WordPress is very popular framework and most site using wordpress for easy to customisation and it’s provide easy to use plugins. WordPress is freely available and any one can easily build website many website template available in market but at least you should have coding skills.
Ok now let’s talk about WordPress security. As we know WordPress uses many kinds of plugins, theme, and template so they leave some security loop holes that make WordPress vulnerable.
How to know if WordPress site has security vulnerability?
There is a tool called WPSCAN and you can download from here .
After download and install type in terminal wpscan it will show you below screen.
Now, you want to find out the security vulnerability website for wordpress .
Type wpscan –url www.example.com
This command show you vulnerability in plugin and wordpress it self etc. it will show you current wordpress website version and show your security vulnerability in red mark.
Or you can enumerate only plugins by type
wpscan –url www.example.com –enumerate p
You can Enumerate themes
wpscan –url www.example.com –enumerate t
There are more command in wpscan and you can find by type wpscan –help .
How to fix and stop security vulnerability in WordPress
- Update WordPress to latest updates.
- Update plugins that you are using in your wordpress
- Update themes.
- Install All In One WP Security & Firewall plugin and configure properly it’s really help you to stop WordPress common security vulnerability.