Finding out of date WordPress installs

Finding out of date WordPress installs

Download

So hosting WordPress for the general public is one of those things that’s a real pain because once someone sets up a WordPress site, you know full well they’re never coming back to patch it again. Unpatched WordPress installs are a real pain because they are packed with vulnerabilities that can be used to attack not just the site in question but other sites too (xmlrpc.php – I’m looking at you) or even your own host.

So here’s a quick and dirty perl script to find all WordPress installs on your box that are not up to date. Running this on one of my boxes was interesting because it turns out not only are there unpatched WordPress installs (dah!) but also people had copies of much older ones still publicly accessible inside their patched ones in directories like “old”.

I’m not really a perl guy but I wanted to write it in perl because it’s just so easy to use commands like grep, etc. Also, I wanted to refresh myself on perl, which is something I have not used in I can’t remember how long.

So without further banging on – here’s the script:

#We need to have some includes

use LWP::Simple;

use strict;

use IO::File;

#Constants

use constant FIND => '$wp_version';

IO::File->input_record_separator(FIND);

my $next_word;

#Now we need to check the latest version of WordPress by looking at their website and just grepping it.

my $doc = get('https://wordpress.org/download/') || die "GET failed";

foreach my $line (split("\n", $doc)) {

        if ($line =~ m/Version/)

        {

                my $word = "Version";

                $line =~ /$word\s*?(\S+)/;

                $next_word = $1;

                $next_word =~ tr/)//d;

                print "The latest version is $next_word.\n";

        }

}

#Get the full list of WordPress files on the machine (assuming mlocate is installed).

#We want to run the updatedb first, to make sure we have a good view of all installed files.

my $command = "updatedb;locate wp-includes/version.php";

my $output  = `$command`;

#Print out the name of the file:

my $verFile = $output;

my @verFileSplit = split /\n/, $verFile;

#Output what we found out

foreach (@verFileSplit) {

        #Now we lazliy use system grep to check each file

        #This means we will dump all the files and their version to the screen, so

        #if you want, you can store this in a log file by piping it.

        my $grep_command = 'grep wp_version\ = "'.$_.'"';

        my $grep_result = `$grep_command`;

        #Print the version if it's less than current.

        my @grep_array = split /(?<=\')/, $grep_result;

        $grep_array[1] =~ s/'//g;

        #Format it for reading

        if ($grep_array[1] lt $next_word) {

                print "Version is out of date: ";

                print "$_";

                print "($grep_array[1])";

                print "\n";

        }

}

#We're done

So that’s the script. Obviously, it’s for Linux hosts, not Windows. Basically just past it into a new file, like wordpressCheck.pl and then call it:

perl wordpressCheck.pl

About the Author

RodneyI'm a veteran of way too many years of IT (although I still love it) and I currently head up the techincal work over at Host One (major sponsor of this site), where I'm also a partner. Feel free to ask me anything about Cloud Computing and I'll try to be helpful, in a non-salesy kind of way.View all posts by Rodney →

Leave a Reply

Time limit is exhausted. Please reload CAPTCHA.