BlogSecurity have been discussing merging the wp-scanner project with GNUCITIZEN to provide a more comprehensive vulnerability scanning solution.
At the moment, the WordPress vulnerability scanning will be free, however, premium services will be available to scan your entire web server for known vulnerabilities. The premium service as it stands will allow you to scan mail services, web services and much more. This means we’ll be able to provide you with a more comprehensive vulnerability scanner then just your WordPress installation. We may have to charge a small fee for the premium service to cover bandwidth costs, but wp-scanner will remain free.
Nothing is set in stone at this time but we wanted to give you guys a chance to provide your ideas and feedback before finalising any plans. Aren’t we thoughtful? Speak now or forever hold your peace.
Comments
Keep in mind that a service like this could easily be abused. I’d guess that most cheapie-hosters wouldn’t want their clients probing their servers with a service like this. I guess that’s one advantage of charging a fee, to weed out crackers.
@Michael:
The last version is checking for a HTML comment inside the blog’s markup to determine if it’s allowed to be scanned or not. I think this is not a good idea - since a vulnerable blog’s markup can be changed (XSS, SQLi etc.) to enable the scanner and search for more. Best method imho is to check for a specific file in the webroot - like in Google Analytics or the webmaster tools.
I’d probably give it a try. You could even go the daily scanning route and bill monthly for it and make some cash from it.
[…] guys are going to love our new wp-scanner and blog security testing service! We’ll be adding loads more tests and support multiple blog types not just […]
-
Search site:
-
Additional WP Resources
