[New Tool] WPHardening v1.3 Released
![[New Tool] WPHardening v1.3 Released](https://toolswatch.org/wp-content/uploads/2014/08/logo_wordpress.png)
WPHardening is a security tool for WordPress. Different tools to hardening WordPress.
Usage $ python wphardening.py -h Options: --version show program's version number and exit -h, --help show this help message and exit -v, --verbose Active verbose mode output results --update Check for WPHardening latest stable version
Target: This option must be specified to modify the package WordPress.
-d DIRECTORY, --dir=DIRECTORY **REQUIRED** - Working Directory.
Hardening: Different tools to hardening WordPress.
-c, --chmod Chmod 755 in directory and 644 in files. -r, --remove Remove files and directory. -b, --robots Create file robots.txt -f, --fingerprinting Deleted fingerprinting WordPress. -t, --timthumb Find the library TimThumb. --wp-config Wizard generated wp-config.php --delete-version Deleted version WordPress. --plugins Download Plugins Security. --proxy=PROXY Use a HTTP proxy to connect to the target url for --plugins and --wp-config. --indexes It allows you to display the contents of directories.
Miscellaneous: -o FILE, --output=FILE Write log report to FILE.log
Changelog v1.3 (2014-07-31)
- Change function wp_admin_css().
- Improved wordpress.fuzz.txt list.
- Handle the error when no Internet connection detected pluginsWordPress.py
- Handle the error when no Internet connection detected wpconfigWordPress.py
- Latch recommended plugin.
- Rename variable names.
- Improving detection of WordPress projects.
- Add auto-update core.
- Add a library to find timthumb.php
- Updated of PEP8 in the file wpconfigWordPress.py
- Updated of PEP8 in the file pluginsWordPress.py
- Full functionality with verbose mode.
- WPHardening compatible with WordPress 3.9, 3.9.1 and 3.9.2
Changelog v1.2 (2014-03-16)
- New option in –wp-config to desctivar wp-cron.php
- Improvements in the new function to disable wp-cron.php
- Remove unsed libraries.
- New file extensions to modify fingerprintingWordPress.
- DISALLOW_UNFILTERED_HTML in wp-config-wphardening.php
- chmod 0640 to the file wp-config-wphardening.php
- FORCE_SSL_LOGIN and FORCE_SSL_ADMIN to the file wp-config-wphardening.php
Full Changelog: here
More Information:
Thanks to our friend Daniel Maldonado, for sharing this tool with us.