When developing a WordPress site for a customer, it’s important that you deliver on design, functionality and that you follow through with various requirements made by the customer. But it’s also important to have some knowledge about the security of the product, that you deliver to your customer. It’s something that most clients does not take into consideration, when ordering a website. You can, with some knowledge about WordPress Security and a few basic tools, do a very good job at securing your wordpress sites before you deliver them to your customers. By doing this, you ensure that:
- You hold some sort of moral responsibility
- You deliver a solid product
- You further security in IT, which is also a positive
- You do your client good, which is always positive in any business
Where do i start?
Note: You might be using Virtualbox, Vagarant, Docker or another technology to manage your development environments. You will need to ensure that the scanning environment, which we will be setting up, can reach the WordPress site. This is usually not a problem, but you might be forced to open a few ports. This is very dependent on your current setup and what variations it might contain. That’s why we assume the following in this article:
- That your WordPress Development Environment is accessible via the internet or a local connection (Not sandboxed)
Installing and setting up Wpscan in Virtualbox
We will be using Virtualbox to virtualize Ubuntu Server 16.04, which we will use to scan our WordPress Development environment.
- Start by downloading the latest version of Virtualbox at https://www.virtualbox.org/
At the time of writing, version 5.1 is the latest version.
- Install Virtualbox, follow the prompts:
- Download Ubuntu Server 16.04.01 LTS
- Set up Ubuntu Server 16.04.01 LTS in Virtualbox, by following these prompts