Use PowerShell to check WordPress versions
When running a one or more WordPress sites it’s important to make sure they are running an up-to-date application. This PowerShell function will check if a site is outdated.
WordPress usually includes it’s version number in a generator
tag in the head section of the HTML output. If it’s not there then a common alternative source is looking for that tag in the RSS feed. As both of these are accessible by a web browser, we can use PowerShell’s Invoke-WebRequest
cmdlet to retrieve the page and then some string manipulation to pick out the version number if it’s present. For the first location that looks something like:
- Retrieve the URL and split the HTML content into lines
1(((invoke-webrequest "https://www.example.com/" ).Content).Split("`n") |
- Find the line with the generator tag
1 Where-Object {$_ -like '<meta name="generator"*'})
- Trim out the tag, and surrounding text until we are left with the version number.
1 .split("WordPress ")[1].split('"')[0]
Once we have a version number, WordPress.org
publishes a handy API we can use to establish if this version is classified as latest
, outdated
, or insecure
. To do this I retrieve the API file:
1$wpReleaseList=Invoke-RestMethod -Uri "http://api.wordpress.org/core/stable-check/1.0/"
And then use some searching and more string manipulation to reduce it down to the string denoting the relevant classification. This is possibly not the neatest way of extracting this data, but it works.
1(([string]$wpReleaseList).split(";") | Where-Object {$_ -like " "+$result+"=*"}).Split("=")[1]
Get-WordPressVersion
All this can be put together into a function which takes the URL and spits out the version number and WordPress stability classification. This function looks like this:
1Function Get-WordPressVersion {
2 param (
3 [Parameter(Mandatory=$true,ValueFromPipeline=$true)]
4 [ValidateScript( {$_ -like "http*"})]
5 [System.URI[]]$URLs
6 )
7 #Get WordPress stability list- insecure/outdated/latest
8 $wpReleaseList=Invoke-RestMethod -Uri "http://api.wordpress.org/core/stable-check/1.0/"
9 ForEach ($URL in $URLs) {
10 $result=""
11 # Method 1: Look in HTML of site
12 Try{
13 $result=(((invoke-webrequest "$URL" ).Content).Split("`n") | where-object {$_ -like '<meta name="generator"*'}).split("WordPress ")[1].split('"')[0]
14 }
15 Catch{}
16 Try {
17 if (!($result)) {
18 #Method 2: Look in RSS Feed
19 $result=(((invoke-webrequest ("$URL"+"/feed") ).Content).Split("`n") |
20 where-object {$_ -like "*<generator>*"}).split("?v=")[1].split("</generator>")[0]
21 }
22 }
23 Catch{}
24 If ($result)
25 {
26 $result |
27 Select-Object @{Name="HostName";Expression={$URL}},
28 @{Name="WordPressVersion";Expression={$result}},
29 @{Name="Stability";Expression={(([string]$wpReleaseList).split(";") |
30 Where-Object {$_ -like " "+$result+"=*"}).Split("=")[1].Replace("}","")}}
31 }
32 }
33}
When run against some well known sites that are running WordPress we can see the results: