Skip to content

Configuration: WordPress wp-config Detection

Identifier: wordpress_accessible_wpconfig

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

WordPress wp-config files that are remotely accessible can expose sensitive configuration information including database credentials, security keys, and other critical settings.

How we test: We test for exposed WordPress wp-config files by attempting to access configuration files and analyzing responses to detect if sensitive configuration details are accessible without proper authorization.

Configuration

Example

Example configuration:

---
security_tests:
  wordpress_accessible_wpconfig:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.