Added hosted wordpress detection. See issue #343.

lib/wpscan/wp_target.rb

@@ -56,6 +56,10 @@ class WpTarget < WebSite
     wordpress
   end
 
+  def wordpress_hosted?
+    @uri.to_s =~ /\.wordpress\.com/i
+  end
+
   def login_url
     url = @uri.merge('wp-login.php').to_s
 

spec/lib/wpscan/wp_target_spec.rb

@@ -99,6 +99,23 @@ describe WpTarget do
     end
   end
 
+  describe '#wordpress_hosted?' do
+    it 'returns true if target url is a wordpress.com subdomain' do
+      target = WpTarget.new('http://test.wordpress.com/')
+      target.wordpress_hosted?.should be_true
+    end
+
+    it 'returns true if target url is a wordpress.com subdomain and has querystring' do
+      target = WpTarget.new('http://test.wordpress.com/path/file.php?a=b')
+      target.wordpress_hosted?.should be_true
+    end
+
+    it 'returns false if target url is not a wordpress.com subdomain' do
+      target = WpTarget.new('http://test.example.com/')
+      target.wordpress_hosted?.should be_false
+    end
+  end
+
   describe '#redirection' do
     it 'returns nil if no redirection detected' do
       stub_request(:get, wp_target.url).to_return(status: 200, body: '')

wpscan.rb

@@ -46,6 +46,10 @@ def main
 
     wp_target = WpTarget.new(wpscan_options.url, wpscan_options.to_h)
 
+    if wp_target.wordpress_hosted?
+      raise "The WordPress URL supplied '#{wp_target.uri}' seems to be hosted on wordpress.com This is not supported."
+    end
+
     # Remote website up?
     unless wp_target.online?
       raise "The WordPress URL supplied '#{wp_target.uri}' seems to be down."