New WPScan Vulnerability Webhooks

We have just launched a new feature on our WordPress Vulnerability Database that will allow Enterprise API users to configure a Webhook that will be triggered every time a new vulnerability is added to our database.

This has been a much requested feature by our Enterprise users and we are happy to be able to supply a solution.


Old WPScan Deprecation on February 1st

We released WPScan 3.7.0 on September 13th 2019, which uses the WPVulnDB API to fetch vulnerability data in real time. On February 1st 2020, we will be deprecating the use of older versions of WPScan, prior to version 3.7.0.

Anyone using WPScan that is at a version lesser than 3.7.0 will have to update to at least version 3.7.0, or above, before February 1st 2020.


WPScan CLI Cheat Sheet Poster

day we are releasing three different posters related to WPScan and WordPress security. Hopefully you find them useful enough and beautiful enough to hang on your wall.More

WordPress 5.2.4 Security Release Breakdown

Yesterday, October 14th 2019, WordPress released version 5.2.4 as a security release. According to WordPress, WordPress version 5.2.4 fixes 6 security issues.


Hack the Planet

WPScan started as a simple Ruby script in 2011 to help identify vulnerabilities in self-hosted WordPress websites. The simple script matured into a large software project and gained popularity amongst the security and WordPress communities.

For many years we did not think of WPScan as a business, but since last year we decided that to make WPScan self sustainable it needed to generate income to be able to pay for all the things it needs to maintain itself and to grow.


WPScan Brute Force

Password brute forcing is a common attack that hackers have used in the past against WordPress sites at scale. In 2017 Wordfence documented a huge password brute force attack, which saw 14.1 million attacks per hour at its peak.

Attackers are looking for users, preferably administrators, with weak passwords to be able to login to WordPress and compromise the site. Depending on the compromised user role, once logged in, the attacker could escalate privileges by attacking other users, embed malicious code into the site or compromise the entire server.