This is, why WPScan exists. If you not on the latest WP, the use of WPScan plugin is almost mandatory.
Right. You have to install it with Ruby Gem, Docker or Homebrew?? I have only heard of the last one and I suspect it has a different meaning to what I am thinking about.
You mean this?
https://wpscan.com
I am not sure how that would help with the issue, or how many users would even be able to use that.
As soon I read “Subscribe/Register” and “Get your api key” I know that this wont be something I can ever suggest a client to do, who does not even know how to install a Theme.
Additionally, how does that help to resolve the issue I point out in that topic?
It wont solve the issue, it will maximally tell you that your site is unsafe, because you use an outdated WordPress or plugin/theme.
What do I miss?
You must have found something else, WPScan is installed like any other plugin: WPScan – WordPress Security Scanner – WordPress plugin | WordPress.org @anon66243189 This plugin/service scans a site and reports any plugins with known security issues, but as you mention, it requires registration and is not free once you get beyond ~20 total plugins to check.
Another ClassicPress-first solution to this problem that also works today (as long as WP actually publishes a security fix for a plugin instead of just silently removing it) is @Simone’s CPCompatibility - ClassicPress Directory.
I’m all for getting this issue fixed, but it is the same problem: lack of the combination of time and skill to get it done properly.
4 Likes
Beware the wpscan version that you install on your OS. Simply scanning a site is often enough for plugins like Wordfence to lock you out. This is because it generates a MAHOOSIVE number of 404 errors while trying to see if particular plugins exist. It’s basically an agressive fishing expedition.
1 Like