Menu

WPScan is a popular wordpress security scanner.

The most popular wordpress security scanner used to detect vulnereable theme, plugins and enumerate user accounts.

Name Version Latest Version Last updated Outdated Author

Name Version Latest version Last updated Outdated Vulnerabilities

Name Version Latest version Last updated Outdated Vulnerabilities

User ID URL Gravatar URL Confidence
Disclaimer

This tool is intended to help system administrators and other security researchers assess external threats on the website they OWN. Ensure that you are AUTHORIZED to perform scan. We are not liable of any damaged caused by misuse.

WPScan WordPress Security Scanner detects

  • Version of WordPress installed and any associated vulnerabilities
  • What plugins are installed and any associated vulnerabilities
  • What themes are installed and any associated vulnerabilities
  • Username enumeration
  • Users with weak passwords via password brute forcing
  • Backed up and publicly accessible wp-config.php files
  • Database dumps that may be publicly accessible
  • Media file enumeration
  • Vulnerable Timthumb files
  • If the WordPress readme file is present
  • If WP-Cron is enabled
  • If user registration is enabled
  • Full Path Disclose
  • Upload directory listing
Nmap scan online port scanner

WPscan Username enumeration

WPscan can enumerate user accounts on most wordpress sites. There are several methods that the scanner uses to perform user enumerations. This can help expose things like internal id of each user, and aid in brute forcing.

The WPScan CLI tool is a free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites. The WPScan CLI tool uses our database of over 24,640+ WordPress vulnerabilities.