id: wp-enabled-registration

info:
  name: WordPress user registration enabled
  author: Ratnadip Gajbhiye,ritikchaddha
  severity: info
  metadata:
    max-request: 1
  tags: wordpress

http:
  - method: GET
    path:
      - '{{BaseURL}}/wp-login.php?action=register'
      - '{{BaseURL}}/wp-signup.php'

    host-redirects: true
    max-redirects: 4
    matchers:
      - type: dsl
        dsl:
          - 'contains_any(body, "Register For This", "register_form_message", "registerform", "signup-form", "signup_form", "login-action-register","-register")'
          - 'contains_any(body, "/wp-includes", "/wp-content")'
          - 'status_code == 200'
        condition: and
# digest: 4b0a00483046022100f9ddeb2cbd5ccb0aa27ab4eab3dee915ef5231aeb68d9a3795619a5d43672c7d022100ae0d9a459aa044232f1b490aba3be59ab0b29e7992006a12c36f0b38c113bf44:922c64590222798bb761d5b6d8e72950