Penetration Testing

*> how to define penetration testing for WP sites.*

Not sure what you mean exactly, but this is the sort of thing that pen testers test for:

* The version of WordPress installed and any associated vulnerabilities
* What plugins are installed and any associated vulnerabilities
* What themes are installed and any associated vulnerabilities
* Username enumeration
* Users with weak passwords via password brute forcing
* Backed up and publicly accessible wp-config.php files
* Database dumps that may be publicly accessible
* If error logs are exposed by plugins
* Media file enumeration
* Vulnerable Timthumb files
* If the WordPress readme file is present
* If WP-Cron is enabled
* If user registration is enabled
* Full Path Disclose
* Upload directory listing

source: [https://wpscan.com/wordpress-security-scanner])

1 Comment

bluesix says:
December 20, 2022 at 11:18 pm
*> how to define penetration testing for WP sites.*
Not sure what you mean exactly, but this is the sort of thing that pen testers test for:
* The version of WordPress installed and any associated vulnerabilities
* What plugins are installed and any associated vulnerabilities
* What themes are installed and any associated vulnerabilities
* Username enumeration
* Users with weak passwords via password brute forcing
* Backed up and publicly accessible wp-config.php files
* Database dumps that may be publicly accessible
* If error logs are exposed by plugins
* Media file enumeration
* Vulnerable Timthumb files
* If the WordPress readme file is present
* If WP-Cron is enabled
* If user registration is enabled
* Full Path Disclose
* Upload directory listing
source: [https://wpscan.com/wordpress-security-scanner])

When updating plugins, the site was off

Edit the source code for one specific WordPress Page