About us
BlogSecurity are security evangelists with a specific target on web 2.0 related security. Learn more
about us.
Introduction
WordPress scanner is a free online resource that blog administrators can use to provide a measure of their wordpress security level. It is BETA software and is continually being developed.
This page is the primary help page for wp-scanner. All official documentation can be found this page or links provided.
How to Run WP-Scanner
To run wp-scanner, you have to
download the wp-scanner activator plugin. This plugin is only about 5 lines long. All it does is add “<!–wp-scanner–>” to your current WordPress template. Why does it do this? Simple, it allows us to verify that you actually own the blog and have permission to test it. Please remember to disable the plugin after use or others will be able to scan your blog too. More
precise instructions are available here (if required).
If the plugin fails for some reason, wp-scanner now supports text file verification.
Simply download the following file and place it in your blog directory (i.e. /wordpress/wpscan.txt).
Launch WP-Scanner (once Activation Plugin is enabled)
Once you have activated the wp-scanner plugin, you can click on the “WordPress Scanner” page on the BlogSecurity menu. Alternatively, click here:
I provided links to both scanners for the time being. Note, the Old WP-Scanner is no longer supported and will soon be removed altogether. For the time being, it is worth running both as the new version is currently not as detailed.