Install WPScan on an Ubuntu 14.04 VPS

WPScan is a WordPress vulnerability scanner. You can use it for problem location in case there are any vulnerable WordPress themes or WordPress plugins on your website. Today, we will make a short presentation about how to install it on your Linux VPS. It is very easy to install as well as very easy to use.

In this guide we are going to use Ubuntu 14.04. Anyway, no matter what OS template you are using at the moment, you need to upgrade all your system software to the latest version before you install this WordPress vulnerability scanner. If you have an Ubuntu VPS, you can use the following commands to update all your system software to the latest version available:

apt-get update
apt-get upgrade

Once the upgrade is finished, you will need to install some required packages so you can install and use WPScan on your Ubuntu VPS. You can install all required packages using the following command:

apt-get install git ruby-dev ruby1.9.3 libxml2 libxml2-dev libxslt1-dev libcurl4-gnutls-dev

Now, you are ready do download WPScan. Please navigate to the /opt directory on your server and run the following command:

cd /opt
git clone https://github.com/wpscanteam/wpscan.git

This will download WPScan in the /opt directory on your server. Once the download is finished, you will need to navigate to the wpscan directory and install the required ruby gems using bundler. For that purpose you can use the following commands:

cd wpscan
sudo gem install bundler && bundle install --without test

Congratulations, you can now use the WordPress vulnerability scanner to test your website.

If you like to enumerate all the vulnerable themes, you can execute the command below:

ruby wpscan.rb --url http://YOUR-DOMAIN.com --enumerate vt

Please do not forget to replace http://YOUR-DOMAIN.com with your real domain name. If WPScan detects any vulnerable themes, you will need to update them immediately.

Next, if you like to enumerate all the vulnerable plugins, you can execute the command below:

ruby wpscan.rb --url http://YOUR-DOMAIN.com --enumerate vp

Again, the same rule applies here – do not forget to enter your real domain name and update all your vulnerable plugins.

To update WPScan on your Ubuntu VPS, you can use the command:

ruby wpscan.rb --update

More information about WPScan can be found at:

http://wpscan.org/

Of course you don’t have to do any of this if you use one of our Linux VPS hosting services, in which case you can simply ask our expert Linux admins to install WPScan for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.