[New Tool] WPHardening v1.3 Released

[New Tool] WPHardening v1.3 Released

WPHardening is a security tool for WordPress. Different tools to hardening WordPress.

 

Usage
$ python wphardening.py -h 
Options:
 --version show program's version number and exit
 -h, --help show this help message and exit
 -v, --verbose Active verbose mode output results
 --update Check for WPHardening latest stable version
Target:
 This option must be specified to modify the package WordPress.
-d DIRECTORY, --dir=DIRECTORY
 **REQUIRED** - Working Directory.
Hardening:
 Different tools to hardening WordPress.
-c, --chmod Chmod 755 in directory and 644 in files.
 -r, --remove Remove files and directory.
 -b, --robots Create file robots.txt
 -f, --fingerprinting
 Deleted fingerprinting WordPress.
 -t, --timthumb Find the library TimThumb.
 --wp-config Wizard generated wp-config.php
 --delete-version Deleted version WordPress.
 --plugins Download Plugins Security.
 --proxy=PROXY Use a HTTP proxy to connect to the target url for
 --plugins and --wp-config.
 --indexes It allows you to display the contents of directories.
Miscellaneous:
 -o FILE, --output=FILE
 Write log report to FILE.log

Changelog v1.3 (2014-07-31)

  • Change function wp_admin_css().
  • Improved wordpress.fuzz.txt list.
  • Handle the error when no Internet connection detected pluginsWordPress.py
  • Handle the error when no Internet connection detected wpconfigWordPress.py
  • Latch recommended plugin.
  • Rename variable names.
  • Improving detection of WordPress projects.
  • Add auto-update core.
  • Add a library to find timthumb.php
  • Updated of PEP8 in the file wpconfigWordPress.py
  • Updated of PEP8 in the file pluginsWordPress.py
  • Full functionality with verbose mode.
  • WPHardening compatible with WordPress 3.9, 3.9.1 and 3.9.2

 

Changelog v1.2 (2014-03-16)

  • New option in –wp-config to desctivar wp-cron.php
  • Improvements in the new function to disable wp-cron.php
  • Remove unsed libraries.
  • New file extensions to modify fingerprintingWordPress.
  • DISALLOW_UNFILTERED_HTML in wp-config-wphardening.php
  • chmod 0640 to the file wp-config-wphardening.php
  • FORCE_SSL_LOGIN and FORCE_SSL_ADMIN to the file wp-config-wphardening.php

Full Changelog: here

More Information:

Download WPHardening v1.3

Thanks to our friend Daniel Maldonado, for sharing this tool with us.

MaxiSoler

www.artssec.com @maxisoler
Black Hat Arsenal 2024 Next Stop Singapore !

Black Hat Arsenal 2024 Next Stop Singapore !

ToolsWatch Armory at GISEC 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

ToolsWatch Armory at GISEC 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community

Top 10 Most Used MITRE ATT&CK Tactics & Techniques In 2020

Top 10 Most Used MITRE ATT&CK Tactics & Techniques In 2020

Top 10 Most Exploited Vulnerabilities in 2020

Top 10 Most Exploited Vulnerabilities in 2020