H-Online: Developer Ryan Dewhurst has launched a new project called WPScan,
a WordPress Security Scanner. The initial version can attempt to work
out user names, crack weak passwords and identify vulnerabilities based
on version. Dewhurst plans to add plugin detection and also identify the
plug-in vulnerabilities, as well as add other checks.
The newly created project, developed by Dewhurst after creating a "Brute Force Tool"
for WordPress, is designed to help security professionals of WordPress
administrators assess their WordPress installations. The alpha quality
Ruby code is licensed under the GPLv3 and is being hosted on Google Code.
WordPress has become somewhat
known for security issues; many users configure a WordPress blog but
fail to keep the blogging software behind it up to date. This failure
can often allows attackers to use well known flaws to gain control of
the blog.
0 comments:
Post a Comment