wp-scanner plugin

[...] To run wp-scanner, please download the wp-scanner activator plugin. Once downloaded, simply activate it launch the wp-scanner and then de-activate it once your done. More detailed installation instructions are available here. [...]

[...] hat BlogSecurity ein WordPress Plugin für den wp-scanner veröffentlicht. Seit einiger Zeit prüft der wp-scanner, ob sich im Quelltext [...]

Glad y’all got this put together. Sorry that I didn’t get around to doing it myself. :)

Geof, no problems :)

[...] neues Plugin von Philipp Heinze sorgt für diesen HTML-Kommentar, so dass man nicht mehr von Hand die [...]

Your instructions list above says “Launch wp-scanner and run your test” Those words are linked to a 404 and so I have no clue as to how I “launch” wp-scanner.
I have examined every possible part of the dashboard, and there is no mention of wp-scanner, except in the list of Plugins, naturally. And yes, I have activated it :)

Any ideas, suggestions, etc., most welcome….
I’m using WordPress 2.2.1

Michael, launch link has been fixed. If you have enabled the plugin, then try launch the scanner again. Thanks for pointing this out.

[...] Gleich testen mit dem WordPress-Sicherheitscheck. [...]

How about adding a link to the wp-scanner tool in the plugin description?

http://blogsecurity.net/wordpress/tools/wp-scanner/

Ciao!

Doctor, that is a great idea, we will look at this for the next release.

Am really glad that, there is now a focus on Security. To an outsider, and a very new user of the WP Platform, its an Excellent sign of Maturity.

Keep Up the Great Work!!!

I would be more then willing to donate some dollars every now and then to help with the update/further development of such a product.

Don

Hi,

wp-scanner is not able to pull the complete list of plugins out from my wordpress.

My website was hacked and I am almost sure it was because of a bad plugin.

Could you help? I didnt want to provide my website here … for obvious reasons.

@not working: if you contact us via the contact form we may be able to help you identify the hole.

Is the scan supposed to list all the plugins that are active? Because it only lists a few of my plugins.

[...] plug des plus intéressant : wp-scanner plugin permet de vérifier la sécurité de son install [...]

Wow, you guys have done a killer job with this. This is exactly something I have been looking for lately.

Great work!

I don’t know if I’m retarded or what. Plugin is installed and activated. No go. So I manually edited my themes index.php file trying each of the variations I found here , and . Mostly it just says blog not authorized, but I did get a couple server timeouts. Any ideas?

Same as Tyger mostly. Except nothing happens. Unless you count the code showing as is in the body of the page. Using WP 231.

I might add that the WP Upgrade Preflight Check plugin shows wp_scanner to have no problems.

It would be nice if wp_scanner would show up in the menu bar under options or something…

All the plugin does is add the into the index page. wp-scanner will check the index page for this comment.

We have had some cases where the plugin only adds the html comment into single posts. Hopefully, giving you insight into how it works will help you get on the right foot.

Hi guys. I have experienced the same problem as Tyger and Pif. After I have deleted the cached pages from wp-cache everything was fine with me.

[...] knowing the vulnerabilities on your own wordpress blog . I’ve found something interesting here , called wp-scanner . It works this simple [...]

[...] the wp-scanner activator plugin. برای اطلاعات بیشتر در مورد نصب نیز اینجا کلیک کنید اینجام می تونید این برنامه رو اجرا کنید. از [...]

I confirm Tyger/Pif/Guro’s problems. Deleting the cache helped. This occured _only_ after upgrade to 2.5.1… now it works…

I don’t have this plugin and I get the same yger/Pif/Guro’s problem. Also using 2.5.1

Nevermind, I’m blocking by ip address, forgot about that :-)

[...] you need to install a plugin (named “wp-scanner”) they offer and can be downloaded from here! Activate the plugin, scan your blog, then deactivate the plugin to prevent others scanning your [...]

I keep having timeout issues? Anyone else seeing this?

Hi!
I wanna try wp scanner. I have downloaded wp-scanner plugin and activated in plugin section. I can see code in font code but, when i launch scanner I only see

Blog not authorised, Please see the activator plugin for more instructions on how to enable wp-scanner.

Any idea?
Thanks!

[...] (más…) [...]

Strange, I’ve tested it just now and it works, please make sure that the required that is for sure within your HTML Sourcecode. Not sure what you mean with Font Code

I could not get the plugin to work even though it said it was activated (wordpress 2.6). I didn’t really understand the instructions: “please manually add the html comment into your theme’s index.php file”. I added “echo (”“);” to the wordpress root index.php and that helped. That’s probably what you meant in the first place but I’m fick.

echo (””);
but with only one !
(wish I hadn’t started now)

[...] activarlo únicamente cuando deseemos llevar a cabo una exploración de nuestro blog. El plugin es WP-Scanner, y podemos descargarlo desde la web de BlogSecurity. Una vez instalado, lo activamos y podremos [...]

[...] Перед проверкой необходимо установить специальный плагин – WP-scanner. [...]

[...] Aujourd’hui, je me penche à la sécurité du blog… faut bien. Je trouve wp-scanner sur blogsecurity.net. [...]

Thanks for tutorial, i hope know so much from you about hole in theme wordpress

Hi,

CGI (http://blogsecurity.net/cgi-bin/wp-scanner.cgi) answers “can not resolve hostname” when enter http://www.duretz.net/ or http://duretz.net/

Regards,

Laurent Duretz

“If the you are unable to get the scan working, please manually add the html comment into your theme’s index.php file.”

I think it has to be added to the header.php!?

I replace wpscanner with wp-scanner but the hostname resolution problem always occurs.

We’ve just corrected a dns problem on the blogsecurity server, hopefully that should sort the problem out.

It works !

But update this article to replace < -- wpscanner --> with

Error fixed, thanks, also sorting css problem.

[...] the Security Scanner plugin to check you’ve not left any opportunities for [...]

[...] WordPress Online Security Scanner – Сканируем блог на уязвимости http://blogsecurity.net/wordpress/news-140707/ [...]

[...] With WordPress Scanner, you can sleep easier at night knowing that your blog is safe from known and potential security vulnerabilities. WordPress Scanner is available as a web-based application, or as a WordPress plugin. [...]