Show HN: Vulnerability scans for WordPress. No installation or code required.
scanbeast.comWould cool to have some kind of free trial. Even if it did something like:
6 vulnerabilities found
Wordpress Core vX.x:
1. CVS0001 - click here to resolve
2. CVS0002 - click here to resolve
3. CVS0003 - sign up to resolve
Wordpress Plugins:
- W3 Cache vX.x
1. CVS0004 - click here to resolve
- Jetpack vX.x
1. CVS0005 - click here to resolve
2. CVS0006 - sign up to resolve
- ...
It would be a good on-boarding process. It get to see that there are indeed vulnerabilities, and I get a few solutions provided for free, but to resolve the rest I need to sign up.
As someone with a single WordPress personal site the starter level is too expensive. Have you considered a per resolution fee? I.e. You find five vulnerabilities with my site. I pay $X.XX per fix?
Hi, thanks for the feedback. I've asked for credit card details to prevent the abuse of this service since you can scan any website.
However, I'm currently in the process of working with the Google Analytics API to provide free scans for verified websites where the user can prove ownership -- this should roll out in about a week or so. Would you like me to drop you a PM when I release this feature?
Yes please, I'm @junto on Twitter.
Have you ever used McAfee Secure (formerly known as HackerSafe)? Security scanning service for websites, looks for 1000's of different vulnerabilities, rates by severity, provides a badge. It's actually quite extensive (and not cheap), but it would be worth researching and seeing what you can emulate.
Their reputation is such that the credit-card vendors trust their results for PCI compliance testing ... a major thing in e-commerce and online payment.
I believe a special filename & contents is required somewhere, to prove you do indeed own the site you're scanning.
Perhaps you're not interested in competing with them yet, but it's something to consider.
The fact that this is funded by Google bug bounties is really impressive.
I'll tell you right now, this is something we'd use. I manage a ton of WordPress sites, adn they are always getting hacked. Not root level server hacks, but annoying database link injections and redirects.
Some other really nasty attacks going on especially with the latest patch that fixed the XMLRPC hack which wrecked thousands of sites.
Would love to see more information on your site about what exactly it does, what access it needs (is it a plugin) and what actions can be taken both proactive and reactive.
Very useful and very cool!
Anyone else getting a request to connect with a client SSL certificate? I'm unsure why it's asking for it.
StartSSL has an issue with Apple computers. I'll be getting a better SSL cert once I get more customers and revenue.
Yes, I am. Hitting cancel let me continue, though.
As a non-technical WP user with a couple of sites - this is great.
I could easily see people building there own business off of this service.
I will set up a test and see what the interest is in my local market.
There are so many angles to try.
Nice little marketing project for my evening hours.
Hi everyone, this is the MVP I have been working on. It's almost 5am in the UK right now and I just wanted to launch as soon as possible and stop procrastinating (and waiting for my A-level results). It's funded entirely by my Google bug bounties, so thank you Google. I have not done any design stuff for it yet -- the site is very bare bones but functional.
Current solutions to vulnerability scanning such as WPscan are good but not user-friendly -- which is what I believe what WordPress users want. I've already got my first 5 customers prior to launch that wanted this product which I think is a good start, hopefully there is a market for this stuff.
I would love to hear any sort of feedback.
So why does the site request my personal TLS cert?
I'd try this, but if I could sign up without entering credit card details.
Is there a mirror? Site seems down ...
Sorry about that, server got knocked offline. Should be back soon.