ideas icon indicating copy to clipboard operation
ideas copied to clipboard
verified publisher icon wp-cli

wp sec checks : some no nonsense security checks combined together and reported in one go

Open anantshri opened this issue 8 years ago • 0 comments

I would love to have a wp-cli command to do security check automation.

multiple existing stuff could be added

  1. wp core checksum-verify and #6 with it to cover themes and plugins also.
  2. wp core/plugin/theme check-update to spot any new updated that are pending.

and additional wrappers could be added

  1. use wpvulndb to check for vulnerabilities in existing plugins/ theme / core
  2. Spot which plugin or theme is from wordpress.org and if its missing from listing. (listing 404 could mean discontinue / sec issue take down or more but effectively a red flag needs to be raised)
  3. Look inside uploads folder for files which could cause problems including .php .aspx etc

I have a partial implementation some of these via my own badly written python and bash wrappers around wp-cli. refer: https://github.com/anantshri/wpvulndb_commandline/blob/master/wpscancli.py and https://github.com/anantshri/server_admin_scripts/blob/master/wp_integrity_watch/daily_check.sh

anantshri avatar Jan 19 '17 14:01 anantshri