Looks like GNUCITIZEN and Blogsecurity.net have joined forces to create a online WordPress security scanner. From GNUCITIZEN:
“Blogsecurify was created to help individuals and organization to secure their blog infrastructures by testing them against a set of security tests. The project is still in alpha stage although I am quite happy with the actual framework which I believe is the only one of its kind. The same framework will be used for several other initiatives but I will talk about them when their time come.”
I tested it out and it works as advertised. Just make sure you enable/disable the template plugin that is required. I used the old security scanner that was on Blogsecurity.net and didn’t get a ton of value out of it in the past so this is great news! Actually, the old scanner told me that the WordPress installation that I was scanning was out of date and vulnerable even though I had the latest version installed! Blogsecurity.net has some really good resources for hardening your WordPress installation by the way. I recommend that if you have a WordPress blog you download the paper they have on hardening your WordPress installation. While some of these tips are easy (change the admin account name and use role based access) others are a bit complex and may break most of your plugins (.htaccess modifications) without significant testing. Either way, it’s worth checking out to make your WordPress installation more secure.