> Wordstress wordpress plugin resources analysis

Wordstress wordpress plugin resources analysis

Download This Plugin
Download Elegant Themes
Name Wordstress
Version 0.6.0
Author Paolo Perego - paolo@codiceinsicuro.it
Rating 100
Last updated 2015-02-25 09:54:00
Downloads
26
Download Plugins Speed Test plugin for Wordpress

Home page

Delta: 0%

Post page

Delta: 0%
Wordstress plugin has no negative impact on PageSpeed score.

Home page PageSpeed score has been degraded by 0%, while Post page PageSpeed score has been degraded by 0%

Wordstress plugin added 2 bytes of resources to the Home page and 0 bytes of resources to the sample Post page.

Wordstress plugin added 0 new host(s) to the Home page and 0 new host(s) to the sample Post page.

Great! Wordstress plugin ads no tables to your Wordpress blog database.

wordstress is a whitebox security scanner for wordpress powered websites.

Site owners don't want to spend time in reading complex blackbox security scan reports trying to remove false positives. A useful security tool must give them only vulnerabilities really affecting installed plugins or themes.

Let's assume, plugin foobar_plugin version 3.4.3 has a sever SQL Injection vulnerability. In one of several wordpress powered website, you installed version 3.2.1 version that is not vulnerable.

A blackbox security scanner will try to enumerate installed plugins but it can't tell the exact installed version. So, using a blackbox approach you'll have a alleged SQL Injection vulnerability you must validate and mitigate. Unfortunately, you will lose precious time to spot a false positive since your plugin is safe.

With wordstress plugin, you'll give the security tool the exact foobar_plugin version installed on the system, 3.2.1. The tool will scan the knowledge base and report 0 vulnerabilities. You save time and you can be focused only on stuff really need your attention.

Of course you may argue that giving on the Internet a place where all your website third parties plugins and themes name with version is not a wise decision. This is correct, that's why wordstress plugin creates a secure access key the scanner must use in order to access /wordstress virtual page.

People without the correct key can't access your website information. The key is unique per server and created with hashing functions so to be resilient to guessing account. Bruteforcing the key will lead to an unsuccessful attempt, and you'll be busted. For sure.

You must pass the correct key value to wordstress ruby gem in order to perform the whitebox scan. If you provide the wrong key or you won't provide a key at all, the wordstress plugin will give no information as output and then no whitebox scan will be possible.

You don't like the key? Just reload the page a couple of times since you're comfortable about the generated entropy and then save the settings.

Resources added by plugin to Home page/Post page in kB
Total size of resources for Home page/Post page in kB
Random Theme Tests
Brand New Day screenshot

Brand New Day

by: sixhours

90683
80%
A little touch of purple screenshot

A little touch of purple

by: JakoThAn

28481
0%