Looking for WordPress vulnerabilities with WPScan


After reading this article, I trust any WordPress website owners will immediately confirm that they have Jetpack Protect (or an alternative) installed and activated on their websites.

It's not an exaggeration to say that the sands are continually shifting in this area. If it hasn't already occurred to you, attackers may use the same tools that you use to defend your websites to cause damage.

If you are anything like me, you will find WPScan's findings fascinating. Hopefully, you will pay closer attention to security alerts when they are announced in the future and log into the WordPress dashboard more frequently to check for timely advisories from clever automated security plugins like Jetpack Protect.


  1. WordPress: https://wordpress.com
  2. PHP: https://www.php.net
  3. "How Attackers Slip Inside WordPress" by Chris Binnie, Linux Magazine, issue 275, October 2023, pp. 34-39
  4. WPScan: https://wpscan.com/wordpress-security-scanner
  5. Jetpack Protect: https://jetpack.com/protect
  6. Jetpack pricing: https://cloud.jetpack.com/pricing
  7. Ubuntu installation instructions: https://ubuntu.com/tutorials/install-and-configure-wordpress#1-overview
  8. Debian "bullseye" instructions: https://cloudinfrastructureservices.co.uk/install-wordpress-on-debian-10-11/
  9. Downloading WordPress: https://wordpress.org/latest.zip
  10. Installing with a Ruby gem: https://github.com/wpscanteam/wpscan/wiki/WPScan-User-Documentation
  11. Let's Encrypt: https://letsencrypt.org
  12. TimThumb: https://blog.sucuri.net/2019/08/timthumb-attacks-the-scale-of-legacy-malware-infections.html
  13. API Details: https://wpscan.com/api
  14. CVE Numbering Authority: https://www.cve.org/ProgramOrganization/CNAs
  15. Swagger: https://wpscan.com/docs/api/v3/
  16. "A Complete Guide on xmlrpc.php in WordPress" by Rachel McCollin, June 30, 2023: https://kinsta.com/blog/xmlrpc-php

The Author

Chris Binnie is a Cloud Native Security consultant and co-author of the book Cloud Native Security: https://www.amazon.com/Cloud-Native-Security-Chris-Binnie/dp/1119782236.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More