WPSeku – A Vulnerability Scanner to Find Security Issues in WordPress

WordPress is a free and open-source, highly customizable content management system (CMS) that is being used by millions around the world to run blogs and fully functional websites. Because it is the most used CMS out there, there are so many potential WordPress security issues/vulnerabilities to be concerned about.

However, these security issues can be dealt with, if we follow common WordPress security best practices. In this article, we will show you how to use WPSeku, a WordPress vulnerability scanner in Linux, that can be used to find security holes in your WordPress installation and block potential threats.

WPSeku is a simple WordPress vulnerability scanner written using Python, it can be used to scan local and remote WordPress installations to find security issues.

How to Install WPSeku – WordPress Vulnerability Scanner in Linux

To install WPSeku in Linux, you need to clone the most recent version of WPSeku from its Github repository as shown.

$ cd ~
$ git clone https://github.com/m4ll0k/WPSeku

Once you have obtained it, move into the WPSeku directory and run it as follows.

$ cd WPSeku

Now run the WPSeku using the -u option to specify your WordPress installation URL like this.

$ ./wpseku.py -u http://yourdomain.com 
WordPress Vulnerability Scanner

WordPress Vulnerability Scanner

The command below will search for cross site scripting, local file inclusion, and SQL injection vulnerabilities in your WordPress plugins using the -p option, you need to specify the location of plugins in the URL:

$ ./wpseku.py -u http://yourdomain.com/wp-content/plugins/wp/wp.php?id= -p [x,l,s]

The following command will execute a brute force password login and password login via XML-RPC using the option -b. Also, you can set a username and wordlist using the --user and --wordlist options respectively as shown below.

$ ./wpseku.py -u http://yourdomian.com --user username --wordlist wordlist.txt -b [l,x]   

To view all WPSeku usage options, type.

$ ./wpseku.py --help
WPSeku WordPress Vulnerability Scanner Help

WPSeku WordPress Vulnerability Scanner Help

WPSeku Github repository: https://github.com/m4ll0k/WPSeku

That’s it! In this article, we showed you how to get and use WPSeku for WordPress vulnerability scanning in Linux. WordPress is secure but only if we follow WordPress security best practices. Do you have any thoughts to share? If yes, then use the comment section below.

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

6 Responses

  1. Milad says:

    thanks for this wonderful article, very helpful.

  2. Bruce Ferrell says:
    $ ./wpseku -u  -p s returns: 
    

    ]+[ Searching sql vulns…
    Traceback (most recent call last):
    File “./wpseku.py”, line 805, in
    main.WPSekuMain()
    File “./wpseku.py”, line 776, in WPSekuMain
    WPAttack(self.url,self.path,self.query,self.headers).sqlattack()
    File “./wpseku.py”, line 553, in sqlattack
    params = dict([part.split(‘=’) for part in u.query.split(‘&’)])
    ValueError: dictionary update sequence element #0 has length 1; 2 is required

  3. jsda says:

    I think you should have blurred few more lines…

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.