WPHardening - Fortify the Security Of Any WordPress Installation

WPHardening is a tool to fortify the security of a WordPress installation.

Installation

Installing WPHardening requires you to execute one console command:

  $ pip install -r requirements.txt  

Usage:

  $ python wphardening.py -h 

 __          _______  _    _               _            _
 \ \        / /  __ \| |  | |             | |          (_)
  \ \  /\  / /| |__) | |__| | __ _ _ __ __| | ___ _ __  _ _ __   __ _
   \ \/  \/ / |  ___/|  __  |/ _` | '__/ _` |/ _ \ '_ \| | '_ \ / _` |
    \  /\  /  | |    | |  | | (_| | | | (_| |  __/ | | | | | | | (_| |
     \/  \/   |_|    |_|  |_|\__,_|_|  \__,_|\___|_| |_|_|_| |_|\__, |
                                                                 __/ |
        Fortify the security of any WordPress installation.     |___/

     Caceria de Spammers - http://ift.tt/2lJYmEG

Usage: python wphardening.py [options]

Options:
  --version             show program's version number and exit
  -h, --help            show this help message and exit
  -v, --verbose         Active verbose mode output results
  --update              Check for WPHardening latest stable version

  Target:
    This option must be specified to modify the package WordPress.

    -d DIRECTORY, --dir=DIRECTORY
                        **REQUIRED** - Working Directory.
    --load-conf=FILE    Load file configuration.

  Hardening:
    Different tools to hardening WordPress.

    -c, --chmod         Chmod 755 in directory and 644 in files.
    -r, --remove        Remove files and directory.
    -b, --robots        Create file robots.txt
    -f, --fingerprinting
                        Deleted fingerprinting WordPress.
    -t, --timthumb      Find the library TimThumb.
    --chown=user:group  Changing file and directory owner.
    --wp-config         Wizard generated wp-config.php
    --plugins           Download Plugins Security.
    --proxy=PROXY       Use a HTTP proxy to connect to the target url for
                        --plugins and --wp-config.
    --indexes           It deny you to display the contents of directories.
    --minify            Compressing static file .css and .js
    --malware-scan      Malware Scan in WordPress project.
    --6g-firewall       6G Firewall.
    --rest-api          Disable REST API.

  Miscellaneous:
    -o FILE, --output=FILE
                        Write log report to FILE.log

Examples:

• Check a WordPress Project

Before using the tool, we must ensure that our working directory is WordPress.

  $ python wphardening.py -d /home/path/to/wordpress -v  

• Change permissions

This option is to add the correct permissions to files and directories.

  $ python wphardening.py -d /home/path/to/wordpress --chmod -v  

• Remove files that are not used

Part of the fortification of any system is to remove those files, directories or components required.

  $ python wphardening.py -d /home/path/to/wordpress --remove -v  

• Create your robots.txt file

WordPress default does not incorporate the robots.txt file with this option poemos customize our robots.txt

  $ python wphardening.py -d /home/path/to/wordpress --robots -v  

• Remove all fingerprinting and Version

  $ python wphardening.py -d /home/path/to/wordpress --fingerprinting -v  

• Check a TimThumb library

  $ python wphardening.py -d /home/path/to/wordpress --timthumb -v  

• Create Index file

This file is created as a way to avoid sailing in a directory.

  $ python wphardening.py -d /home/path/to/wordpress --indexes -v  

• Download Plugins security

The following is a list of the most commonly used security plugins that you can download automatically:

• AntiVirus
• Bad Behavior
• Block Bad Queries
• Exploit Scanner
• Latch
• NinjaFirewall
• Simple History
• Stream
• WP Security Scan
• WP-DBManager
• WPS Hide Login

  $ python wphardening.py -d /home/path/to/wordpress --plugins  

• Wizard generated wp-config.php

This command automatically creates a file called wp-config-wphardening.php which can then rename it.

  $ python wphardening.py -d /home/path/to/wordpress --wp-config  

• 6G Firewalls

  $ python wphardening.py -d /home/path/to/wordpress --6g-firewall  

• Disable REST API

  $ python wphardening.py -d /home/path/to/wordpress --rest-api  

• WPHardening update

With this option, you can always have the latest version of WPHardening.

  $ python wphardening.py --update  

• Use all options

  $ python wphardening.py -d /home/path/to/wordpress -c -r -f -t --wp-config --indexes
--plugins --6g-firewall --rest-api -o /home/user/wphardening.log  

Download WPHardening

You might also like:

• WIBR (WiFi BruteForce) - Android App For Hackers
• 31 Best Sites To Receive SMS Online Without a Phone
• 11 Best Registry Hacks For Windows 7
• Router Brute Force - Android app For Hackers
• Hash Droid - A Tool To Calculate and Compare Hashes
• CrypticSMS - An Android Tool To Encrypt/Decrypt SMS
• Hash Decrypt - An Android Tool To Crack Hashes
• Cryptonite - A Local & Cloud Data Encryption Tool
• Radare2 - The Reverse Engineering Framework (Tool For Hackers)
• Drozer - Android Security Assessment Framework
• AppUse - Android Pentest Platform Unified Standalone Environment
• How To Fake Your GPS Location On Android
• 150+ Proxy Sites To Unblock Blocked Websites
• 10 Best Free GPS Spoofer Apps For Android
• Beginner's Guide To The Deep Web and The Dark Web
• How To Change (spoof) MAC Address on Android (3 Methods)
• Kali Linux NetHunter - Android Penetration Testing Platform
• Appie - Android Pentesting Portable Integrated Environment (Tool For Hackers)
• Can Hackers Be Heroes?

from Effect Hacking full article here