How to detect WP plugins used on a site

2 Views

Is it at all possible to detect the list of plugins used on a WP site.

Also, beyond my initial hunch, how can confirm for fact that a blog is indeed powered by WP?

Post Views: 2

Related posts

Leave a Reply

5 comments

  1. Usually, you can detect WordPress itself by looking at the site’s source code for the WordPress generator meta tag:

    <meta name="generator" content="WordPress 3.0.1" />

    However, some sites remove this tag to hide the fact that they’re running WP.

    There’s no foolproof way to detect the list of plug-ins that are running on a site, though. IMO this is an added security bonus – not all developers are as keen on updating their systems when things break (or vulnerabilities crop up) as the core team … if a plug-in exposes a potential weakness on my system, the last think I want to do is advertise that fact.

    However, any plug-in that adds code to the display (adding scripts, styles, meta tags, etc) might call itself out. Most scripts and styles will expose /wp-content/plugins/{plug-in name}/ in the URL. Some other front-end systems will use the name of the plug-in in some kind of an HTML comment like <!-- Begin Super Cool Plug-in Code -->.

    But, generally, there’s no easy way to generate a list of plug-ins used on a site unless a) you already know which plug-ins to look for or b) the site owner wants you to know.

  2. I would add to also look in the source code for calls to their theme location, which by default would be /wp-content/themes/[themename]. You could also try loading default WP files left over from the installation such as license.txt or readme.html but if they’re clever enough to hide the plug-in and theme locations they likely removed those files, too.

  3. To regurgitate and add to what everyone else said it seems there are a few ways you can snoop on other people’s WordPress version, theme and plugins.

    WordPress Version:

    1. This can be found in a meta tag in
      the head in the form of <meta
      name="generator" content=
    2. This can also commonly be found in
      the footer although it is sometime
      commented out where you can still
      view it in the HTML

    WordPress Theme:

    1. Easiest way is to view the source
      and look for the theme stylesheet
      which will have all of the theme
      info in it (Theme Name, Author,
      Author Site, etc)
    2. This is also commonly found in the
      footer of free themes so the
      original developer can get a free
      link back to their website

    WordPress Plugins:

    1. The easiest way is to look for an “I
      use these WordPress plugins” page
      which some bloggers do.
    2. You could also go through the source
      code and look for any scripts and
      stylesheets that might be loaded as
      well as any unique IDs or class
      names inserted by the plugins. So
      class='socialize', <link
      rel="stylesheet"
      href=".../wp-content/plugins/socialize/socialize.css"
      type="text/css" />       and <script
      type="text/javascript"
      src=".../wp-content/plugins/socialize/socialize.js"></script>
      would all be hints that the theme is
      using a plugin called Socialize.

  4. There are a couple of tools that will brute force all the known wordpress plugins.

    Basically they just try to access /wp-content/plugins/$pluginname and if you get a forbidden you have found the plugin if its a 404 then the plugin is not installed.

    http-wp-plugins.nse – nmap script does this

    http://code.google.com/p/cms-explorer/ – as does this tool

    This site seems to use the read the code methods mentioned previously to try to detect the plugins http://hackertarget.com/wordpress-security-scan/

  5. adding up to what has been said :

    detecting WP : try appending /wp-admin to the site address, maybe they didn’t change it

    detecting the plugins : Firebug – firefox extension 🙂