WordPress Penetration test

  • I have been making the case to move from Joomla/ModX to WordPress for my company’s main website rebuild. However they are extremely security conscious and have challenged me to build out a base WP installation along side the local (WAMP) built intranet and lock it down the best I can. They will then attack the installation with enterprise level penetration testing software. Such tools as kali.org have been named…

    I’m looking for any and all advice in how to fight back to prove WP a winner in secure CMS’s.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter BenRacicot

    (@benracicot)

    I have installed WP locally via WAMP and am finding a possible XSS vulnerability with ZAP. On pages with https://website/?page_id=4-2 on a local installation I’m getting the warning that the original page content is modified with this 4-2 parameter. Any insight from WP devs would be great! Thanks.

    Thread Starter BenRacicot

    (@benracicot)

    It seems that when permalinks are set to Day and name and cookies are not hardened with httponly a possible XSS vulnerability may exist where content may be manipulated via 4-2 parameter in the URL.

    *ZAP reports that content on a page has been changed from the original when a 4-2 parameter is placed in the URL.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘WordPress Penetration test’ is closed to new replies.