![]() In the readme.txt we can see the version of the plugin. Once you have a list of plugins that are present on the site, your WordPress scanner or manual requests can be used to determine the version of the plugin. The web server response will usually reveal valid directories (often with HTTP 403) as opposed to unknown directories on the web server with its HTTP response code. A number of tools can brute force known plugin lists from the path /wp-content/plugins/ * plugin to test * /. To find all the installed plugins you have to be more aggressive. Some plugins do not leave traces in the HTML source. Even the HTTP headers can reveal information, such as the X-Powered-By header that reveals the presence of the W3-Total-Cache plugin. These are the easiest plugins to discover and require no aggressive testing of the target site. Reading through the HTML source of the WordPress site can reveal installed plugins through javascript links, comments and resources such as CSS that are loaded into the page. ![]() Active enumeration is more aggressive and usually involves using a script or tool to perform hundreds or even thousands of mostly invalid HTTP requests.Passive analysis can be used to find plugins through regular HTTP requests to the WordPress site.Knowing the installed WordPress plugins may allow us to identify the version, and research whether it is vulnerable to known exploits. WordPress Plugin (and version) Enumerationĭuring WordPress Plugin Enumeration we attempt to find as many installed plugins as we can (even those that are disabled). Consequently, the chance of a successful attack has increased considerably. In a poorly managed site other components (plugins / themes) may not have been updated. And, it is a clear indication the site is not being well maintained. Security Vulnerabilities in WordPress CoreĪn attacker finds a site with an older WordPress Core version, and as a result, this may be directly exploitable via a security vulnerability in the WordPress core. In the HTML source, the version is often appended as a parameter on links to javascript and css resources that the page is loading.ĭepending on the plugin, this will not always be the case, and sites that have minified js and css may not have these information leaks present. Early versions of WordPress had the version right there at the top of the ReadMe file, newer versions of WordPress have removed the version from the file. If the meta tag has been disabled, check for the presence of /readme.html from root of the install. From the source HTML: Version in readme.html This example is taken from the source of a default WP install of version 3.5.2 and twenty twelve theme. Meta GeneratorĬheck the HTML source of the page for a meta generator tag in the HEAD section of the HTML source. Three simple methods can be used to determine the core version of WordPress. Determining whether the site is running the latest WordPress core version is a good start. To begin with, we want to get an idea of how well maintained the site is. Or it can be performed more aggressively by brute forcing web paths to detect the presence of plugins and themes. This will help us when we move onto the actual attacking or exploitation phase.Įnumeration or reconnaissance can be conducted stealthily using regular web requests to gather technical information about the site. The first thing we want to do is discover as much technical information regarding the site configuration as we can. Ready to start? Let's grab our hoodie and start hacking. If you are self hosting, then security and maintenance are your responsibility. Keep in mind, in a managed WordPress hosting service, some of these attacks (and mitigations) will be the responsibility of the hosting provider. To get started securing a WordPress install, try the excellent guide on or this comprehensive guide on the OWASP site. This article does not intend to repeat those. There are very good guides on securing a WordPress installation available. This popularity makes it a target for bad guys aiming to use a compromised web server for malicious purposes.īy providing details of attack techniques we aim to raise awareness about the need for good maintenance and security monitoring of WordPress. The number of installs continues to grow there are now an estimated 75 million WordPress sites. Its ease of use and open source base are what make it such a popular solution. WordPress is the application behind more than 30% of all websites.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |