Do you know any stand-alone client or web tool (like grc) that could scan, find and report Wordpress vulnerabilities, plugins included?
A:
Wordpress isn't a special web application so any scanner will work. Use a scanner like Acunetix or Wapiti.
But if you want to keep your wordpress install from getting pwn3d then you have to make sure it and all of its plugins are up to date because a scanner will never be able find everything.
Rook
2010-04-08 21:20:37
+1
A:
There's WordPress Exploit Scanner that works as a WP plugin.
"This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames. It does not remove anything. That is left to the user to do."
Like anything of this nature, it's open to discussion how effective it is.
songdogtech
2010-04-08 22:06:01
That sounds more like it works after-the-fact, to determine if you've already been exploited.
Chad Birch
2010-04-08 22:11:38
It is; that's what the plugin developer advises.
songdogtech
2010-04-08 23:49:06
+1 Thanks for the hints
systempuntoout
2010-04-09 06:38:50