Changeset 2456851

Timestamp:

01/15/2021 10:28:15 AM (5 years ago)

Author:

ethicalhack3r

Message:

Update readme.txt

File:

• wpscan/trunk/readme.txt (modified) (2 diffs)

wpscan/trunk/readme.txt

@@ -13 +13 @@
 == Description ==
 
-The WPScan WordPress Security Scanner plugin scans your system on a daily basis to find security vulnerabilities listed in the [WPScan WordPress Vulnerability Database](https://wpscan.com/). It shows an icon on the Admin Toolbar with the total number of security vulnerabilities found.
-
-The [WPScan WordPress Vulnerability Database](https://wpscan.com/) is a WordPress vulnerability database, which includes WordPress core vulnerabilities, plugin vulnerabilities and theme vulnerabilities. The database is maintained by the WPScan Team, who are 100% focused on WordPress security.
-
-To use the WPScan WordPress Security Plugin you will need to use a free API token by [registering here](https://wpscan.com/).
+The WPScan WordPress security plugin is unique in that it uses its own manually curated [WPScan WordPress Vulnerability Database](https://wpscan.com/). The vulnerability database has been around since 2014 and is updated on a daily basis by dedicated WordPress security specialists and the community at large. The database includes more than 21,000 known security vulnerabilities. The plugin uses this database to scan for [WordPress vulnerabilities](https://wpscan.com/wordpresses), [plugin vulnerabilities](https://wpscan.com/plugins) and [theme vulnerabilities](https://wpscan.com/themes), and has the options to schedule automated daily scans and to send email notifications.
+
+WPScan has a Free API plan that should be suitable for most WordPress websites, however, also has paid plans for users who may need more API calls. To use the WPScan WordPress Security Plugin you will need to use a free API token by [registering here](https://wpscan.com/).
+
+= How many API requests do you need? =
+
+* Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.
+* On average, a WordPress website has 22 installed plugins.
+* The Free plan should cover around 50% of all WordPress websites.
+
+= Security Checks =
 
 The WPScan WordPress Security Plugin will also check for other security issues, which do not require an API token, such as:
@@ -27 +33 @@
 * Check if default secret keys are used
 * Check for exported database files
+* Weak passwords
+* HTTPS enabled
 
 = What does the plugin do? =
 
-* Scans the WordPress core, plugins and themes for known security vulnerabilities;
+* Scans for known WordPress vulnerabilities, plugin vulnerabilities and theme vulnerabilities;
 * Does additional security checks;
 * Shows an icon on the Admin Toolbar with the total number of security vulnerabilities found;