If you find this useful, please ⭐ on GitHub!
WPScan is a free and open-source WordPress security scanner. It identifies vulnerabilities, plugins, themes, and users. Repo: WPScan GitHub
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
gem install bundler && bundle installwpscan --url http://example.com- Checks WordPress version, plugins, themes.
- Displays potential security issues.
--enumerate→ List plugins, themes, users-f→ Force scan--wordlist <file>→ Password list for brute force--random-user-agent→ Random user-agent--threads <n>→ Number of request threads--update→ Update WPScan
Usage: wpscan [options]
--url URL WordPress URL/domain
--disable-accept-header Disable Accept HTTP header
--disable-referer Disable Referer HTTP header
--wp-content-dir DIR Custom wp-content path
--wp-plugins-dir DIR Plugins directory
--wp-themes-dir DIR Themes directory
--random-user-agent Use a random user-agent
-v, --verbose Verbose output
--enumerate[=OPTS] Plugins, themes, users
--threads THREADS Number of threads
--throttle DELAY Delay in ms per request
--output FILE Save results
--format FORMAT Output format (cli, json, xml, yml)
--update Update WPScan
--proxy PROXY Use a proxy
--tor Use TORwpscan --url http://example.comwpscan --url http://example.com --enumerate p,twpscan --url http://example.com --usernames admin --wordlist passwords.txtnmap -p- -sV --script=http-wordpress-enum target.com
wpscan --url http://target.com --enumerate vp --plugins-detection mixedwpscan --url target.com --enumerate p,t,u
nikto -h target.com- Use IDS (Snort/Suricata) to monitor traffic while WPScan runs
- Compare alerts with scan results
- Run ZAP scan in parallel with WPScan
- Combine results for a full WordPress security assessment
- Only scan your own or authorized systems
- Keep WP, plugins, and themes up-to-date
- Use strong passwords
- Document scan logs
Use responsibly. No unauthorized access or brute force without permission.
PRs and issues welcome to keep the guide practical and up-to-date.
- Maintainer: VolkanSah
- License: MIT
