Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Word press


Published on

  • Be the first to comment

  • Be the first to like this

Word press

  1. 1. Wordpress Security Report Wordpress Security Report is the world leader in online open source intelligence and security assessments. All scanning tools are on-line for easy and convenient Vulnerability Scan options include:Server / IP Web Sites Intelligence CMSNmap Port Scan WhatWeb Site Fingerprint DomainProfiler WordPress ScanOpenVas Scan SQL Injection Test Fierce Domain Scan Joomla ScanSSL Check Nikto Web Scan Hosting Server Info Drupal Scan BlindElephant Scan This report is autogenerated using various sources and scripts. No guarantee is made to the accuracy of the information found. See for full Terms of Service. Design and Layout is licensed under a Creative Commons Attribution 3.0 Unported License.Wordpress Security Scan by LLC 1 of 10
  2. 2. Wordpress Security Report Table of Content Wordpress Security Report 1 1 Table of Content 2 Wordpress Site Info 3 Domain Reputation Check 3 Default Login Page 3 Robots.txt found 3 Site Link Review 4 External Site Links 4 Internal Site Links 4 Plugins, Theme and Javascript 5 Javascript links and Scripts found 5 iframes found in pages 6 WPScan Results 6 Hosting Information for 8 Websites sharing the same IP address 8 Appendix A : Additional Resources 10 The Basics 10 Advanced Security Testing 10 Further Information 10Wordpress Security Scan by LLC 2 of 10
  3. 3. Wordpress Security Report This report is based on an automated security scan perfomed by It was generated on Wed Nov 14 21:58:22 2012 More InformationWordpress Site Info Wordpress Version: 3.4.2 Good the version of Wordpress is current. It is recommended to always upgrade to the latest version. Web Server: Apache MetaGenerator: Nova v.2.2,WordPress 3.4.2 Buy Instagram Followers,Get more Instagram Page Title: Followers,Buy Instagram Likes,Instagram Followers,how to get followers on instagramDomain Reputation CheckThe site has been checked against web reputation services Ref Service Site Check Result Google Safebrowsing finds this site as safe SAFE MyWot has rated the sites trustworthiness as Very Poor 1Default Login Page The WordPress administration login page is at the default location is not a critical risk however it should be understood that brute force attacks against WordPress login accountsincluding the admin account are not difficult. A strong password on the admin accounts is vital. It is recommended torename the default admin account to a non-generic name.Robots.txt foundThe robots.txt is used to tell search engines to ignore parts of your site. It can also be used by attackers to find stuff youmay not want to be public and other interesting directories. raw file User-agent: * Disallow: /wp-admin/ Disallow: /wp-includes/ Sitemap: Security Scan by LLC 3 of 10
  4. 4. Wordpress Security ReportSite Link ReviewUse this section to understand a sites link structure and the reputation of linked sites.External Site LinksThese links have been found to external sites. They have been assessed for reputation using the Google Safe Browse andMyWOT reputation services. link Google MyWOT SAFE 95Internal Site LinksThese are the links from the main index page to other pages within the website. links Security Scan by LLC 4 of 10
  5. 5. Wordpress Security ReportPlugins, Theme and JavascriptWordPress plugins and Themes should be monitored for updates. Security vulnerabilities are often fixed in updates.Javascript and iframes of unknown origin should be checked to ensure they are legmitimate. A compromised site will usethese as vectors in order to deliver malware against client systems.Javascript links and Scripts foundWP Theme: NovaGoogle Analytics Account ID : UA-30553062-1WordPress Plugins Detected name version latest announcer 3.4.2 arconix-shortcodes floating-menu jetpack 3.4.2 1.5 shortcodes-ultimate 3.9.5 3.9.5 skype-online-status 2.8.6 strx-magic-floating-sidebar-maker 3.4.2 These plugins were detected passively from a sample of sites pages. This is not a full audit of the plugins installed.The WPScan Active scan option can detect plugins more aggressively. Regular monitoring of plugins should be undertakenand fixes applied when released.Internally Linked Javascript link Security Scan by LLC 5 of 10
  6. 6. Wordpress Security Report found in pagesThese iframe links should be checked to ensure they are legitimate. Malware and compromised hosts can be linked bymalicious iframes link Google MyWOT SAFE 90 &action=like&colorscheme=light&height=80 SAFE 90 followers%2F&layout=standard&show_faces=false&width=450&action=like&colorscheme=light&height= 80 SAFE 90 likes%2F&layout=standard&show_faces=false&width=450&action=like&colorscheme=light&height=80 SAFE 90 views%2F&layout=standard&show_faces=false&width=450&action=like&colorscheme=light&height=80WPScan ResultsThe following results have been returned by the active WPScan. WPScan Output WordPress Security Scanner by Sponsored by the RandomStorm Open Source Initiative _____________________________________________________ | URL: | Started on Wed Nov 14 21:58:45 2012 [!] The WordPress theme in use is called Nova v2.2 [!] The WordPress "" file exists [!] WordPress version 3.4.2 identified from meta generator [+] Enumerating plugins from passive detection ... 6 found : | Name: announcer | Location: | Name: shortcodes-ultimate | Location: | Name: jetpack | Location: | | [!] WordPress jetpack plugin SQL Injection Vulnerability | * Reference: | Name: arconix-shortcodes | Location: | Name: strx-magic-floating-sidebar-maker | Location: | Name: floating-menu | Location: [+] Enumerating installed plugins ... [+] We found 11 plugins:Wordpress Security Scan by LLC 6 of 10
  7. 7. Wordpress Security Report | Name: skype-online-status | Location: | Directory listing enabled? Yes. | Name: bulletproof-security | Location: | Directory listing enabled? Yes. | | [!] WordPress BulletProof Security <= 0.47 Cross Site Scripting | * Reference: | Name: shortcodes-ultimate | Location: | Directory listing enabled? Yes. | Name: clickdesk-live-support-chat-plugin | Location: | Directory listing enabled? Yes. | Name: 6scan-protection | Location: | Directory listing enabled? No. | Name: wp-post-date-remover | Location: | Directory listing enabled? Yes. | Name: simple-page-ordering | Location: | Directory listing enabled? Yes. | Name: wordpress-simple-paypal-shopping-cart | Location: cart/ | Directory listing enabled? Yes. | Name: quick-chat | Location: | Directory listing enabled? Yes. | Name: share-buttons-simple-use | Location: | Directory listing enabled? No. | Name: image-banner-widget | Location: | Directory listing enabled? Yes. [+] Enumerating timthumb files... [+] We found 1 timthumb file/s: [!] * Reference: [+] Enumerating usernames... We found the following 1 username/s: admin [+] Finished at Wed Nov 14 22:17:43 2012Wordpress Security Scan by LLC 7 of 10
  8. 8. Wordpress Security ReportHosting Information for www.fansandfollowers.orgThe following details about the server and hosting provider have been discovered. Domain: IP: Organization: Bluehost AS Name: BLUEHOST-AS-2 ISP: BLUEHOST INC. City: Provo Country: United StatesWebsites sharing the same IP addressThese sites have been found to be sharing the servers IP address, the primary source for this data is a Bing IP addresssearch. Reputation is checked using the Google Safe Browse and MyWOT services. link Page Title Google MyWOT Festive Effects - Creative Balloon Decorations and Family ... SAFE ??? Stoltzfus Enterprises, Ltd. - Builder of Custom Homes ... SAFE 70 Home | International Institute of Minnesota SAFE 71 Fingerfood Jewelry - Miniature Food Jewelry Made From Polymer Clay SAFE ??? Melissa Oyler Designs, LLC SAFE ??? Sindhar SAFE 73 Delicate Sales SAFE ??? Icarus Consultants: Pharma Biotech Marketing Strategy, New ... SAFE 70 Jass Developers, Residential Apartments, Flats, Individual houses ... SAFE ??? Stewart Lawn & Landscape :: Home SAFE 70 SKATALITES | The Foundation of Ska, Rock Steady & Reggae SAFE 78 Fix Auto South Seattle SAFE ??? Elizabeth H. Kim & Associates, PLLC - Attorneys and Counselors at Law SAFE ??? Home - HelioTech SAFE ??? Rockford ID Shop, Inc. SAFE ??? | visual communication SAFE ??? Schnell Contracting - Home SAFE ??? Leafpile: Henry & Kathleens Website SAFE 72 Salon East 316 SAFE ??? Welcome to Biancas Italian Eatery! SAFE 70 Johnny Galbraith .:. Copywriter Portfolio SAFE ??? - Facility Services Experts, Janitorial, HVAC ... SAFE ??? Auto repair portland oregon | Auto body painting SAFE ??? SAFE ??? Roofing Consultants: Waterproofing, Inspections SAFE ??? EIT | Excellence In Teaching SAFE ??? Jennifer Renee Photography SAFE ??? Home Inspection SAFE ??? Wholesale Aroma Jewelry - AromaGlass SAFE ???Wordpress Security Scan by LLC 8 of 10
  9. 9. Wordpress Security Report Jobless Short Film SAFE ??? bette frank leahy SAFE ??? Kyung Hee Tae Kwon Do SAFE ??? fifteen minute fitness: chico, ca SAFE ??? The Air King Inc. SAFE ??? Natural Awakenings Magazine Charlotte SAFE ??? Esther Prosser Real Estate SAFE ??? Biotech Strategy Blog - Science, Innovation, New Products SAFE ??? Beacon Free Will Baptist Church SAFE ??? Sister Cities Association of Fishers SAFE ??? sara & rocky :: texas wedding photographers SAFE ??? Truck Farm Chicago | The Farm-on-Wheels SAFE ??? Immacolata Manor Immacolata Manor l A Quiet Point of Pride SAFE ??? Official WebSite of Joeleen "Welcome to my World" DownLoad her New ... SAFE ??? Revel Caffe | independent coffee for a Revolution. SAFE ??? St. Catherine of Siena Roman Catholic Church SAFE ??? Wise Woman Wellness, LLC SAFE ??? Mosaic Salon - Greenville, WI SAFE ??? Golden Touch Pet Salon SAFE ??? Home page [] SAFE ??? Pharma Strategy Blog SAFE ???Wordpress Security Scan by LLC 9 of 10
  10. 10. Wordpress Security ReportAppendix A : Additional ResourcesWordPress is a stable and easy to use blogging platform that has a good level of security provided a few easy steps aretaken.The Basics* Back It Up - Be ready to lose it all at anytime. If you have an up to date backup restoring is much easier* Keep WordPress System up to date* Keep all Plugins up to date* Beware of untrusted Themes* Rename admin account to a non-generic name* Use strong passwords ( a dictionary word with a number after it is not a strong password! )* Keep your password safe! Do not re-use it on other sites.* Ensure you have up to date AV on your Windows Machine. Malware collects passwords.* The underlying server must be well managed and in a secure state* VPS or Dedicated server? Set up server monitoring ( is a good start)Advanced Security TestingThis report has been generated using automated scripts and tools, while it providesa good overview of the general security of the site and any obvious problems, it isfar from a comprehensive security has a comprehensive security assessment offering that is ineffect a simulated hacker attack against the target system. This assessment by itsnature is much more aggressive than the automated review you are looking at now,and provides a full report with any security holes found along with recommendationsfor increasing the security of the system.Alternatively there is a collection of security tools available for free and online for testing at InformationThere are a thousand and one guides for wordpress security tips. Some of the best information is from the source.* Hardening WordPress* FAQ My Site Was HackedWordpress Security Scan by LLC 10 of 10