WordPress VAPT And Fixation Techniques

WordPress Vulnerabilities, Fixations, and Tools

Tool Used for Scan: WPScan

Plugins Used for Fixation: BulletProof Security, Wordfence, Anti-WPScan

1. Full Path Disclosure

Many websites running WordPress are exposing the internal path (full path) where the PHP files are installed whenever they display a PHP error message. This information can be leveraged by attackers to perform further exploits such as path traversal or local file inclusion.

Fix:

• In php.ini file:
  display_errors = off
• In .htaccess file:
  php_flag display_errors off

Recommended Plugin: BulletProof Security

2. File Editing Enabled

By default, WordPress allows administrators to edit plugin and theme files directly from the dashboard. If an attacker gains access to the admin panel, they can exploit this feature to inject malicious code.

Fix:

define('DISALLOW_FILE_EDIT', true);

Add this line in wp-config.php to disable file editing.

3. WordPress Readme File Disclosure

Whenever WordPress is installed or updated, a file called readme.html is included in the root directory. This file often discloses the WordPress version, which can help attackers in identifying known vulnerabilities to exploit.

Fix: Remove or restrict access to readme.html in the root directory.

4. Directory Browsing Enabled

If directory listing is turned on, the server may display a list of files within a folder. This could expose sensitive files to the public and increase the attack surface.

Fix: In .htaccess file, add:

Options All -Indexes

5. WordPress User Enumeration

Attackers can use automated scripts to enumerate WordPress usernames and then launch brute force attacks to crack passwords.

Fix: Enable basic HTTP authentication on the wp-admin directory and use .htpasswd file for user verification:

# Stop WordPress username enumeration vulnerability
AuthType Basic
AuthUserFile /srv/auth/.htpasswd
AuthName "WordPress Authenticated Area"
Require valid-user

Recommended Plugin: Wordfence / Stop User Enumeration

6. BbPress Plugin Vulnerability (Input Path Disclosure & SQL Injection)

The BbPress plugin can be vulnerable to SQL injection if user input is not properly validated and escaped. This could allow attackers to inject malicious SQL queries directly into the database.

Fix: Use security plugins such as BulletProof Security and always update BbPress to the latest version.

7. Outdated Plugins

Plugins that are not updated regularly can contain unpatched vulnerabilities, giving attackers an easy entry point.

Fix: Enable automatic plugin updates by adding this code to wp-config.php:

add_filter( 'auto_update_plugin', '__return_true' );

8. WordPress Version Disclosure

Disclosing the WordPress version (via readme.html or meta tags) makes it easier for attackers to identify and exploit known vulnerabilities.

Fix:

• Remove readme.html from the root directory
• Use the Anti-WPScan plugin to hide version details

Conclusion

Securing your WordPress website involves disabling unnecessary features, hiding sensitive information, and keeping plugins/themes updated. Tools like WPScan help identify vulnerabilities, while plugins like BulletProof Security, Wordfence, and Anti-WPScan can help strengthen defenses against common exploits.