Published: 2025-07-01
Analisis Keamanan Website Berbasis WordPress melalui Penetration Testing untuk Meningkatkan Keamanan Digital
DOI: 10.35870/jtik.v9i3.3692
Downloads
Abstract
The development of information technology has made the security and integrity of digital information exchange on websites extremely important. Many websites utilize Content Management Systems CMS like WordPress as an alternative choice. This research aims to conduct penetration testing on the WordPress based website teknoblog.top using the Penetration Testing Execution Standard PTES method and provide recommendations for improving existing vulnerabilities. The analysis results on teknoblog.top using the WPScan tool found 6 informational findings, which do not indicate vulnerabilities. Meanwhile, OWASP ZAP identified vulnerabilities with a total of 3 medium level alerts, 5 low level alerts, and 6 informational alerts. The vulnerability successfully exploited in this research was the Missing Anti Clickjacking Header with a medium level severity. This finding was confirmed using the BurpSuite Scanner tool. The vulnerability was caused by the website not properly configuring the security header. To verify the accuracy of the Missing Anti Clickjacking Header vulnerability findings on the OWASP ZAP scanning tool, exploitation was carried out manually using a simple HTML script and through the clickjacker.io website. It is important to address this issue to prevent web pages from being loaded in iframes on other websites. The recommended fix for this vulnerability is the addition of the X Frame Options header to protect the website from clickjacking attacks.
Keywords
Penetration ; WordPress ; PTES ; Burpsuite ; Nmap ; OwasZap ; Wpscan
Article Information
This article has been peer-reviewed and published in the Jurnal JTIK (Jurnal Teknologi Informasi dan Komunikasi). The content is available under the terms of the Creative Commons Attribution 4.0 International License.
-
Issue: Vol. 9 No. 3 (2025)
-
Section: Computer & Communication Science
-
Published: %750 %e, %2025
-
License: CC BY 4.0
-
Copyright: © 2025 Authors
-
DOI: 10.35870/jtik.v9i3.3692
AI Research Hub
This article is indexed and available through various AI-powered research tools and citation platforms. Our AI Research Hub ensures that scholarly work is discoverable, accessible, and easily integrated into the global research ecosystem. By leveraging artificial intelligence for indexing, recommendation, and citation analysis, we enhance the visibility and impact of published research.
Bagus Setya Putra
Sisten Informasi, Fakultas Teknologi Informasi dan Industri, Universitas Stikubank, Kota Semarang, Provinsi Jawa Tengah, Indonesia.
Dwi Budi Santoso
Sisten Informasi, Fakultas Teknologi Informasi dan Industri, Universitas Stikubank, Kota Semarang, Provinsi Jawa Tengah, Indonesia.
-
Aziz, M. (2021). Vulnerability assesment untuk mencari celah keamanan web aplikasi e-learning pada Universitas XYZ. Jecsit, 1(1), 101-109.
-
Burhani, L. F., & Priyawati, D. (2024). Analisis Pengujian Keamanan Website Pengelolaan Internet Desa Kragan Menggunakan Metode Penetration Testing Execution Standard (Ptes). JIPI (Jurnal Ilmiah Penelitian dan Pembelajaran Informatika), 9(1), 307-319. https://doi.org/10.29100/jipi.v9i1.4455.
-
Darojat, E. Z., Sediyono, E., & Sembiring, I. (2022). Vulnerability assessment website e-government dengan NIST SP 800-115 dan OWASP menggunakan web vulnerability scanner. Jurnal Sistem Informasi Bisnis, 12(1), 36–44. https://doi.org/10.21456/vol12iss1pp36-44.
-
Dasmen, R. N., Rasmila, R., Widodo, T. L., Kundari, K., & Farizky, M. T. (2023). Pengujian penetrasi pada website eLearning2.binadarma.ac.id dengan metode PTES (Penetration Testing Execution Standard). Jurnal Komputer dan Informatika, 11(1), 91–95. https://doi.org/10.35508/jicon.v11i1.9809.
-
Dharmawan, A. (2022). Penetration testing menggunakan OWASP top 10 pada domain xyz. ac. id. Electro Luceat, 8(1), 100-108. https://doi.org/10.32531/jelekn.v8i1.455.
-
Kurniawan, H., & Christianto, E. (2024). Analysis Vulnerability Website Baleomolcreative dengan Metode Penetration Testing Execution Standard & Vulnerability Assessment Pada Http Response Header Field. Jurnal JTIK (Jurnal Teknologi Informasi dan Komunikasi), 8(3), 734-745. https://doi.org/10.35870/jtik.v8i3.2202.
-
Laksmiati, D. (2023). Vulnerability assessment with network-based scanner method for improving website security. Journal of Computer Networks, Architecture and High Performance Computing, 5(1), 38–45. https://doi.org/10.47709/cnahpc.v5i1.1991.
-
Mamuriyah, N., Prasetyo, S. E., & Sijabat, A. O. (2024). Rancangan sistem keamanan jaringan dari serangan DDoS menggunakan metode pengujian penetrasi. Jurnal Teknologi Dan Sistem Informasi Bisnis, 6(1), 162–167. https://doi.org/10.47233/jteksis.v6i1.1124.
-
Pratiwi, D., Santoso, G. B., Mardianto, I., Sediyono, A., & Rochman, A. (2020). Pengelolaan pengelolaan konten web menggunakan WordPress, Canva dan Photoshop untuk guru-guru wilayah Jakarta. Abdihaz: Jurnal Ilmiah Pengabdian pada Masyarakat, 2(1), 11. https://doi.org/10.32663/abdihaz.v2i1.1093.
-
Ramadhani, G. T. A., Steyer, M. R. R., Maulidan, M. H., & Setiawan, A. (2024). Analisis kerentanan WordPress dengan WPScan dan teknik mitigasi. Journal of Internet and Software Engineering, 1(4), 15. https://doi.org/10.47134/pjise.v1i4.2613.
-
Riyanti, A., Rahmanto, B. M., Hardianto, D. R., Yuristiawan, R. D. A., & Setiawan, A. (2024). Uji penetrasi injeksi SQL terhadap celah keamanan database website menggunakan SQLmap. Journal of Internet and Software Engineering, 1(4), 9. https://doi.org/10.47134/pjise.v1i4.2623.
-
Utama, D. A., Khairil, K., & Supardi, R. (2024). Analisis Keamanan Website Menggunakan PTES (Penetration Testing Execution And Standart). Jurnal Media Infotama, 20(1), 106-112. https://doi.org/10.37676/jmi.v20i1.5367.
-
Wen, S. F., & Katt, B. (2023). A quantitative security evaluation and analysis model for web applications based on OWASP application security verification standard. Computers and Security, 135. https://doi.org/10.1016/j.cose.2023.103532.
-
Zahwa, F. A., & Syafi’i, I. (2022). Pemilihan pengembangan media pembelajaran berbasis teknologi informasi. Equilibrium: Jurnal Penelitian Pendidikan Dan Ekonomi, 19(01), 61-78. https://doi.org/10.25134/equi.v19i01.3963.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Authors who publish with this journal agree to the following terms:
1. Copyright Retention and Open Access License
Authors retain copyright of their work and grant the journal non-exclusive right of first publication under the Creative Commons Attribution 4.0 International License (CC BY 4.0).
This license allows unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
2. Rights Granted Under CC BY 4.0
Under this license, readers are free to:
- Share — copy and redistribute the material in any medium or format
- Adapt — remix, transform, and build upon the material for any purpose, including commercial use
- No additional restrictions — the licensor cannot revoke these freedoms as long as license terms are followed
3. Attribution Requirements
All uses must include:
- Proper citation of the original work
- Link to the Creative Commons license
- Indication if changes were made to the original work
- No suggestion that the licensor endorses the user or their use
4. Additional Distribution Rights
Authors may:
- Deposit the published version in institutional repositories
- Share through academic social networks
- Include in books, monographs, or other publications
- Post on personal or institutional websites
Requirement: All additional distributions must maintain the CC BY 4.0 license and proper attribution.
5. Self-Archiving and Pre-Print Sharing
Authors are encouraged to:
- Share pre-prints and post-prints online
- Deposit in subject-specific repositories (e.g., arXiv, bioRxiv)
- Engage in scholarly communication throughout the publication process
6. Open Access Commitment
This journal provides immediate open access to all content, supporting the global exchange of knowledge without financial, legal, or technical barriers.