WPHardening 1.5 - Fortify the security of any WordPress installation

Monday, September 21, 2015


Fortify the security of any WordPress installation.

Installation

Installing WPHardening requires you to execute one console command:
$ pip install -r requirements.txt

Usage
$ python wphardening.py -h 

 __          _______  _    _               _            _
 \ \        / /  __ \| |  | |             | |          (_)
  \ \  /\  / /| |__) | |__| | __ _ _ __ __| | ___ _ __  _ _ __   __ _
   \ \/  \/ / |  ___/|  __  |/ _` | '__/ _` |/ _ \ '_ \| | '_ \ / _` |
    \  /\  /  | |    | |  | | (_| | | | (_| |  __/ | | | | | | | (_| |
     \/  \/   |_|    |_|  |_|\__,_|_|  \__,_|\___|_| |_|_|_| |_|\__, |
                                                                 __/ |
        Fortify the security of any WordPress installation.     |___/

           Sponsored by SYHUNT - http://www.syhunt.com

Usage: python wphardening.py [options]

Options:
  --version             show program's version number and exit
  -h, --help            show this help message and exit
  -v, --verbose         Active verbose mode output results
  --update              Check for WPHardening latest stable version

  Target:
    This option must be specified to modify the package WordPress.

    -d DIRECTORY, --dir=DIRECTORY
                        **REQUIRED** - Working Directory.
    --load-conf=FILE    Load file configuration.

  Hardening:
    Different tools to hardening WordPress.

    -c, --chmod         Chmod 755 in directory and 644 in files.
    -r, --remove        Remove files and directory.
    -b, --robots        Create file robots.txt
    -f, --fingerprinting
                        Deleted fingerprinting WordPress.
    -t, --timthumb      Find the library TimThumb.
    --chown=user:group  Changing file and directory owner.
    --wp-config         Wizard generated wp-config.php
    --plugins           Download Plugins Security.
    --proxy=PROXY       Use a HTTP proxy to connect to the target url for
                        --plugins and --wp-config.
    --indexes           It allows you to display the contents of directories.
    --minify            Compressing static file .css and .js
    --malware-scan      Malware Scan in WordPress project.

  Miscellaneous:
    -o FILE, --output=FILE
                        Write log report to FILE.log

Examples

Check a WordPress Project
Before using the tool, we must ensure that our working directory is WordPress.
$ python wphardening.py -d /home/path/to/wordpress -v

Change permissions
This option is to add the correct permissions to files and directories.
$ python wphardening.py -d /home/path/to/wordpress --chmod -v

Remove files that are not used
Part of the fortification of any system is to remove those files, directories or components required.
$ python wphardening.py -d /home/path/to/wordpress --remove -v

Create your robots.txt file
WordPress default does not incorporate the robots.txt file with this option poemos customize our robots.txt
$ python wphardening.py -d /home/path/to/wordpress --robots -v
For more information robots.txt

Remove all fingerprinting and Version
$ python wphardening.py -d /home/path/to/wordpress --fingerprinting -v

Check a TimThumb library
$ python wphardening.py -d /home/path/to/wordpress --timthumb -v

Create Index file
This file is created as a way to avoid sailing in a directory.
$ python wphardening.py -d /home/path/to/wordpress --indexes -v

Download Plugins security
The following is a list of the most commonly used security plugins that you can download automatically:
$ python wphardening.py -d /home/path/to/wordpress --plugins

Wizard generated wp-config.php
This command automatically creates a file called wp-config-wphardening.php which can then rename it.
$ python wphardening.py -d /home/path/to/wordpress --wp-config

WPHardening update
With this option you can always have the latest version of WPHardening.
$ python wphardening.py --update

Use all options
$ python wphardening.py -d /home/path/to/wordpress -c -r -f -t --wp-config --indexes --plugins -o /home/user/wphardening.log




Subscribe via e-mail for updates!