WordPress plugins play a crucial role in extending the functionality of websites. However, from a security perspective, it is important to be aware of the plugins installed on a server, as outdated or vulnerable plugins can be exploited by attackers. This guide provides a simple Bash one-liner to search for a specific WordPress plugin across all hosted sites on a cPanel server.
Why Checking Plugin Popularity Matters
The popularity of a WordPress plugin can be both a strength and a risk. Popular plugins are widely tested and receive frequent updates, but they are also prime targets for attackers. When a vulnerability is discovered in a widely used plugin, it can be exploited on a massive scale. By identifying which sites on your server have a specific plugin installed, you can assess potential security risks and ensure that updates are applied in a timely manner.
What is a Plugin Slug?
A plugin slug is the unique identifier of a WordPress plugin. It is usually the last part of the plugin’s URL on the WordPress Plugin Directory. For example, if the URL of a plugin is:
https://wordpress.org/plugins/litespeed-cache/The slug for the plugin “LiteSpeed Cache” is litespeed-cache. This slug is also the name of the plugin’s directory inside the wp-content/plugins/ folder of a WordPress installation.
One-Liner Script to Search for a Plugin
The following Bash one-liner will prompt for a plugin slug and then search for its installation across all WordPress sites hosted on the cPanel server:
read -p "Enter plugin slug: " plugin && awk -F'==' '{print $1 "|" $5}' /etc/userdatadomains | while IFS='|' read -r domain doc_root; do [ -d "$doc_root/wp-content/plugins/$plugin" ] && echo "$domain $doc_root/wp-content/plugins/$plugin"; done | tee >(wc -l | awk '{print "Total: "$1" sites have the plugin installed."}')How the Script Works
- The script prompts the user to enter the plugin slug.
- It extracts domain names and document root paths from
/etc/userdatadomains. - It checks each site’s
wp-content/plugins/directory for the specified plugin. - If the plugin exists in a site, it prints the domain and path.
- At the end, it prints the total number of sites that have the plugin installed.
How to Use the Script
- Log in to your cPanel server via SSH.
- Copy and paste the one-liner into your terminal.
- Enter the plugin slug when prompted.
- The script will output the list of domains where the plugin is installed and the total count.
By running this script, you can quickly assess which WordPress sites on your server are using a particular plugin. This helps with security auditing, plugin management, and vulnerability assessments.