Security is something that all of us must care about quite a bit. Especially if we have a web site that we manage. And although it is true that, the security aspects of the various applications of a server have been greatly improved, it is also true that cyber thieves have also improved. In this sense, WordPress is one of the most popular CMS that exist today, is very well designed making it a safe option. However, it is convenient that we use tools to verify the possible vulnerabilities that our site may have built with WordPress. Therefore, I will teach you how to install WPScan on Ubuntu 18.04 so that you can use it and make a study on a website made with WordPress and thus know and improve the vulnerabilities.
According to its website, WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner. It is written for security professionals and blog maintainers to test the security of their sites. Normally, WPScan comes pre-installed on operating systems specifically geared towards security audits.
Of course, this tool is Open Source so we can examine its source code to learn more. In addition, it is possible to access more information about it on its Github site. The requirements are Ruby, Git, Curl, and RubyGems.
So let’s install WPScan on Ubuntu 18.04.
Update the System
The first step is to update the system. So open a terminal and run the following command.
:~$ sudo apt update && sudo apt upgrade -y
Once the system has finished installing the security patches, you will have a more stable and robust system.
Install some required packages
The next step to install WPScan on Ubuntu 18.04, is to get some packages that are necessary for the installation. Some of them are libraries and others are applications as such.
:~$ sudo apt install curl git libcurl4-openssl-dev make zlib1g-dev gawk g++ gcc libreadline6-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 autoconf libgdbm-dev libncurses5-dev automake libtool bison pkg-config ruby ruby-bundler ruby-dev
So, you can now install WPScan.
Install WPScan on Ubuntu 18.04
Now you start the installation process. For this, you will use RubyGems.
:~$ sudo gem install wpscan
So, that’s it.
Basic usage of WPScan
Using WPScan is quite simple. To make a scan on a website, the following command is enough:
:~$ wpscan --url [url]
It is also possible to add some extra options through text files. These are the files:
And to know in depth the use of the command, it is advisable to read its help from the terminal:
:~$ wpscan --help
So, enjoy it.
WPScan is an important tool in the security of websites built with WordPress. Its basic use is within everyone’s reach, but the information it shows is very complete. So it’s something you should always keep in mind.
Please share this post with your friends.