Next Previous




PRODUCTS > Acunetix > Acunetix Innovative Technologies
Acunetix Innovative Technologies - WordPress Checks

WordPress Security Scan Features

With more than 24% of websites on the Internet running WordPress, and a 60% share of the Content Management System (CMS) market; WordPress security is becoming an increasingly important factor in an organization’s security posture.


While WordPress’ core is designed with security in mind, the same cannot be said for the thousands of plugins which extend the WordPress ecosystem. Unfortunately, thousands of WordPress plugins contain high-severity vulnerabilities. Unless vulnerable plugins are updated or disabled, they could allow attackers to easily compromise the integrity and availability of the site, gain access to the WordPress administrative interface and the database, as well as deface the site and trick users into phishing attacks, or use the site to distribute malware.


Scan for Vulnerable WordPress Plugins

  • Acunetix identifies WordPress installations, and will launch security tests for over 1200 popular WordPress plugins, as well as several other vulnerability tests for WordPress core vulnerabilities. In addition, Acunetix will also conduct other WordPress-specific configuration tests such as weak WordPress admin passwords, WordPress username enumeration, backup files, malware disguised as plugins and old versions of plugins.

    The WordPress plugins detected, are listed in the WordPress plugins Knowledge Base including a description, version number detected and latest version of plugin to update to. Similar checks are also performed on other Content Management Systems such as Joomla! and Drupal.

WordPress Configuration File Disclosure

  • Although most of the common configuration settings are available through the WordPress admin interface, the WordPress administrator might need to alter certain settings from directly. This is often done by first creating a backup of the known working configuration, before proceeding with manually altering the file in a text editor. However, the backed up file becomes available to whoever is able to guess the name of the backup file.

    Username Enumeration and Weak Password Guessing


    Acunetix runs tests for username enumeration of WordPress accounts. Enumerating usernames gives attackers a head-start when attacking your WordPress installation, since an attacker would have the necessary information to launch a password dictionary attack against the enumerated usernames.

    Based on the users identified during the scan, Acunetix will also attempt to detect if the enumerated users are using weak passwords based on a password list, as well as other combinations, including the use of leetspeak.



Not Just WordPress

  • In addition to detection of vulnerable versions of WordPress core, plugins and misconfigurations, Acunetix can also detect vulnerabilities in Joomla! and Drupal installations. Following WordPress, Joomla! and Drupal are among the most widely deployed Content Management Systems (CMSs) and have their own share of vulnerabilities and misconfigurations.




SecureOne is a partner centric technology distributor that specialize in secure IT networking solutions, services and support. Principals and resellers partnering with us for proven expertise, enablement resources and overall business execution. We are a preferred distribution partner for many of today's leading and emerging networking and security products including SOPHOS, Cyberoam, Kemp, Paessler, Acunetix, Parallels, IP-guard, Altaro, AISHU, SonicWall, Mushroom Network, Info Express & etc.

Copyright © SecureOne Distribution Sdn Bhd. All Rights Reserved