Skip to main content

wpscan

wpscan is a WordPress security scanner integrated into Canva workflows, designed to identify security issues in WordPress installations. Its primary purpose is to automate the discovery and vulnerability assessment phases of security assessments involving WordPress sites.

Ideal Use Cases & Fit

This tool excels in scenarios where organizations need to assess the security posture of WordPress sites, such as during routine vulnerability assessments or prior to content management system (CMS) migrations. Typical inputs for wpscan include a list of URLs targeting WordPress installations. It effectively uncovers vulnerabilities in plugins and themes, aiding in prioritizing remediation efforts. However, it may not be suitable for non-WordPress sites or for environments prioritizing stealth over thoroughness.

Value in Workflows

wpscan adds significant value to security workflows by providing automated reconnaissance capabilities against WordPress installations. Its integration allows teams to incorporate security scanning as a standardized step in their assessment processes, improving efficiency and thoroughness. Typically situated at the early reconnaissance stage, it supports both proactive and reactive security measures, helping organizations stay ahead of potential vulnerabilities.

Input Data

wpscan requires a list of URLs as input, formatted as a plaintext file. This data is used to specify the target WordPress installations for scanning.

Example:

https://example1.com
https://example2.com

Configuration

  • format: Specifies the output format of the scan results (options include json, cli-no-color).
  • no-update: Controls whether the tool will skip updating WPScan before execution.
  • enumerate: Determines the enumeration options for vulnerabilities and other elements, allowing customized scanning depth.
  • api-token: An optional WPScan API token to display additional vulnerability data aggregated from WPScan's database.
  • detection-mode: Allows selection between mixed, passive, or aggressive detection modes to tailor scanning strategies.
  • plugins-detection: Defines the mode for plugin detection, adjusting the scanning approach.
  • proxy: Configures a proxy protocol and address for routing requests.
  • request-timeout: Sets the timeout duration for web requests, controlling how long the scanner waits for a response.
  • disable-tls-checks: Option to skip SSL/TLS certificate verification during the scanning process.
  • random-user-agent: When enabled, this option uses a different user agent for every request, enhancing stealth.
  • force: Bypasses initial WordPress checks and 403 detection, potentially speeding up scans.
  • stealthy: Activates stealth mode, mixing usage of random user agents and passive detection methods.
  • throttle: Specifies the delay between requests in milliseconds, controlling the scanning pace.
  • verbose: Enables detailed output for logging purposes during the scan.
  • max-threads: Sets the maximum number of concurrent threads to utilize during the scanning process. Updated: 2026-02-10