Test Security of WordPress site with WPScan on Koding

Koding is one of my favorite platforms to test code remotely. It helps me to save the installation charges and hassle on my local machine. Best is its free.

Koding cloning wpscan image
Clone WPScan on your local Koding VM via git.

WPScan is a very useful tool for testing the security of your WordPress installation. Some of the features including the following:

i. Brute force attacks on your wp-admin based on a number of common passwords provided as an argument in the form of a .lst file.
ii. Check the plugins installed on the WordPress website.
iii. Run enumeration tools.

It is unfortunate that WPScan is currently not available for Windows. So that leaves us to install it on Linux or Unix/Mac systems. The installation directions are on the home page itself and it stays updated there.

Before you go ahead on Koding, you will need to know the type of distribution that it is running. Usually it’s Ubuntu, but they keep updating(that’s a good thing). So it is important to check it first by the following command in the terminal –

more /etc/issue

This will show you the distribution and the version running. You can then check out the specific instructions as mentioned above.

Now, coming to the installation itself – it’s pretty simple. In some cases the install command may not work directly. You will have to break it up into two commands –

sudo gem install bundler 
bundle install
WPScan begins Image
WPScan begins…
This is a good sign – it means your installation is successful and you got it configured right.

Once this is done, you can check your WordPress website by entering a simple command to test like this –

ruby wpscan.rb --url www.example.com

This will output a number of details after it is done with a non intrusive scan. This helps Windows users and those using non Unix systems to check the security of their WordPress installation without going through any real hassle.

The source code for the project is out there on GitHub.