WPHardening - Fortify the Security Of Any WordPress Installation

WPHardening - Fortify the Security Of Any WordPress Installation

WPHardening is a tool to fortify the security of a WordPress installation.

Installation

Installing WPHardening requires you to execute one console command:
$ pip install -r requirements.txt

Usage:

$ python wphardening.py -h 

__ _______ _ _ _ _
\ \ / / __ \| | | | | | (_)
\ \ /\ / /| |__) | |__| | __ _ _ __ __| | ___ _ __ _ _ __ __ _
\ \/ \/ / | ___/| __ |/ _` | '__/ _` |/ _ \ '_ \| | '_ \ / _` |
\ /\ / | | | | | | (_| | | | (_| | __/ | | | | | | | (_| |
\/ \/ |_| |_| |_|\__,_|_| \__,_|\___|_| |_|_|_| |_|\__, |
__/ |
Fortify the security of any WordPress installation. |___/

Caceria de Spammers - http://www.caceriadespammers.com.ar

Usage: python wphardening.py [options]

Options:
--version show program's version number and exit
-h, --help show this help message and exit
-v, --verbose Active verbose mode output results
--update Check for WPHardening latest stable version

Target:
This option must be specified to modify the package WordPress.

-d DIRECTORY, --dir=DIRECTORY
**REQUIRED** - Working Directory.
--load-conf=FILE Load file configuration.

Hardening:
Different tools to hardening WordPress.

-c, --chmod Chmod 755 in directory and 644 in files.
-r, --remove Remove files and directory.
-b, --robots Create file robots.txt
-f, --fingerprinting
Deleted fingerprinting WordPress.
-t, --timthumb Find the library TimThumb.
--chown=user:group Changing file and directory owner.
--wp-config Wizard generated wp-config.php
--plugins Download Plugins Security.
--proxy=PROXY Use a HTTP proxy to connect to the target url for
--plugins and --wp-config.
--indexes It deny you to display the contents of directories.
--minify Compressing static file .css and .js
--malware-scan Malware Scan in WordPress project.
--6g-firewall 6G Firewall.
--rest-api Disable REST API.

Miscellaneous:
-o FILE, --output=FILE
Write log report to FILE.log

Examples:

  • Check a WordPress Project
Before using the tool, we must ensure that our working directory is WordPress.
$ python wphardening.py -d /home/path/to/wordpress -v

  • Change permissions
This option is to add the correct permissions to files and directories.
$ python wphardening.py -d /home/path/to/wordpress --chmod -v

  • Remove files that are not used
Part of the fortification of any system is to remove those files, directories or components required.
$ python wphardening.py -d /home/path/to/wordpress --remove -v

  • Create your robots.txt file
WordPress default does not incorporate the robots.txt file with this option poemos customize our robots.txt
$ python wphardening.py -d /home/path/to/wordpress --robots -v

  • Remove all fingerprinting and Version
$ python wphardening.py -d /home/path/to/wordpress --fingerprinting -v

  • Check a TimThumb library
$ python wphardening.py -d /home/path/to/wordpress --timthumb -v

  • Create Index file
This file is created as a way to avoid sailing in a directory.
$ python wphardening.py -d /home/path/to/wordpress --indexes -v

  • Download Plugins security
The following is a list of the most commonly used security plugins that you can download automatically:
  • AntiVirus
  • Bad Behavior
  • Block Bad Queries
  • Exploit Scanner
  • Latch
  • NinjaFirewall
  • Simple History
  • Stream
  • WP Security Scan
  • WP-DBManager
  • WPS Hide Login
$ python wphardening.py -d /home/path/to/wordpress --plugins

  • Wizard generated wp-config.php
This command automatically creates a file called wp-config-wphardening.php which can then rename it.
$ python wphardening.py -d /home/path/to/wordpress --wp-config

  • 6G Firewalls
$ python wphardening.py -d /home/path/to/wordpress --6g-firewall

  • Disable REST API
$ python wphardening.py -d /home/path/to/wordpress --rest-api

  • WPHardening update
With this option, you can always have the latest version of WPHardening.
$ python wphardening.py --update

  • Use all options
$ python wphardening.py -d /home/path/to/wordpress -c -r -f -t --wp-config --indexes
--plugins --6g-firewall --rest-api -o /home/user/wphardening.log




Source: www.effecthacking.com
WPHardening - Fortify the Security Of Any WordPress Installation WPHardening - Fortify the Security Of Any WordPress Installation Reviewed by Dump3R H3id3gg3R on 2:14 AM Rating: 5