will launch security tests for WordPress plugins and WordPress core vulnerabilities. The WP plugins detected, are listed in the WordPress plugins Knowledge Base including a description, version number and latest version of plugin to update to.
- Scans for over 1200 vulnerable WordPress Plugins & Misconfigurations.
- Checks for weak WordPress admin passwords, WordPress username enumeration,
- Detects malware disguised as plugins and old versions of plugins.
WP Configuration File Disclosure and Username Enumeration
An administrator might sometimes need to alter certain settings from
wp-config.php directly as opposed to the WordPress interface. To do this, a backup of the known working configuration is created, before proceeding with manually altering the file. However, the backed up file then becomes available to whoever is able to guess the name of the backup file.
- Acunetix checks for a number of possible WordPress configurations.
- Runs tests for username enumeration of WordPress accounts.
- Detects use of weak passwords based on a password list and leetspeak.
Not just WordPress
Following WordPress, Joomla! and Drupal are among the most widely deployed Content Management Systems (CMSs) and have their own share of vulnerabilities and misconfigurations.
- Detects vulnerable versions Joomla! and Drupal installations.
- Tests Joomla! and Drupal web applications for known vulnerabilities and misconfigurations.
We use Acunetix for initial site enumeration and to ensure that we cover all common surface area and attacks with at least a minimum level of testing. Most of our testing is completed manually and we find logic issues, and so on, but occasionally we focus on difficult to find issues instead of simple issues, like a file upload flaw hidden in the corner of a site that Acunetix brings to our attention.