There are several WordPress user enumeration methods that exist for listing information about WordPress users on a site publicly. User enumeration is considered a security vulnerability and can be scanned with several security scanner tools like WP Scan (GitHub). These are the current URL examples for WordPress user enumeration we are currently aware of in … Learn more…
Your WordPress or WooCommerce store’s health is absolutely critical nowadays both in terms of performance and security. Having a slow site or one that has been defaced does not exactly demonstrate technical proficiency and inspire trust from your visitors. Generally I like to be proactive with performance and security rather than re-active which means we … Learn more…
Previously I have shown how to install WPScan on Ubuntu installation guide (for Ubuntu 16.04) and debian but what if you want to scan locally and not remotely? Especially if a site is protected from WPScan using protection methods that prevent enumeration or access to files that expose the WordPress theme or plugins you are using. … Learn more…
WPScan is a WordPress vulnerability scanner created in the Ruby language. Sucuri sponsors this project and it is hosted open source on github. WPScan uses Sucuri’s vulnerability database for WordPress core, plugins and themes it creates a report on your site’s known security vulnerabilities which could be exploited by a hacker or script kiddie. Install … Learn more…
WordPress is gaining in popularity and therefore the number of attacks specific to WordPress keep increasing. I manage servers for some political websites which get attacked relentlessly so that means I get to create new firewall rules and rate limiting directives to help keep the site running – very fun! Recently this site was being … Learn more…