[New Tool] WPHardening v1.3 Released

[New Tool] WPHardening v1.3 Released

WPHardening is a security tool for WordPress. Different tools to hardening WordPress.

 

Usage
$ python wphardening.py -h 
Options:
 --version show program's version number and exit
 -h, --help show this help message and exit
 -v, --verbose Active verbose mode output results
 --update Check for WPHardening latest stable version
Target:
 This option must be specified to modify the package WordPress.
-d DIRECTORY, --dir=DIRECTORY
 **REQUIRED** - Working Directory.
Hardening:
 Different tools to hardening WordPress.
-c, --chmod Chmod 755 in directory and 644 in files.
 -r, --remove Remove files and directory.
 -b, --robots Create file robots.txt
 -f, --fingerprinting
 Deleted fingerprinting WordPress.
 -t, --timthumb Find the library TimThumb.
 --wp-config Wizard generated wp-config.php
 --delete-version Deleted version WordPress.
 --plugins Download Plugins Security.
 --proxy=PROXY Use a HTTP proxy to connect to the target url for
 --plugins and --wp-config.
 --indexes It allows you to display the contents of directories.
Miscellaneous:
 -o FILE, --output=FILE
 Write log report to FILE.log

Changelog v1.3 (2014-07-31)

  • Change function wp_admin_css().
  • Improved wordpress.fuzz.txt list.
  • Handle the error when no Internet connection detected pluginsWordPress.py
  • Handle the error when no Internet connection detected wpconfigWordPress.py
  • Latch recommended plugin.
  • Rename variable names.
  • Improving detection of WordPress projects.
  • Add auto-update core.
  • Add a library to find timthumb.php
  • Updated of PEP8 in the file wpconfigWordPress.py
  • Updated of PEP8 in the file pluginsWordPress.py
  • Full functionality with verbose mode.
  • WPHardening compatible with WordPress 3.9, 3.9.1 and 3.9.2

 

Changelog v1.2 (2014-03-16)

  • New option in –wp-config to desctivar wp-cron.php
  • Improvements in the new function to disable wp-cron.php
  • Remove unsed libraries.
  • New file extensions to modify fingerprintingWordPress.
  • DISALLOW_UNFILTERED_HTML in wp-config-wphardening.php
  • chmod 0640 to the file wp-config-wphardening.php
  • FORCE_SSL_LOGIN and FORCE_SSL_ADMIN to the file wp-config-wphardening.php

Full Changelog: here

More Information:

Download WPHardening v1.3

Thanks to our friend Daniel Maldonado, for sharing this tool with us.

MaxiSoler

www.artssec.com @maxisoler
Top 10 Most Used MITRE ATT&CK Tactics & Techniques In 2020

Top 10 Most Used MITRE ATT&CK Tactics & Techniques In 2020

Top 10 Most Exploited Vulnerabilities in 2020

Top 10 Most Exploited Vulnerabilities in 2020

vFeed, Inc. Introduces Vulnerability Common Patch Format Feature

vFeed, Inc. Introduces Vulnerability Common Patch Format Feature

Efficiency of the Vulnerability Response With vFeed Intelligence

Efficiency of the Vulnerability Response With vFeed Intelligence

CVE In The Hook – Monthly Vulnerability Review (February 2020 Issue)

CVE In The Hook – Monthly Vulnerability Review (February 2020 Issue)

Fox Kitten -Iranian Espionage – leveraged 4 CVEs Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs

Fox Kitten -Iranian Espionage – leveraged 4 CVEs Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs