Yes, absolutely. And I’ll explain 3 reasons why you should always penetration test a WordPress site.
- WordPress sites may not have extensive functionality, but may hold information internally that an attacker would use to aid further attacks on an organization including names, email addresses, and in some case passwords that may be re-used across the organization. All of these items are breadcrumbs for an attacker and would assist in gaining information for later use. By penetration testing your WordPress site, you will identify the information that an attacker would have at his disposal and create a plan to remediate anything of concern.
- Companies frequently utilize these sites for their public web site and web presence. The last thing you want is an attacker taking it down or corrupting the database, which is a frequent occurrence when updates and plugins are not updated. WordPress has many protections including jetpack and backups, my best advice is always to utilize them. A penetration test will identify any out of date plugins or WordPress versions and provide recommendations for updating.
- If an attacker does gain access into the WordPress instance, a common occurrence is utilizing the web site for malware distribution. Attackers will look for easy targets to utilize as malware distribution points and WordPress is setup nicely in the eyes of an attacker for this purpose. Always make sure to review the functionality of the WordPress installation and disable as much as you can. Disabling comments permanently in the function.php file, and removing comment functionality completely is one tactic that can prevent malware distribution – however many companies rely on this functionality and this isn’t possible. However you can, always look to provide the least amount of functionality you can to lower the threat surface as much as possible. Any. plugins not being used, remove them. A penetration test on a WordPress site is a great way to determine if your site is vulnerable to any exploitable vulnerabilities that can be used by an attacker for malware upload.
Black Hat Pen-Test can perform penetration testing on your WordPress sites efficiently and reveal any vulnerabilities and security misconfigurations. Contact us today.