90share
With more than39% market shareWordPress websites are prime targets for hackers. Unless you are careful every time your website(s) may be the next target, more than 50 thousand websites get hacked every day. So with a WordPress site in hand, you need to be more careful to stop hacking/backdooring and such. InCMS Analysis by Sucuriin the first quarter of 2019 –
In most cases, the compromises analyzed had little or nothing to do with the core of the CMS application itself, but more to do with improper implementation, configuration, and general maintenance by webmasters and their hosts.
Therefore, it is always necessary to scan WordPress vulnerability for security and check for site vulnerabilities before anything else. With these online WordPress vulnerability scanners, you can at least be aware of some loopholes and more importantly how to prevent your site from getting hacked by using these online WordPress scanning tools.
1.wpscans.com
It checks your site with its smart scanning algorithms and looks for known errors that have been indexed in theWPScan Vulnerability Database, which contains more than 4,000 reported vulnerabilities. A great tool to scan your WordPress vulnerability online. It also tries to identify the plugins it runs and compares their versions against the bug database. Also, wpscan scans for various known mistakes people make when setting up their WordPress installation, a decent place (one of many online WordPress scanners), to begin with.
Note: wpscans does not scan the server for security and also does not scan your password.
2.sitecheck.juices
Sucuri is known for its timely vulnerability reports in the WordPress ecosystem in both plugins and themes. Sucuri also has a site scanner for vulnerabilities. It scans for malware, website blacklists, injected spam, defacements, Website Firewall also scans through your scripts and links. If you want to get the latest report and WordPress vulnerability scan for your website, sucuri is the site scan. Check if your site has been blacklisted by other popular services like:
- Google Safe Browsing
- Norton Safe Browsing
- Tanque de Phishing
- Opera Browser
- advisory site
- Sucuri Malware Labs Blacklist
- SpamHaus DBL
- Yandex (via Sophos)
- ESET
3.WordPress security analysis
Another free tool to scan WordPress vulnerability online. check the security of the application, WordPress plugins, hosting environment and web server. The security scanner downloads a handful of pages from your website and performs an analysis of the raw HTML code. It also looks for user enumeration, directory indexing, linked websites, linked JavaScript, and linked iFrames. With membership, you can get a more advanced scan for your site.
4.wploop.com
Checks your site for WordPress meta tags, readme.html, response headers contain detailed PHP version information, a list of usernames, checks for unnecessary failed login information, install file .php accessible via HTTP, upgrade.php file accessible via HTTP, browsable upload folder, EditURI link present in page header, admin interface deliverable via HTTPS, and Windows Live Writer link in header of the page. If you want to get a white paper to work with, scan your WordPress site for vulnerabilities online.
5.scanwp.com
It performs a basic scan to check if all your WordPress files are up to date or not, rates your website out of 100. It also suggests that you harden security and hide your WordPress version. The scanner visits your home page and looks for the generator tag. Note: The WordPress core team has decided that showing your version of WordPress to the public is not a security issue.
6. wprecon.com
Checks your site with Google Safe Browsing, Active Plugins, Theme, User Enumeration, Directory Indexing, Google Malware Scan, External Link, Linked iFrame, and Linked JS Files. A good online scanner to find WordPress vulnerability.
6.quttera.com
Scans your WordPress site for online vulnerabilities and checks for iFrame, malicious files, suspicious files, external links, and site blacklist status.
7.virustotal.com
A very useful tool to scan WordPress vulnerability online. This site checks your site on 68 reputable online site inspectors and some of them are: AegisLab WebGuard, Avira, BitDefender, Comodo Site Inspector, K7AntiVirus, Malware Domain Blocklist, MalwareDomainList, SecureBrain, Spam404, Sucuri SiteCheck, Web Security Guard, Yandex Safebrowsing, ZeusTracker, Kaspersky and ZCloudsec.
VirusTotal gives you a complete set of reports after scanning your WordPress website for online vulnerabilities.
8.Google Safe Browsing
Google search is the site that we all want to rank on the first page. What better way to level up your website security by scanning your website in Google Safe Browsing Scanner! A must have tool to scan WordPress vulnerability online for free.
Unlike everyone, if you want to directly check your site in Google Safe Browsing without relying on other third-party scanners, you can check the safe browsing status of your site directly from this URL.
9.ghost scanner
It shows you a plain and simple output whether your server is vulnerable or not. You can also check out other scanning services like TCP Portscan, UDP Port scan, SSL Heartbleed scan, SSL Poodle scan, SSL DROWN scan, Bash Shellshock scan, and Ghost Glibc scan.
10hackercombate
It scans your site for malicious activity, malware detection, phishing, blacklist check, worms, backdoors, trojans, transaction protection and also shows basic information of who you are to send the report to your email address. If you want to actively search for the malware scan report, Hackercombat is the best place to scan WordPress vulnerability online.
11app.upguard.com/webscan
It does a pretty decent scan of a website, checks communication DNS, communication services, subdomain, scripts, SSL, meta tags, info, header, google safe browsing check. In addition to these, they are also compared against 27 factors which are:
SSL Enabled, SSL Expiration, SSL Strength, Suspected Phishing Page, Suspected Malware Vendor, Suspected Unwanted Software, X-Powered-By Header, HTTP Strict Transport Security, ASP Network Version Header, Header Server Info, SPF Enabled, DMARC Enabled, Mail, Application, User Authentication, File Sharing, Voice, Administration, Database, DNSSEC Enabled, Domain Expiration, HttpOnly Cookies, Secure Cookies, Emails Exposed, Violations .
The combination of all these factors gives your site a score of 950.
12cerocert.org
It performs a simple scan, also shows your Google Page Rank and Whois information. There is also a settings panel where you can modify the verification depth, user agents.
13scanurl.net
Verifica su sitio en Google Safe Browsing, Phish Tank y Web of Trust.
14urlvoid.com
It checks vulnerability in 26 renowned online scanning software, shows your IP information and Alexa traffic.
15.WP add-ons
It scans your WordPress website for common errors and displays a message of what can be improved in terms of security. You also have this handy option to alert you when your website is vulnerable, you can take advantage of the option by subscribing to their newsletter.
sixteen.scanner.pcrisk.com
The site scan report includes: external links, iFrames, blacklist status, clean files, and suspicious files.
17siteguarding.com/es/sitecheck
Scans for malware, website blacklists, injected spam, defacements, website firewalls, links, scripts and link analysis.
18GeekFlare Vulnerability Scanner
It gives you the following information –
- WordPress version
- admin exposed
- blacklisted
- HTTPS
- Núcleo de WordPress
- Previous WordPress Vulnerability with History
- Vulnerability plugin with history
It also gives you information about the vulnerability of library dependencies, such as jQuery.
19Penetration testing tool
Although Pentest does not have a free plan, you can view their sample report and get an idea of their test reports. Pentest rates the risk with high, medium, and low priority.
Like GeekFlare, Pentest also gives you a full list of vulnerabilities from older versions of WordPress. Plugin vulnerability, user vulnerability.
In addition to important information, Pentest also scans the site header, robots.txt file, xmlrpc file, readme file, and theme vulnerability.
Safety Checklists/Resources
Prevention is better than cure and that is why I have prepared these safety checklists for you. These are by no means a complete list, but rather a brief overview of how to harden the security of your website.
- Always use the latest version of WordPress
- Do not modify or dirty the code in WordPress core files
- Keep your plugin versions up to date
- Install plugins from trusted sources
- Use Limit Login plugins to limit brute force attack
- Use strong password
- Do not use Admin for the username
- Always use backup copies (WithUpdraftPlusplugin can have free backups on Google Drive)
- Use 2-factor authentication if possible
- Use a trusted hosting
For more detailed security measures, you can refer to these interesting resources
- WordPress Strengthening
- WordPress Security
- brute force attacks
- wpsecuritychecklist.org
- wprecon.com/wordpress-security-tips
- WordPress Security Implementation Guideline
- wpvulndb.com( Cataloging5251WordPress Core, Plugin and Theme Vulnerabilities, is a WPScan vulnerability database)
In case you find something fishy, follow this checklist to protect your website: 7 Ways To Fix Hacked WordPress Sites + 17 Ways To Protect It From Happening (Again) From:ColectivoRay
Shameless Plug - Check out the latest review on ourresumeissue. By using resume, you can prevent your site from being hacked and maintain a clean, bloat-free, and rock-solid security.
Now that you have a hand full of online WordPress vulnerability scanners. Give these tools a try before it's too late. Did I miss other websites you follow? What security measures do you take for your site? Leave a comment if you want to share your resources.
90share