Fortify the security of any WordPress installation.
Installation
Installing WPHardening requires you to execute one console command:
$ pip install -r requirements.txtUsage
$ python wphardening.py -h
__ _______ _ _ _ _
\ \ / / __ \| | | | | | (_)
\ \ /\ / /| |__) | |__| | __ _ _ __ __| | ___ _ __ _ _ __ __ _
\ \/ \/ / | ___/| __ |/ _` | '__/ _` |/ _ \ '_ \| | '_ \ / _` |
\ /\ / | | | | | | (_| | | | (_| | __/ | | | | | | | (_| |
\/ \/ |_| |_| |_|\__,_|_| \__,_|\___|_| |_|_|_| |_|\__, |
__/ |
Fortify the security of any WordPress installation. |___/
Sponsored by SYHUNT - http://www.syhunt.com
Usage: python wphardening.py [options]
Options:
--version show program's version number and exit
-h, --help show this help message and exit
-v, --verbose Active verbose mode output results
--update Check for WPHardening latest stable version
Target:
This option must be specified to modify the package WordPress.
-d DIRECTORY, --dir=DIRECTORY
**REQUIRED** - Working Directory.
--load-conf=FILE Load file configuration.
Hardening:
Different tools to hardening WordPress.
-c, --chmod Chmod 755 in directory and 644 in files.
-r, --remove Remove files and directory.
-b, --robots Create file robots.txt
-f, --fingerprinting
Deleted fingerprinting WordPress.
-t, --timthumb Find the library TimThumb.
--chown=user:group Changing file and directory owner.
--wp-config Wizard generated wp-config.php
--plugins Download Plugins Security.
--proxy=PROXY Use a HTTP proxy to connect to the target url for
--plugins and --wp-config.
--indexes It allows you to display the contents of directories.
--minify Compressing static file .css and .js
--malware-scan Malware Scan in WordPress project.
Miscellaneous:
-o FILE, --output=FILE
Write log report to FILE.log
Examples
Check a WordPress Project
Before using the tool, we must ensure that our working directory is WordPress.
$ python wphardening.py -d /home/path/to/wordpress -vChange permissions
This option is to add the correct permissions to files and directories.
$ python wphardening.py -d /home/path/to/wordpress --chmod -vRemove files that are not used
Part of the fortification of any system is to remove those files, directories or components required.
$ python wphardening.py -d /home/path/to/wordpress --remove -vCreate your robots.txt file
WordPress default does not incorporate the robots.txt file with this option poemos customize our robots.txt
$ python wphardening.py -d /home/path/to/wordpress --robots -vRemove all fingerprinting and Version
$ python wphardening.py -d /home/path/to/wordpress --fingerprinting -vCheck a TimThumb library
$ python wphardening.py -d /home/path/to/wordpress --timthumb -vCreate Index file
This file is created as a way to avoid sailing in a directory.
$ python wphardening.py -d /home/path/to/wordpress --indexes -vDownload Plugins security
The following is a list of the most commonly used security plugins that you can download automatically:
- AntiVirus
- Bad Behavior
- Block Bad Queries
- Exploit Scanner
- Latch
- Simple History
- Stream
- WP Security Scan
- WP-DBManager
$ python wphardening.py -d /home/path/to/wordpress --pluginsWizard generated wp-config.php
This command automatically creates a file called wp-config-wphardening.php which can then rename it.
$ python wphardening.py -d /home/path/to/wordpress --wp-configWPHardening update
With this option you can always have the latest version of WPHardening.
$ python wphardening.py --updateUse all options
$ python wphardening.py -d /home/path/to/wordpress -c -r -f -t --wp-config --indexes --plugins -o /home/user/wphardening.log