Recently I have been doing a lot of testing on a couple of my web sites that run WordPress and realized that securing your site takes a bit of effort. There are some plugins that do a great job at certain things however I wasn’t able to find any that did a great job of securing everything that I would prefer be secured. Below I describe a multi-pronged approach to securing your WordPress site from hacking attempts using multiple WordPress plugins as well as performing a couple manual steps that ensure the WordPress details exposed to the world are minimal.
One of my favorite apps in Backtrack Linux that I recently discovered is wpscan. There are a ton of WordPress sites in the wild and using wpscan is an excellent way to begin an audit on a WP site. There are a couple things that wpscan does that is really amazing such as enumerating logins from WordPress sites and enumerating WordPress plugins that are installed. Below are a couple examples of how wpscan can be useful for WordPress web site analysis.
PBNJ is made ip of two commands which are scanpbnj and outputpbnj. The manpages for both scanpbnj and outputpbnj are located in collapsed tables at the bottom of this post in case you want more details. When you run scanpbnj it technically a script that runs nmap and dumps the results to a database. The scanpbnj command will store results in various database formats including CSV, MySQL, PostgreSQL, and SQLite. Once the results are stored you can pull the results from the database using outputpbnj which can output report style results in CSV format, tab delimited format, or HTML format. Continue reading below for more details regarding outputpbnj and scanpbnj on Backtrack Linux 5 r2.
Earlier tonight while testing the functionality of pbnj including both scanpbnj and outputpbnj on Backtrack Linux I noticed an error with outputpbnj. It appears that during one of the last updates the developer accidentally let a small bug slip by but unfortunately it stops outputpbnj from working at all. The good news is the outputpbnj bug is really easy to fix by remove a couple characters from a single line of the code base. Follow the directions below to get outputpbnj working properly on Backtrack Linux 5 R2.
While playing around with pbnj or scanpbnj on Backtrack just a little bit ago I received an error when attempting to have scanpbnj output results to a CSV file. The error received is easily resolved by installing a single package on Backtrack. Below the error is described in more detail along with details about how to install the package that resolves the error message.