PHPackages                             markri/wp-sec - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. markri/wp-sec

ActiveWp-cli-package[Security](/categories/security)

markri/wp-sec
=============

Checks Wordpress installation for CVE security issues at wpvulndb.com

1.0.4(6y ago)8529.2k8[1 issues](https://github.com/markri/wp-sec/issues)[1 PRs](https://github.com/markri/wp-sec/pulls)MITPHP

Since Sep 25Pushed 4y ago6 watchersCompare

[ Source](https://github.com/markri/wp-sec)[ Packagist](https://packagist.org/packages/markri/wp-sec)[ Docs](https://github.com/markri/wp-sec)[ RSS](/packages/markri-wp-sec/feed)WikiDiscussions master Synced 4w ago

READMEChangelogDependencies (1)Versions (7)Used By (0)

markri/wp-sec
=============

[](#markriwp-sec)

[![Build Status](https://camo.githubusercontent.com/e22d90df709edd7d28dc1ac02aa43301b448826a408400cf5371629948326b9f/68747470733a2f2f7472617669732d63692e6f72672f6d61726b72692f77702d7365632e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/markri/wp-sec)Note that build status might be "red" due to the API limit of wpvulndb

Quick links: [Using](#using) | [Installing](#installing) | [Contributing](#contributing)

What is wp-sec?
---------------

[](#what-is-wp-sec)

Wp-sec is an extension for wp-cli which checks for Wordpress CVE security issues at wpvulndb.com. All installed versions of core, plugins and themes can be checked and monitored, so you know when to update your Wordpress installation.

Using
-----

[](#using)

Following synopsis should be enough to get you started

```
NAME

  wp wp-sec

DESCRIPTION

  Check for CVE security issues at wpvulndb.com

SYNOPSIS

  wp wp-sec

SUBCOMMANDS

  check      Checks for core, plugins and themes
  version    Returns current version

CHECK PARAMETERS

  --type=[core|plugins|themes|all]
      Check for a specific part, or use all to check all parts
      Default: all

  --output=[user|nagios|json]
      Controls the output
      Default: user

  --cached
      Lets you cache the resuls of wpvulndb, to prevent hammering at their servers. Be nice to them, it's a free service

  --ttl=[integer]
      Cache control of above --cached setting. If omitted a default of 8 hours is used. This setting will give
      you fine grained control. Value is entered in seconds

  --api=[v2|v3]
      The WPvulnDB API version to be used. Currently there is no functional difference between these API's. Except for logging in with a token on API v3

  --token=[]
      Your user token to be used @ wpvulndb.com. Only needed for API v3

  --lowercase
      Converts themes and plugin names to lowercase to submit to wpvulndb. This is due to an issue at wpvulndb. https://github.com/markri/wp-sec/issues/14 As of october 2018 (tested) it doesn't seem to be needed anymore

GLOBAL PARAMETERS

  All global wp cli parameters are inherited

```

Installing
----------

[](#installing)

Installing this package requires WP-CLI v0.23.0 or greater. Install fresh wp-cli as instructed [here](http://wp-cli.org/#installing)Or update to the latest stable release with `wp cli update`.

Unfortunately the wp-cli satis repository isn't much updated anymore. So the easiest way to install the wp-sec package is to download the latest zipball from [here](https://github.com/markri/wp-sec/releases) and install it locally with `wp package install .zip`.

Contributing
------------

[](#contributing)

We appreciate you taking the initiative to contribute to this project.

Contributing isn’t limited to just code. We encourage you to contribute in the way that best fits your abilities, by writing tutorials, giving a demo at your local meetup, helping other users with their support questions, or revising our documentation.

Development
-----------

[](#development)

To setup a development environment for code contributions, follow instructions below. Execution of the extension is done within a dockerized environment (only tested under Linux). Editing can still be done outside of docker as the current directory is mounted into the docker environment.

Place wp-cli binary in the bin folder. According to current documentation from WP-CLI you would want to do something like:

```
cd bin
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
chmod +x wp-cli.phar
mv wp-cli.phar wp

```

Create a docker environment and bring it up like this:

```
docker-compose up -d

```

Enter your dev environment and create a fresh wordpress installation to test against

```
docker exec -ti wpsec-phpcli /bin/bash
mkdir testsite && cd testsite
wp core download
wp core config --dbname=wpsec --dbuser=wpsec --dbpass=wpsec --dbhost=wpsec-mariadb
wp core install --url=http://localhost --title=testsite --admin_user=admin --admin_password=admin --admin_email=mail@mail.com --skip-email

```

Running (from /home/wp/testsite)

```
wp wp-sec check

```

Preparing testsuite (from /home/wp)

```
composer install
mysql -h wpsec-mariadb -e 'CREATE DATABASE IF NOT EXISTS wp_cli_test;' -uroot -pwpsec

```

Running testsuite

```
vendor/bin/behat --strict

```

### Reporting a bug

[](#reporting-a-bug)

Think you’ve found a bug? We’d love for you to help us get it fixed.

Before you create a new issue, you should [search existing issues](https://github.com/markri/wp-sec/issues?q=label%3Abug%20)to see if there’s an existing resolution to it, or if it’s already been fixed in a newer version.

Once you’ve done a bit of searching and discovered there isn’t an open or fixed issue for your bug, please [create a new issue](https://github.com/markri/wp-sec/issues/new) with the following:

1. What you were doing (e.g. "When I run `wp post list`").
2. What you saw (e.g. "I see a fatal about a class being undefined.").
3. What you expected to see (e.g. "I expected to see the list of posts.")

Include as much detail as you can, and clear steps to reproduce if possible.

### Creating a pull request

[](#creating-a-pull-request)

Want to contribute a new feature? Please first [open a new issue](https://github.com/markri/wp-sec/issues/new) to discuss whether the feature is a good fit for the project.

Once you've decided to commit the time to seeing your pull request through, please follow our guidelines for creating a pull request to make sure it's a pleasant experience:

1. Create a feature branch for each contribution.
2. Submit your pull request early for feedback.
3. Include functional tests with your changes. [Read the WP-CLI documentation](https://wp-cli.org/docs/pull-requests/#functional-tests) for an introduction.
4. Follow the [PSR-2 Coding Standards](http://www.php-fig.org/psr/psr-2/).

###  Health Score

38

—

LowBetter than 83% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity35

Limited adoption so far

Community17

Small or concentrated contributor base

Maturity67

Established project with proven stability

 Bus Factor1

Top contributor holds 50% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~289 days

Total

5

Last Release

2407d ago

Major Versions

0.0.3 → 1.0.12018-10-19

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/946789?v=4)[markri](/maintainers/markri)[@markri](https://github.com/markri)

---

Top Contributors

[![markri](https://avatars.githubusercontent.com/u/946789?v=4)](https://github.com/markri "markri (8 commits)")[![cericoda](https://avatars.githubusercontent.com/u/4901800?v=4)](https://github.com/cericoda "cericoda (4 commits)")[![anemirovsky](https://avatars.githubusercontent.com/u/3723297?v=4)](https://github.com/anemirovsky "anemirovsky (3 commits)")[![danielbachhuber](https://avatars.githubusercontent.com/u/36432?v=4)](https://github.com/danielbachhuber "danielbachhuber (1 commits)")

###  Code Quality

TestsBehat

### Embed Badge

![Health badge](/badges/markri-wp-sec/health.svg)

```
[![Health](https://phpackages.com/badges/markri-wp-sec/health.svg)](https://phpackages.com/packages/markri-wp-sec)
```

###  Alternatives

[mews/purifier

Laravel 5/6/7/8/9/10 HtmlPurifier Package

2.0k18.0M138](/packages/mews-purifier)[paragonie/ecc

PHP Elliptic Curve Cryptography library

24772.0k36](/packages/paragonie-ecc)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
