WordPress Plugin Scanner WP-CLI
Alicia: Hello everybody, welcome back! My name is Alicia Kay, and here we have Gil Vidals, the CEO of HIPAA Vault, which is an MSSP specializing in HIPAA compliant cloud solutions. So recently we started a series on WordPress, and last week we went into a little bit of depth on plugins, and we talked about how to make sure the plugins are up to date, and I know this week you wanted to talk about plugins a little bit more and how to keep them secure. So what exactly did you want to talk about regarding plugin security?
Gil: As a quick recap, plugins are what add the functionality to a WordPress site, there’s plugins for all sorts of really neat functionality. However, vulnerabilities can creep in there, the bad guys can get in through vulnerable plugins, so I recommend a tool called WP-CLI, WordPress Command Line Interface, and this tool is pretty powerful. Essentially, you run it by typing in WP-CLI and then the web address of the WordPress website, and then it’ll respond with problems, if it finds any, like an old plugin it’ll say “This plugin is old, it has this vulnerability”, and it might say the version of PHP you’re running is old, it needs to be upgraded. So it’ll give suggestions, it’s a very good tool.
Alicia: Okay, so you can enter a website and it’ll tell you, it’ll highlight basically the plugins that are out of date and does it tell you how to fix them or just tells you what the problem is?
Gil: Good question, it doesn’t tell you how to fix it, but you can still run the report, your developers, the engineers, can Google the problem, and then find the solution and apply it. But even, what I recommend even if you’re not technical, at least run the report. You can tell if there’s a problem, and then even if you’re not understanding it you can submit it to your development team and say “Hey look guys what’s going on here how come this isn’t fixed?”
Alicia: Okay awesome, thank you so much, is there anything else you wanted to add about plugins?
Gil: No, other than just it’s a good tool. I’m not suggesting it’s the only tool, but it’s a very good tool, I think it should be in your tool chest of useful tools that you can use for security.
Alicia: Okay awesome, thank you!
Gil: Thank you.