Enhancing WordPress Website Security: Automate Wpscan and Receive Instant Alerts for New Vulnerabilities
Keeping WordPress websites secure is crucial in today’s digital landscape where cyber threats are prevalent. Manual vulnerability assessments can be time-consuming and prone to human error, making automation an invaluable solution. In this blog post, I will show you how I automated vulnerability assessment for WordPress web pages using the Wpscan tool. The goal is to automatically scan specific web pages every day and receive push notifications on my phone in case new vulnerabilities are found. By automating this process, I can efficiently manage my clients websites, ensuring that they regularly update their plugins and promptly addressing any security risks.
Below is the script I created, along with a description of its functionality:
- The script begins by setting several variables.
- In line 13, an update of Wpscan is performed to ensure that the tool is always up to date.
- Subsequently, in line 16, the script executes Wpscan and stores the results in the “results.txt” file.
- The script then searches for lines containing the text “The version is out of date” in this file and stores them in the “report.txt” file.
- In the event of a new vulnerability, an alert is sent through a push notification, as seen in lines 35–39. For push notifications, I utilize the free service Pushover.
- Lastly, I created a log file to store the dates of the performed scans and whether any vulnerabilities were found on specific days.
- To run this script every day, I set up a cron job.
This simple script significantly simplifies my daily routine by eliminating the need to manually run Wpscan for each client every day and ensuring that all plugins are up to date.
