For those of you interested in keeping your WordPress site as secure as possible, BlogSecurity has written a WordPress security checking tool called WP Scanner to check your blog for common security weaknesses. The tool is actually a web-based program that runs at their site, but you need the WP-Scanner Activator plugin to verify that you are the owner of the blog you’re scanning. This is a plugin that you want to install, but keep deactivated except for when you’re actually using it, because with it activated, anyone can scan your site for vulnerabilities, and that would not be a good thing for the wrong eyeballs!
Here’s what you do:
- Download the wp-scanner activator plugin. Install and activate it on your site. (Plugin installation instructions here.)
- Run the scan here. Just enter your site’s URL (make sure you include the http:// at the beginning), type the security code and click the ‘Start Scan’ button.
The objective here is to get a clean report, which means no output. If you get output, you’ve got issues to address. But hey – at least you know what issues now. If you need assistance interpreting the scan results, don’t hesitate to contact me.