forked from andrewjkerr/security-cheatsheets
-
Notifications
You must be signed in to change notification settings - Fork 255
/
wpHardening
83 lines (60 loc) · 2.63 KB
/
wpHardening
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
#WPHardening CheatSheet
#Jason Soto <www.jsitech.com>
#WPHardening is a Security Fortification tool for Wordpress
#Clone WPHardening Repo
$ git clone https://github.com/elcodigok/wphardening
#Usage
$ python wphardening -d /path/to/wordpress [options]
#Options
--version show program's version number and exit
-h, --help show this help message and exit
-v, --verbose Active verbose mode output results
--update Check for WPHardening latest stable version
Target:
This option must be specified to modify the package WordPress.
-d DIRECTORY, --dir=DIRECTORY
**REQUIRED** - Working Directory.
--load-conf=FILE Load file configuration.
Hardening:
Different tools to hardening WordPress.
-c, --chmod Chmod 755 in directory and 644 in files.
-r, --remove Remove files and directory.
-b, --robots Create file robots.txt
-f, --fingerprinting
Deleted fingerprinting WordPress.
-t, --timthumb Find the library TimThumb.
--wp-config Wizard generated wp-config.php
--delete-version Deleted version WordPress.
--plugins Download Plugins Security.
--proxy=PROXY Use a HTTP proxy to connect to the target url for
--plugins and --wp-config.
--indexes It allows you to display the contents of directories.
--malware-scan Malware Scan in WordPress project.
Miscellaneous:
-o FILE, --output=FILE
Write log report to FILE.log
#Examples
#Check a WordPress Project
$ python wphardening.py -d /path/to/wordpress -v
#Change permissions
$ python wphardening.py -d /path/to/wordpress --chmod -v
#Remove files that are not in use
$ python wphardening.py -d /path/to/wordpress --remove -v
#Create your robots.txt file
$ python wphardening.py -d /path/to/wordpress --robots -v
#Remove all fingerprinting
$ python wphardening.py -d /path/to/wordpress --fingerprinting -v
#Check for TimThumb library
$ python wphardening.py -d /path/to/wordpress --timthumb -v
#Create Index files
$ python wphardening.py -d /path/to/wordpress --indexes -v
#Download Security Plugins
$ python wphardening.py -d /path/to/wordpress --plugins
#Wizard generated wp-config.php
$ python wphardening.py -d /path/to/wordpress --wp-config
#Deleted version WordPress
$ python wphardening.py -d /path/to/wordpress --delete-version -v
#WPHardening update
$ python wphardening.py --update
#Use all options
$ python wphardening.py -d /home/user/wordpress -c -r -f -t --wp-config --delete-version --indexes --plugins -o /home/user/wphardening.log