Fortify the security of any WordPress installation.
❮ NOTE ❯ This tool releases new versions on a regular basis. Make sure to update your dependencies frequently to get the latest version. Check out the changelog or CHANGELOG.md to learn about the new features.
Installing WPHardening requires you to execute one console command:
$ pip install -r requirements.txt
$ python wphardening.py -h
__ _______ _ _ _ _
\ \ / / __ \| | | | | | (_)
\ \ /\ / /| |__) | |__| | __ _ _ __ __| | ___ _ __ _ _ __ __ _
\ \/ \/ / | ___/| __ |/ _` | '__/ _` |/ _ \ '_ \| | '_ \ / _` |
\ /\ / | | | | | | (_| | | | (_| | __/ | | | | | | | (_| |
\/ \/ |_| |_| |_|\__,_|_| \__,_|\___|_| |_|_|_| |_|\__, |
__/ |
Fortify the security of any WordPress installation. |___/
Caceria de Spammers - http://www.caceriadespammers.com.ar
Usage: python wphardening.py [options]
Options:
--version show program's version number and exit
-h, --help show this help message and exit
-v, --verbose Active verbose mode output results
--update Check for WPHardening latest stable version
Target:
This option must be specified to modify the package WordPress.
-d DIRECTORY, --dir=DIRECTORY
**REQUIRED** - Working Directory.
--load-conf=FILE Load file configuration.
Hardening:
Different tools to hardening WordPress.
-c, --chmod Chmod 755 in directory and 644 in files.
-r, --remove Remove files and directory.
-b, --robots Create file robots.txt
-f, --fingerprinting
Deleted fingerprinting WordPress.
-t, --timthumb Find the library TimThumb.
--chown=user:group Changing file and directory owner.
--wp-config Wizard generated wp-config.php
--plugins Download Plugins Security.
--proxy=PROXY Use a HTTP proxy to connect to the target url for
--plugins and --wp-config.
--indexes It deny you to display the contents of directories.
--minify Compressing static file .css and .js
--malware-scan Malware Scan in WordPress project.
--6g-firewall 6G Firewall.
--rest-api Disable REST API.
Miscellaneous:
-o FILE, --output=FILE
Write log report to FILE.log
Before using the tool, we must ensure that our working directory is WordPress.
$ python wphardening.py -d /home/path/to/wordpress -v
This option is to add the correct permissions to files and directories.
$ python wphardening.py -d /home/path/to/wordpress --chmod -v
Part of the fortification of any system is to remove those files, directories or components required.
$ python wphardening.py -d /home/path/to/wordpress --remove -v
WordPress default does not incorporate the robots.txt file with this option poemos customize our robots.txt
$ python wphardening.py -d /home/path/to/wordpress --robots -v
For more information robots.txt
$ python wphardening.py -d /home/path/to/wordpress --fingerprinting -v
$ python wphardening.py -d /home/path/to/wordpress --timthumb -v
This file is created as a way to avoid sailing in a directory.
$ python wphardening.py -d /home/path/to/wordpress --indexes -v
The following is a list of the most commonly used security plugins that you can download automatically:
- AntiVirus
- Bad Behavior
- Block Bad Queries
- Exploit Scanner
- Latch
- NinjaFirewall
- Simple History
- Stream
- WP Security Scan
- WP-DBManager
- WPS Hide Login
$ python wphardening.py -d /home/path/to/wordpress --plugins
This command automatically creates a file called wp-config-wphardening.php which can then rename it.
$ python wphardening.py -d /home/path/to/wordpress --wp-config
$ python wphardening.py -d /home/path/to/wordpress --6g-firewall
$ python wphardening.py -d /home/path/to/wordpress --rest-api
With this option you can always have the latest version of WPHardening.
$ python wphardening.py --update
$ python wphardening.py -d /home/path/to/wordpress -c -r -f -t --wp-config --indexes --plugins --6g-firewall --rest-api -o /home/user/wphardening.log