How to Use WPScan to Find All WordPress Security Vulnerabilities
WPScan is a free automated web vulnerability scanner that checks your WordPress installation for known flaws. It then presents to you a detailed report on all identified threats, which you can either analyze, fix or do away with (if there are none). WPScan can be run as a portable application or on the computer’s desktop for complete scanning. WPScan has been designed by an experienced web vulnerability scanner called WP-Vulnerability scanner using the WPA2 protocol that checks for known security flaws in the WPA2 security protection of your wireless network.
WPScan can scan for WordPress security vulnerabilities while surfing the Internet via windows, Linux, UNIX, or other platforms, or on a web server that supports Winamp for scanning. You can also use it on your iPhone, iPad, Android cell phone or PDA to check for open files and open widgets on your favorite websites. There is no need to download and install separate scanning software to run WPScan, and there are no limitations on how many times you want to scan for WordPress security weaknesses. WPScan can run on its own, without requiring user intervention, until it finds any malicious code that it scans for.
To scan for WordPress security vulnerabilities, one has to select a’scan’ option from the ‘tools’ drop down menu on the main page of the WPScan interface. The number of detected security flaws will determine how many infections are detected. After selecting a scan option you will be given an overview showing a list of discovered files as well as their types (jpeg, PHP, Shell, Plugin, etc.). Some of the most common forms of vulnerability that are found while surfing the Internet include: Perl error messages, JavaScript error messages, PHP scripts, multimedia object messages, audio/video files/clips, and application crashes. By default, all detected vulnerabilities are shown but you can select to hide or reveal which security weaknesses you want to be detailed.