Screencast: How to use WPScan to provide WordPress plug-in security

Screencast: How to use WPScan to provide WordPress plug-in security

Screencast: How to use WPScan to provide WordPress plug-in security

Date: Jan 30, 2012

Businesses are increasingly turning to WordPress to share their content on the Web, but despite WordPress itself being generally secure, the plug-ins that provide useful features for end users and website providers can introduce security vulnerabilities.

In this month’s screencast, expert penetration tester Mike McLaughlin of First Base Technologies demonstrates how to use WPScan, a tool that exposes security vulnerabilities in WordPress plug-ins. He provides a link to download WPScan, walks through WPScan’s features, and shows how simple it is to assess a site's WordPress plug-in security. From SQL injection vulnerabilities to brute-force attacks on passwords, WPScan can help secure WordPress plug-ins quickly and easily.

About the author:
Mike McLaughlin is a penetration tester working for First Base Technologies, an information security consultancy in the UK. Mike's daily work consists of both internal and external network based penetration testing, Web application penetration testing, and social engineering.

More on Social media security risks and real-time communication security

  • canderson

    Mobile malware and social malware: Nipping new threats in the bud

    VIDEO - Learn mobile and social media malware prevention tactics as contributor Lisa Phifer analyzes the malware risks of social media and mobile devices.
  • canderson

    Social media legal issues: Advice for IT security pros

    VIDEO - Video: When a company or its employees use social media, the IT team should understand the legal terms and conditions of each social media site.
  • canderson

    Faceoff: Has social networking changed data privacy and security?

    VIDEO - In this exclusive conversation, security industry luminaries Hugh Thompson, founder of People Security, and Adam Shostack, author of "The New School of Information Security," discuss the state of social networking and data privacy, and why the social networking phenomenon may be an infosec ticking time bomb waiting to explode.
  • Can encrypted calling apps boost BYOD security?

    Answer - There are apps available that encrypt voice communications on smartphones and BYO devices, but are they really worth the investment? Expert Michael Cobb discusses.
  • How can vishing attacks be prevented?

    Answer - Enterprise threats expert Nick Lewis explains what vishing attacks are and offers best practices for defending against them.
  • Rogue IMSI catchers heighten enterprise cell phone security risks

    News - News roundup: Rogue cell phone towers are popping up across the United States, heightening enterprise communication and data privacy concerns. Plus: Goodwill breach update; Adobe patches released; and security in 2025.

    ( Sep 19, 2014 )

  • The importance of social media compliance

    Answer - Social media compliance is not typically considered a big issue for companies, but expert Mike Chapple explains why it should be.
  • social login

    Definition - Social login is a single sign-on (SSO) that allows users to authenticate themselves on various applications and sites by connecting through a social networking site rather than typing a separate ID and password on each website. The sites most commonly associated with social login are Facebook, LinkedIn, Google and Twitter.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: