WPScan is a WordPress vulnerability scanner. You can use it for problem location in case there are any vulnerable WordPress themes or WordPress plugins on your website. Today, we will make a short presentation about how to install it on your Linux VPS. It is very easy to install as well as very easy to use.
In this guide we are going to use Ubuntu 14.04. Anyway, no matter what OS template you are using at the moment, you need to upgrade all your system software to the latest version before you install this WordPress vulnerability scanner. If you have an Ubuntu VPS, you can use the following commands to update all your system software to the latest version available:
apt-get update apt-get upgrade
Once the upgrade is finished, you will need to install some required packages so you can install and use WPScan on your Ubuntu VPS. You can install all required packages using the following command:
apt-get install git ruby-dev ruby1.9.3 libxml2 libxml2-dev libxslt1-dev libcurl4-gnutls-dev
Now, you are ready do download WPScan. Please navigate to the /opt directory on your server and run the following command:
cd /opt git clone https://github.com/wpscanteam/wpscan.git
This will download WPScan in the /opt directory on your server. Once the download is finished, you will need to navigate to the wpscan directory and install the required ruby gems using bundler. For that purpose you can use the following commands:
cd wpscan sudo gem install bundler && bundle install --without test
Congratulations, you can now use the WordPress vulnerability scanner to test your website.
If you like to enumerate all the vulnerable themes, you can execute the command below:
ruby wpscan.rb --url http://YOUR-DOMAIN.com --enumerate vt
Please do not forget to replace http://YOUR-DOMAIN.com with your real domain name. If WPScan detects any vulnerable themes, you will need to update them immediately.
Next, if you like to enumerate all the vulnerable plugins, you can execute the command below:
ruby wpscan.rb --url http://YOUR-DOMAIN.com --enumerate vp
Again, the same rule applies here – do not forget to enter your real domain name and update all your vulnerable plugins.
To update WPScan on your Ubuntu VPS, you can use the command:
ruby wpscan.rb --update
More information about WPScan can be found at:
http://wpscan.org/
Of course you don’t have to do any of this if you use one of our Linux VPS hosting services, in which case you can simply ask our expert Linux admins to install WPScan for you. They are available 24×7 and will take care of your request immediately.
PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.
I got error when installing bundler.. error “Bunler error install , required ruby 1.9.3” cant you help me
Did you run the ‘apt-get install git ruby-dev ruby1.9.3 libxml2 libxml2-dev libxslt1-dev libcurl4-gnutls-dev’ command?
I got same error, the following
apt-get install git ruby-dev ruby1.9.3 libxml2 libxml2-dev libxslt1-dev libcurl4-gnutls-dev
shows:
E: Unable to locate package ruby1.9.3
E: Couldn’t find any package by regex ‘ruby1.9.3’
Ruby version 1.9.3 has reached its EOL. You can install a different Ruby version. Thanks.