Word press security-report-www.fansandfollowers.org
1. HackerTarget.com Wordpress Security Report
Wordpress Security Report
HackerTarget.com
HackerTarget.com is the world leader in online open source intelligence and security
assessments. All scanning tools are on-line for easy and convenient access.
HackerTarget.com Vulnerability Scan options include:
Server / IP Web Sites Intelligence CMS
Nmap Port Scan WhatWeb Site Fingerprint DomainProfiler WordPress Scan
OpenVas Scan SQL Injection Test Fierce Domain Scan Joomla Scan
SSL Check Nikto Web Scan Hosting Server Info Drupal Scan
BlindElephant Scan
This report is autogenerated using various sources and scripts. No guarantee is made to the accuracy of the information found.
See http://hackertarget.com for full Terms of Service.
Design and Layout is licensed under a
Creative Commons Attribution 3.0 Unported License.
Wordpress Security Scan by HackerTarget.com LLC 1 of 10
2. HackerTarget.com Wordpress Security Report
Table of Content
Wordpress Security Report 1
HackerTarget.com 1
Table of Content 2
Wordpress Site Info 3
Domain Reputation Check 3
Default Login Page 3
Robots.txt found 3
Site Link Review 4
External Site Links 4
Internal Site Links 4
Plugins, Theme and Javascript 5
Javascript links and Scripts found 5
iframes found in pages 6
WPScan Results 6
Hosting Information for www.fansandfollowers.org 8
Websites sharing the same IP address 8
Appendix A : Additional Resources 10
The Basics 10
Advanced Security Testing 10
Further Information 10
Wordpress Security Scan by HackerTarget.com LLC 2 of 10
3. HackerTarget.com Wordpress Security Report
This report is based on an automated security scan perfomed by hackertarget.com.
It was generated on Wed Nov 14 21:58:22 2012
More Information
Wordpress Site Info
www.fansandfollowers.org/
Wordpress Version: 3.4.2
Good the version of Wordpress is current. It is
recommended to always upgrade to the latest
version.
Web Server: Apache
MetaGenerator: Nova v.2.2,WordPress 3.4.2
Buy Instagram Followers,Get more Instagram
Page Title: Followers,Buy Instagram Likes,Instagram
Followers,how to get followers on instagram
Domain Reputation Check
The site www.fansandfollowers.org has been checked against web reputation services
Ref Service Site Check Result
Google Safebrowsing finds this site as safe SAFE
MyWot has rated the sites trustworthiness as Very Poor 1
Default Login Page
The WordPress administration login page is at the default location http://www.fansandfollowers.org//wp-admin/
This is not a critical risk however it should be understood that brute force attacks against WordPress login accounts
including the admin account are not difficult. A strong password on the admin accounts is vital. It is recommended to
rename the default admin account to a non-generic name.
Robots.txt found
The robots.txt is used to tell search engines to ignore parts of your site. It can also be used by attackers to find stuff you
may not want to be public and other interesting directories.
raw file
User-agent: *
Disallow: /wp-admin/
Disallow: /wp-includes/
Sitemap: http://www.fansandfollowers.org/sitemap.xml.gz
Wordpress Security Scan by HackerTarget.com LLC 3 of 10
4. HackerTarget.com Wordpress Security Report
Site Link Review
Use this section to understand a sites link structure and the reputation of linked sites.
External Site Links
These links have been found to external sites. They have been assessed for reputation using the Google Safe Browse and
MyWOT reputation services.
link Google MyWOT
http://twitter.com/share SAFE 95
Internal Site Links
These are the links from the main index page to other pages within the website.
links
http://www.fansandfollowers.org
http://www.fansandfollowers.org/
http://www.fansandfollowers.org/contact-2/
http://www.fansandfollowers.org/instagram-followers/
http://www.fansandfollowers.org/instagram-likes/
http://www.fansandfollowers.org/instagram-popular-page/
http://www.fansandfollowers.org/purchase-agreement/
http://www.fansandfollowers.org/terms-of-service/
http://www.fansandfollowers.org/twitter-followers-2/
http://www.fansandfollowers.org/wp-content/uploads/2012/08/Buy-instagram-followers.jpg
http://www.fansandfollowers.org/your-name-on-cappuccino/
http://www.fansandfollowers.org/youtube-views/
http://www.fansandfollowers.org/z-faq/
Wordpress Security Scan by HackerTarget.com LLC 4 of 10
5. HackerTarget.com Wordpress Security Report
Plugins, Theme and Javascript
WordPress plugins and Themes should be monitored for updates. Security vulnerabilities are often fixed in updates.
Javascript and iframes of unknown origin should be checked to ensure they are legmitimate. A compromised site will use
these as vectors in order to deliver malware against client systems.
Javascript links and Scripts found
WP Theme: Nova
Google Analytics Account ID : UA-30553062-1
WordPress Plugins Detected
name version latest
announcer 3.4.2
arconix-shortcodes
floating-menu
jetpack 3.4.2 1.5
shortcodes-ultimate 3.9.5 3.9.5
skype-online-status 2.8.6
strx-magic-floating-sidebar-maker 3.4.2
These plugins were detected passively from a sample of sites pages. This is not a full audit of the plugins installed.
The WPScan Active scan option can detect plugins more aggressively. Regular monitoring of plugins should be undertaken
and fixes applied when released.
Internally Linked Javascript
link
http://www.fansandfollowers.org/wp-content/plugins/announcer/public/announcer-js.js?ver=3.4.2
http://www.fansandfollowers.org/wp-content/plugins/floating-menu/js/jquery.easing.js?ver=3.4.2
http://www.fansandfollowers.org/wp-content/plugins/floating-menu/js/jquery.floater.2.2.js?ver=3.4.2
http://www.fansandfollowers.org/wp-content/plugins/floating-menu/js/jquery.hoverIntent.minified.js?ver=3.4.2
http://www.fansandfollowers.org/wp-content/plugins/jetpack/modules/wpgroho.js?ver=3.4.2
http://www.fansandfollowers.org/wp-content/plugins/shortcodes-ultimate/js/init.js?ver=3.9.5
http://www.fansandfollowers.org/wp-content/plugins/shortcodes-ultimate/js/jcarousel.js?ver=3.9.5
http://www.fansandfollowers.org/wp-content/plugins/shortcodes-ultimate/js/jwplayer.js?ver=3.9.5
http://www.fansandfollowers.org/wp-content/plugins/shortcodes-ultimate/js/nivoslider.js?ver=3.9.5
http://www.fansandfollowers.org/wp-content/plugins/skype-online-status/js/skypeCheck.js?ver=2.8.6
http://www.fansandfollowers.org/wp-content/plugins/strx-magic-floating-sidebar-maker/js/debounce.js?ver=3.4.2
http://www.fansandfollowers.org/wp-content/plugins/strx-magic-floating-sidebar-maker/js/strx-magic-floating-sidebar-maker.js?ver=3.4.2
http://www.fansandfollowers.org/wp-content/themes/Nova/epanel/page_templates/js/et-ptemplates-frontend.js?ver=1.1
http://www.fansandfollowers.org/wp-content/themes/Nova/epanel/page_templates/js/fancybox/jquery.easing-1.3.pack.js?ver=1.3.4
http://www.fansandfollowers.org/wp-content/themes/Nova/epanel/page_templates/js/fancybox/jquery.fancybox-1.3.4.pack.js?ver=1.3.4
http://www.fansandfollowers.org/wp-content/themes/Nova/epanel/shortcodes/js/et_shortcodes_frontend.js?ver=1.8
http://www.fansandfollowers.org/wp-content/themes/Nova/js/Colaborate-Thin_400-Colaborate-Medium_400.font.js
http://www.fansandfollowers.org/wp-content/themes/Nova/js/DD_belatedPNG_0.0.8a-min.js
http://www.fansandfollowers.org/wp-content/themes/Nova/js/cufon-yui.js
http://www.fansandfollowers.org/wp-content/themes/Nova/js/jquery.cycle.all.min.js
http://www.fansandfollowers.org/wp-content/themes/Nova/js/jquery.easing.1.3.js
http://www.fansandfollowers.org/wp-content/themes/Nova/js/superfish.js
Wordpress Security Scan by HackerTarget.com LLC 5 of 10
6. HackerTarget.com Wordpress Security Report
http://www.fansandfollowers.org/wp-includes/js/comment-reply.js?ver=3.4.2
iframes found in pages
These iframe links should be checked to ensure they are legitimate. Malware and compromised hosts can be linked by
malicious iframes
link Google MyWOT
http://www.facebook.com/plugins/like.php?
href=http%3A%2F%2Fwww.fansandfollowers.org%2F&layout=standard&show_faces=false&width=450 SAFE 90
&action=like&colorscheme=light&height=80
http://www.facebook.com/plugins/like.php?
href=http%3A%2F%2Fwww.fansandfollowers.org%2Finstagram-
SAFE 90
followers%2F&layout=standard&show_faces=false&width=450&action=like&colorscheme=light&height=
80
http://www.facebook.com/plugins/like.php?
href=http%3A%2F%2Fwww.fansandfollowers.org%2Finstagram- SAFE 90
likes%2F&layout=standard&show_faces=false&width=450&action=like&colorscheme=light&height=80
http://www.facebook.com/plugins/like.php?
href=http%3A%2F%2Fwww.fansandfollowers.org%2Fyoutube- SAFE 90
views%2F&layout=standard&show_faces=false&width=450&action=like&colorscheme=light&height=80
WPScan Results
The following results have been returned by the active WPScan.
WPScan Output
WordPress Security Scanner by ethicalhack3r.co.uk
Sponsored by the RandomStorm Open Source Initiative
_____________________________________________________
| URL: http://www.fansandfollowers.org/
| Started on Wed Nov 14 21:58:45 2012
[!] The WordPress theme in use is called 'Nova' v2.2
[!] The WordPress "http://www.fansandfollowers.org/readme.html" file exists
[!] WordPress version 3.4.2 identified from meta generator
[+] Enumerating plugins from passive detection ... 6 found :
| Name: announcer
| Location: http://www.fansandfollowers.org/wp-content/plugins/announcer/
| Name: shortcodes-ultimate
| Location: http://www.fansandfollowers.org/wp-content/plugins/shortcodes-ultimate/
| Name: jetpack
| Location: http://www.fansandfollowers.org/wp-content/plugins/jetpack/
|
| [!] WordPress jetpack plugin SQL Injection Vulnerability
| * Reference: http://www.exploit-db.com/exploits/18126/
| Name: arconix-shortcodes
| Location: http://www.fansandfollowers.org/wp-content/plugins/arconix-shortcodes/
| Name: strx-magic-floating-sidebar-maker
| Location: http://www.fansandfollowers.org/wp-content/plugins/strx-magic-floating-sidebar-maker/
| Name: floating-menu
| Location: http://www.fansandfollowers.org/wp-content/plugins/floating-menu/
[+] Enumerating installed plugins ...
[+] We found 11 plugins:
Wordpress Security Scan by HackerTarget.com LLC 6 of 10
8. HackerTarget.com Wordpress Security Report
Hosting Information for www.fansandfollowers.org
The following details about the server and hosting provider have been discovered.
Domain: www.fansandfollowers.org
IP: 66.147.244.99
Organization: Bluehost
AS Name: BLUEHOST-AS-2
ISP: BLUEHOST INC.
City: Provo
Country: United States
Websites sharing the same IP address
These sites have been found to be sharing the servers IP address, the primary source for this data is a Bing IP address
search. Reputation is checked using the Google Safe Browse and MyWOT services.
link Page Title Google MyWOT
www.festiveeffects.com Festive Effects - Creative Balloon Decorations and Family ... SAFE ???
stoltzfus.com Stoltzfus Enterprises, Ltd. - Builder of Custom Homes ... SAFE 70
www.iimn.org Home | International Institute of Minnesota SAFE 71
www.fingerfoodjewelry.com Fingerfood Jewelry - Miniature Food Jewelry Made From Polymer Clay SAFE ???
melissaoyler.com Melissa Oyler Designs, LLC SAFE ???
www.sindhar.com Sindhar SAFE 73
delicatesales.com Delicate Sales SAFE ???
icarusconsultants.com Icarus Consultants: Pharma Biotech Marketing Strategy, New ... SAFE 70
jassdevelopers.com Jass Developers, Residential Apartments, Flats, Individual houses ... SAFE ???
stewartlandscape.com Stewart Lawn & Landscape :: Home SAFE 70
www.skatalites.com SKATALITES | The Foundation of Ska, Rock Steady & Reggae SAFE 78
alkiautobody.com Fix Auto South Seattle SAFE ???
www.kimassociates.com Elizabeth H. Kim & Associates, PLLC - Attorneys and Counselors at Law SAFE ???
heliotech-eg.com Home - HelioTech SAFE ???
rockford-id.com Rockford ID Shop, Inc. SAFE ???
joy-liu.com joy-liu.com | visual communication SAFE ???
www.schnellcontracting.com Schnell Contracting - Home SAFE ???
www.leafpile.com Leafpile: Henry & Kathleen's Website SAFE 72
www.saloneast316.com Salon East 316 SAFE ???
biancasrestaurant.com Welcome to Bianca's Italian Eatery! SAFE 70
johnnygalbraith.com Johnny Galbraith .:. Copywriter Portfolio SAFE ???
www.groupxcel.com GroupXcel.com - Facility Services Experts, Janitorial, HVAC ... SAFE ???
www.alpinaautobodyshop.com Auto repair portland oregon | Auto body painting SAFE ???
www.willboisture.com WillBoisture.com SAFE ???
www.vdaconsulting.com Roofing Consultants: Waterproofing, Inspections SAFE ???
www.eitacp.com EIT | Excellence In Teaching SAFE ???
www.jennifer-renee.com Jennifer Renee Photography SAFE ???
www.mrhomeinspector.net Home Inspection SAFE ???
www.aromaglass.com Wholesale Aroma Jewelry - AromaGlass SAFE ???
Wordpress Security Scan by HackerTarget.com LLC 8 of 10
9. HackerTarget.com Wordpress Security Report
www.jobless-movie.com Jobless Short Film SAFE ???
www.bettefrankleahy.com bette frank leahy SAFE ???
kyungheetkd.com Kyung Hee Tae Kwon Do SAFE ???
fifteenminutefitness.com fifteen minute fitness: chico, ca SAFE ???
www.theairking.com The Air King Inc. SAFE ???
awakeningcharlotte.com Natural Awakenings Magazine Charlotte SAFE ???
estherprosser.com Esther Prosser Real Estate SAFE ???
biotechstrategyblog.com Biotech Strategy Blog - Science, Innovation, New Products SAFE ???
www.beaconfwb.org Beacon Free Will Baptist Church SAFE ???
sistercitiesoffishers.org Sister Cities Association of Fishers SAFE ???
saraandrocky.com sara & rocky :: texas wedding photographers SAFE ???
www.truckfarmchicago.org Truck Farm Chicago | The Farm-on-Wheels SAFE ???
www.imanor.org Immacolata Manor Immacolata Manor l A Quiet Point of Pride SAFE ???
joeleenworld.com/Home.html Official WebSite of Joeleen "Welcome to my World" DownLoad her New ... SAFE ???
revelcaffe.com Revel Caffe | independent coffee for a Revolution. SAFE ???
www.stcatherinercc.org St. Catherine of Siena Roman Catholic Church SAFE ???
wisewomanwellness.com Wise Woman Wellness, LLC SAFE ???
mosaic-salon.com Mosaic Salon - Greenville, WI SAFE ???
www.goldentouchpetsalon.com Golden Touch Pet Salon SAFE ???
www.vinyloutlet.net Home page [www.vinyloutlet.net] SAFE ???
pharmastrategyblog.com Pharma Strategy Blog SAFE ???
Wordpress Security Scan by HackerTarget.com LLC 9 of 10
10. HackerTarget.com Wordpress Security Report
Appendix A : Additional Resources
WordPress is a stable and easy to use blogging platform that has a good level of security provided a few easy steps are
taken.
The Basics
* Back It Up - Be ready to lose it all at anytime. If you have an up to date backup restoring is much easier
* Keep WordPress System up to date
* Keep all Plugins up to date
* Beware of untrusted Themes
* Rename admin account to a non-generic name
* Use strong passwords ( a dictionary word with a number after it is not a strong password! )
* Keep your password safe! Do not re-use it on other sites.
* Ensure you have up to date AV on your Windows Machine. Malware collects passwords.
* The underlying server must be well managed and in a secure state
* VPS or Dedicated server? Set up server monitoring (http://www.ossec.net is a good start)
Advanced Security Testing
This report has been generated using automated scripts and tools, while it provides
a good overview of the general security of the site and any obvious problems, it is
far from a comprehensive security assessment.
HackerTarget.com has a comprehensive security assessment offering that is in
effect a simulated hacker attack against the target system. This assessment by its
nature is much more aggressive than the automated review you are looking at now,
and provides a full report with any security holes found along with recommendations
for increasing the security of the system.
Alternatively there is a collection of security tools available for free and online for testing at HackerTarget.com.
Further Information
There are a thousand and one guides for wordpress security tips. Some of the best information is from the source.
* Hardening WordPress
* FAQ My Site Was Hacked
Wordpress Security Scan by HackerTarget.com LLC 10 of 10
