WPScan and plugin updates

This is, why WPScan exists. If you not on the latest WP, the use of WPScan plugin is almost mandatory.

1 Like

Right. You have to install it with Ruby Gem, Docker or Homebrew?? I have only heard of the last one and I suspect it has a different meaning to what I am thinking about.

You mean this?
https://wpscan.com

I am not sure how that would help with the issue, or how many users would even be able to use that.
As soon I read “Subscribe/Register” and “Get your api key” I know that this wont be something I can ever suggest a client to do, who does not even know how to install a Theme.
Additionally, how does that help to resolve the issue I point out in that topic?

It wont solve the issue, it will maximally tell you that your site is unsafe, because you use an outdated WordPress or plugin/theme.

What do I miss?

You must have found something else, WPScan is installed like any other plugin: WPScan – WordPress Security Scanner – WordPress plugin | WordPress.org @smileBeda This plugin/service scans a site and reports any plugins with known security issues, but as you mention, it requires registration and is not free once you get beyond ~20 total plugins to check.

Another ClassicPress-first solution to this problem that also works today (as long as WP actually publishes a security fix for a plugin instead of just silently removing it) is @Simone’s CPCompatibility - ClassicPress Directory.

I’m all for getting this issue fixed, but it is the same problem: lack of the combination of time and skill to get it done properly.

4 Likes

Ah, OK. I found this https://wpscan.com/wordpress-security-scanner

1 Like

Yes, wpscan.com. The plugin will mark vulnerable plugins in your installation.

1 Like

Beware the wpscan version that you install on your OS. Simply scanning a site is often enough for plugins like Wordfence to lock you out. This is because it generates a MAHOOSIVE number of 404 errors while trying to see if particular plugins exist. It’s basically an agressive fishing expedition.