Recently there have been a lot of brute force attacks on WordPress sites lately. I mentioned earlier in Securing Your WordPress Site a couple of plugins that can be useful to help prevent getting hacked. But what if you want to test to see what the vulnerabilities are on your WordPress site? Well there is a tool for that called WPScan.
WPScan is a program you can download and install, and using command lines it can scan any WordPress site you give it and list its vulnerabilities such as bad plugins, and open access issues. You can even set it to do brute force password attacks to try and see how easy it is to crack your site’s password. This is a very useful tool if you consider yourself an advanced WordPress admin, or just want to fill in some holes on your site.
This program is completely free, and the only drawback I have found with it is, that you have to run it on Linux. Of course if you have a computer running Ubuntu, that is pretty simple, and if not it is really easy to get one setup. If you are looking for ways to secure your WordPress site, WPScan is a good tool just to find out what you can do to make your future site hackers lives a little more difficult.