New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wp sec checks : some no nonsense security checks combined together and reported in one go #21

Open

anantshri opened this issue Jan 19, 2017 · 0 comments

Labels

anantshri commented Jan 19, 2017 •

edited

Loading

I would love to have a wp-cli command to do security check automation.

multiple existing stuff could be added

wp core checksum-verify and Plugin / theme checksum verification #6 with it to cover themes and plugins also.
wp core/plugin/theme check-update to spot any new updated that are pending.

and additional wrappers could be added

use wpvulndb to check for vulnerabilities in existing plugins/ theme / core
Spot which plugin or theme is from wordpress.org and if its missing from listing. (listing 404 could mean discontinue / sec issue take down or more but effectively a red flag needs to be raised)
Look inside uploads folder for files which could cause problems including .php .aspx etc

I have a partial implementation some of these via my own badly written python and bash wrappers around wp-cli. refer: https://github.com/anantshri/wpvulndb_commandline/blob/master/wpscancli.py and https://github.com/anantshri/server_admin_scripts/blob/master/wp_integrity_watch/daily_check.sh

danielbachhuber added the state:unlikely label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment