[New Tool] WPHardening v1.3 Released

[New Tool] WPHardening v1.3 Released

WPHardening is a security tool for WordPress. Different tools to hardening WordPress.

 

Usage
$ python wphardening.py -h 
Options:
 --version show program's version number and exit
 -h, --help show this help message and exit
 -v, --verbose Active verbose mode output results
 --update Check for WPHardening latest stable version
Target:
 This option must be specified to modify the package WordPress.
-d DIRECTORY, --dir=DIRECTORY
 **REQUIRED** - Working Directory.
Hardening:
 Different tools to hardening WordPress.
-c, --chmod Chmod 755 in directory and 644 in files.
 -r, --remove Remove files and directory.
 -b, --robots Create file robots.txt
 -f, --fingerprinting
 Deleted fingerprinting WordPress.
 -t, --timthumb Find the library TimThumb.
 --wp-config Wizard generated wp-config.php
 --delete-version Deleted version WordPress.
 --plugins Download Plugins Security.
 --proxy=PROXY Use a HTTP proxy to connect to the target url for
 --plugins and --wp-config.
 --indexes It allows you to display the contents of directories.
Miscellaneous:
 -o FILE, --output=FILE
 Write log report to FILE.log

Changelog v1.3 (2014-07-31)

  • Change function wp_admin_css().
  • Improved wordpress.fuzz.txt list.
  • Handle the error when no Internet connection detected pluginsWordPress.py
  • Handle the error when no Internet connection detected wpconfigWordPress.py
  • Latch recommended plugin.
  • Rename variable names.
  • Improving detection of WordPress projects.
  • Add auto-update core.
  • Add a library to find timthumb.php
  • Updated of PEP8 in the file wpconfigWordPress.py
  • Updated of PEP8 in the file pluginsWordPress.py
  • Full functionality with verbose mode.
  • WPHardening compatible with WordPress 3.9, 3.9.1 and 3.9.2

 

Changelog v1.2 (2014-03-16)

  • New option in –wp-config to desctivar wp-cron.php
  • Improvements in the new function to disable wp-cron.php
  • Remove unsed libraries.
  • New file extensions to modify fingerprintingWordPress.
  • DISALLOW_UNFILTERED_HTML in wp-config-wphardening.php
  • chmod 0640 to the file wp-config-wphardening.php
  • FORCE_SSL_LOGIN and FORCE_SSL_ADMIN to the file wp-config-wphardening.php

Full Changelog: here

More Information:

Download WPHardening v1.3

Thanks to our friend Daniel Maldonado, for sharing this tool with us.

MaxiSoler

www.artssec.com @maxisoler