How To Scan Vulnerabilities on WordPress Using VirtualBox

To scan vulnerabilities on a WordPress site using VirtualBox, first, you need to understand VirtualBox and vulnerabilities in WordPress.

What is VirtualBox?

VirtualBox is a free to use software that lets the user create virtual computers or machines and run them on your computer. You can install and operate different systems like Windows, Linux, etc. It is like having another computer inside your current one. VirtualBox is a great way to experiment without needing another hardware and it doesn’t affect your main computer in the process. 

What are the Vulnerabilities in WordPress?

Vulnerabilities mean issues to be fixed, or weaknesses that can be taken advantage of by hackers in order to break into your site and cause harm. These vulnerabilities can lead to data theft as well as site defacement, which is unsafe for your site. 

Following is a list of possible vulnerabilities that can be faced: 

1. Outdated Themes and Applications: When themes or plugins are not updated regularly, hackers can exploit the security gaps.
2. Easy to guess passwords: When you don’t use strong passwords for your site, it is easier for third parties to gain access to your site. 
3. Outdated WordPress: WordPress constantly keeps releasing updates for safety purposes. If you do not update your wordpress regularly, you might be an easy bait for the attacks. 
4. Hidden Malwares in Plugins or Themes: Sometimes, when themes and plugins are from an untrusted source, they can be malicious, allowing third parties to easily take control over your website. 
5. SQL Injection: Sometimes, hackers might put some codes in the URL on your site. This can allow them to steal databases. 

Vulnerabilities are harmful as hackers can steal important information such as credit card information, passwords and other personal details. Hackers might do a complete site takeover and use it for shady purposes. This can lead to various illegal charges on you. If your site shows shady content, visitors of your site will definitely lose faith and this will lead to a serious damage to your reputation. 

Note: Site Defacement means when a hacker breaks into a website and changes content or appearance, like themes, layouts. They can show offensive or stupid messages just to prove dominance about the fact that they have taken control over your site. This might include altering of homepage and other pages, display of political messages that are possibly offensive, displaying of logos, images or content for the purpose of embarrassment. They can also direct the visitors to some other harmful and misleading sites. 

How To Scan Vulnerabilities on WordPress Using VirtualBox

How to scan vulnerabilities on WordPress using VirtualBox? Scanning vulnerabilities on WordPress with the help of VirtualBox requires creating a safe environment, where you can test your security issues without risking a live site. Following is a step by step guide: 

1. Download and Install VirtualBox: In order to set up the VirtualBox, go to the site VirtualBox.org and download the program. Install VirtualBox on your computer by following the instructions provided. 
2. Create a Virtual Machine: Start the application, then click on “New”. Choose an operating system next, for example, Linux. 
3. Storage: Decide how much RAM aka storage you want your virtual computer or machine to have. 
4. Install an Operating System i.e OS ISO. Go to the official Ubuntu site and download the Ubuntu file. Then use the ISO File to install the operating system on your virtual machine aka virtual computer. 
5. Install XAMPP or LAMP i.e. a local server which has MySQL, Apache, and PHP) inside the virtual computer.
6. Go to WordPress.org and download the ZIP file.
7. Extract the wordpress files and place them in the htdocs folder of XAMPP.
8. Create a new database for WordPress.
9. Go to the browser and run WordPress Set Up. Enter the database details.
10. Now, in the virtual machine/ computer, you can install tools like WPScan to scan vulnerabilities. 
11. To run a vulnerability scan, open a terminal window and use the code “wpscan –url http://localhost/wordpress.” You can then review the results.
12. Once you have got the report, you can fix the issues like updating themes, or wordpress itself.
13. To make sure no damage is done to your live site, make sure the scanning is done on your virtual machine.