PHP Classes

WordPress Vulnerability Scanner: Scan and fix known WordPress vulnerabilities

Recommend this page to a friend!
  Info   View files Example   View files View files (5)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog    
Ratings Unique User Downloads Download Rankings
Not yet rated by the usersTotal: 69 All time: 10,250 This week: 82Up
Version License PHP version Categories
wordpressvulnerabili 1.0.0BSD License5PHP 5, Console, Security, Blogs
Description 

Author

This package can scan and fix known WordPress vulnerabilities.

It provides a modular solution to scan for known WordPress vulnerabilities that can be run from the command line shell using he PHP CLI version by having a main class calling separate vulnerability scanner classes.

The vulnerabilities that may be found can also be fixed by the handler classes that found them. The vulnerability fix step may be fixed in case it is necessary just to scan WordPress for known vulnerabilities without fixing them.

Additional vulnerability scanner classes can be provided later eventually by third-party developers. Such classes can be included in the scanning and fixing process by configuring them in the wordpress_vulnerabilities.json file.

Picture of Manuel Lemos
  Performance   Level  
Name: Manuel Lemos is available for providing paid consulting. Contact Manuel Lemos .
Classes: 45 packages by
Country: Portugal Portugal
Age: 55
All time rank: 1
Week rank: 2 Down1 in Portugal Portugal Equal

Example

<?php
   
/*
     * fix.php
     */


   
require('wordpress_vulnerabilities.php');

   
$options = (file_exists('options.php') ? include('options.php') : array());
   
$fix = new wordpress_vulnerabilities_class;

    if((
$success = $fix->Initialize($options)))
    {
        if((
$success = $fix->GetSupportedVulnerabilityChecks($checks)))
        {
           
$checked = $total_vulnerable = 0;
            foreach(
$checks as $name)
            {
                echo
'Checking "', $name, '"...',"\n";
                if(!(
$success = $fix->CheckVulnerability($name, $vulnerable)))
                    break;
                if(
$vulnerable)
                {
                    ++
$total_vulnerable;
                    echo
'Vulnerable to "', $name, '": Yes',"\n";
                    if(!(
$success = $fix->FixVulnerability($name, $fixed)))
                        break;
                    echo
'Fixing vulnerability "', $name, '": ', ($fixed ? 'Success' : 'Failed'),"\n";
                }
                ++
$checked;
            }
            echo
'Checked ', $checked, ' vulnerabilities, Vulnerable ', $total_vulnerable, ' .', "\n";
        }
       
$success = $fix->Finalize($success);
    }
    if(!
$success)
        echo
'Failed with error: ', $fix->error, "\n";


Details

WordPress Vulnerability Scanner

This package is a framework for finding and fixing vulnerabilities in a WordPress installation.

It was created as a means to be able find and fix vulnerabilities in WordPress without having to rely on WordPress plugins, as if a WordPress installation is infected with some kind of malware, the WordPress plugin may not even be accessible by the administrator.

The package can be run from the command line shell using the PHP CLI version.

There is a core class that can call add-on classes that are specialized in finding and fixing different types of vulnerabilities.

The fix.php script calls the main class to find and fix vulnerability.

The options.php configuration script defines an array that with option values that should include the WordPress database access credentials, a dry run option that when set to true allows to tell the main class to scan the WordPress installation to just tell if there are any vulnerabilities without fixing them.

Additional options may be passed per each type of vulnerability that was found, so the respective vulnerability handler class can use the configured values to fix the vulnerability.

The package may include additional vulnerability handler classes that can be provided eventually by third-party developers. Any additional vulnerability handler classes may be configured using the wordpress_vulnerabilities.json configuration file.

If you would like to contribute with additional vulnerability handler classes, please mail mlemos@acm.org to get contribution instructions.


  Files folder image Files  
File Role Description
Files folder imagevulnerabilities (1 directory)
Accessible without login Plain text file fix.php Example Example script
Accessible without login Plain text file README.md Doc. Documentation
Accessible without login Plain text file wordpress_vulnerabilities.json Data Auxiliary data
Plain text file wordpress_vulnerabilities.php Class Class source

  Files folder image Files  /  vulnerabilities  
File Role Description
Files folder imageadmarketlocation (1 file)

  Files folder image Files  /  vulnerabilities  /  admarketlocation  
File Role Description
  Plain text file wordpress_vulnerab...dmarketlocation.php Class Class source

 Version Control Unique User Downloads Download Rankings  
 100%
Total:69
This week:0
All time:10,250
This week:82Up