Have you ever wondered how many percentage of the whole internet is built with Wordpress ? 5% ? 10 % ? It is hard to find a proper number because of how deep the internet is, but we can approximate it : Between 30% and 40% ! The more popular a framework/application/OS is, the more attractive it is to attackers. Moreover, Wordpress became more and more complex and modular (with an increasing variety of plugins) which means the attack surface is getting wider.

So, obviously, Wordpress has become a prime target. If you take a look at a security vulnerability database, you will quickly understand how active the “security battle” is :

Security through obscurity

The main purpose of this article is not to make an exhaustive list of security actions you can take to secure your Wordpress website. You can take a look at this official Wordpress article to harden your Wordpress website : https://wordpress.org/support/article/hardening-wordpress/

If an attacker is interessed in your website, the first reflex is to learn everything about it (version of framework, web server, operating system …) in order to have a technical map overview. He has no interest in wasting his time finding vulnerabilties by himself and his first step would be to find CVEs matching the technical map.

There are several ways to find a Wordpress version of a website. Here are 2 examples :

Find by Meta Generator Tag

SEO gurus would tell you how important meta tags was (yeah, not anymore) and how important it is to fit them all (false). After a fresh install of Wordpress, you will have several meta tags values. The one we are interested to is “generator”.

<meta name="generator" content="WordPress 5.8.3" />

You can also find this meta tag at the RSS URI website.com/feed/

Find by Included Version

If you have access to website.com/wp-admin/, you can also find the Wordpress version with the included version of css files :

<link rel='stylesheet' id='install-css'  href='https://www.website.com/wp-admin/css/install.min.css?ver=5.8.3' type='text/css' media='all' />

Automate the search

To finish, here is an example of a simple scanner that parses the source looking for these 2 ways to find the Wordpress version :

url = "https://www.yourwebsite.com"

def url_exist(url_to_test):
    if requests.get(url_to_test).status_code == 200:
        return True
    return False

def findall_regex(regex, url_to_test):
    matches = re.findall(regex, url_to_test.content.decode("utf-8"), re.MULTILINE)
    if matches:
        return matches[0] 
    return "Undefined"

def search_by_meta_generator(request):
    regex = r"<meta.*?name=\"generator\".*?content=\"WordPress (\*|\d+(?:\.\d+){0,2}(?:\.\*)?)"
    return findall_regex(regex, request)

def search_by_included_version():
    install_url = url+'/wp-admin/install.php'
    if url_exist(install_url):
        regex = r"wp-admin\/css\/install\.min\.css\?ver\=(\*|\d+(?:\.\d+){0,2}(?:\.\*)?)"
        return findall_regex(regex, requests.get(install_url))
    return "Undefined"

def search_by_feed_meta_generator():
    feed_url = url+'/feed/'
    if url_exist(feed_url):
        regex = r"<generator>https:\/\/wordpress.org\/\?v\=(\*|\d+(?:\.\d+){0,2}(?:\.\*)?)"
        return findall_regex(regex, requests.get(feed_url))
    return "Undefined"

if __name__ == "__main__":
        r = requests.get(url,timeout=3)
        print(f'Meta Generator Version : '+search_by_meta_generator(r))
        print(f'Included CSS Version : '+search_by_included_version())
        print(f'Feed Meta Generator Version : '+search_by_feed_meta_generator())
    except requests.exceptions.HTTPError as error_http:
        print ("HTTP Error : ",error_http)
    except requests.exceptions.ConnectionError as error_connexion:
        print ("Connexion Error : ",error_connexion)
    except requests.exceptions.Timeout as error_timeout:
        print ("Timeout Error : ",error_timeout)
    except requests.exceptions.RequestException as error:
        print ("Undefined Error : ",error)

You can find the whole project into : https://github.com/kbrault/pyWordpressVersionScanner/