Printify.com Demo audit

Rank audit: printify.com rank for “custom backpacks” keyword with 13K/Mo searches has been dropped to the second position in Google SERP

Competition research: printify.com domain competitors on USA traffic

Competition research: suggesting TOP20 competitors for “merch maker” keyword on USA traffic

Competition research: checking competitor “customink.com” top pages on USA traffic

Competition/keyword research: checking keyword gap of competitor “customink.com” vs “printify.com” on USA traffic

Keyword research: sandbox example with 14K keywords to work with

Website Audit: 719 errors, 525 warnings

Website Audit: website structure visualization by click depth

Website Audit: website structure visualization by internal page rank

Website Audit: website pages Inlink rank details

Website Audit: keyword mapping to website page

Website Audit: Technical audit of printify.com/custom-socks page

Website Audit: Content audit of printify.com/custom-socks page

Website Audit: Editing content of printify.com/custom-socks page

Website Audit: TF-IDF analysis for multi-word keywords for printify.com/custom-socks

Backlink profile: printify.com

Backlink profile: live backlinks history

Backlink profile: lost backlinks

Backlink profile: domain comparison summary

Backlink intersection: domains that all competitors, except printify.com, have backlinks from

Security audit: Super minimal check that took just 44 seconds, but identified 3 vulnerabilities

[root@vadimiljin ~]# docker run -it --rm wpscanteam/wpscan --url https://printify.com --enumerate u --random-user-agent

[+] URL: https://printify.com/ [104.22.38.205]
[+] Started: Wed May 26 12:45:55 2021

Interesting Finding(s):

[+] Headers
 | Interesting Entries:
 |  - cf-cache-status: DYNAMIC
 |  - cf-request-id: 0a4a4ec63a00004e8cfb89c000000001
 |  - expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
 |  - server: cloudflare
 |  - cf-ray: 65571a505a144e8c-FRA
 |  - alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

[+] robots.txt found: https://printify.com/robots.txt
 | Interesting Entries:
 |  - /wp-admin/
 |  - /wp-admin/admin-ajax.php
 |  - /*?*
 |  - /wp-content*
 | Found By: Robots Txt
 | Confidence: 100%

[+] The external WP-Cron seems to be enabled: https://printify.com/wp-cron.php
 | Found By: Direct Access
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 5.6.2 identified (Insecure, released on 2021-02-22).
 | Found By: Emoji Settings (Passive Detection)
 |  - https://printify.com/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=5.6.2'
 | Confirmed By: Rss Generator (Aggressive Detection)
 |  - https://printify.com/feed/, <generator>https://wordpress.org/?v=5.6.2</generator>
 |  - https://printify.com/comments/feed/, <generator>https://wordpress.org/?v=5.6.2</generator>
 |
 | [!] 3 vulnerabilities identified:
 |
 | [!] Title: WordPress 5.6-5.7 - Authenticated XXE Within the Media Library Affecting PHP 8
 |     Fixed in: 5.6.3
 |     References:
 |      - https://wpscan.com/vulnerability/cbbe6c17-b24e-4be4-8937-c78472a138b5
 |      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29447
 |      - https://wordpress.org/news/2021/04/wordpress-5-7-1-security-and-maintenance-release/
 |      - https://core.trac.wordpress.org/changeset/29378
 |      - https://blog.wpscan.com/2021/04/15/wordpress-571-security-vulnerability-release.html
 |      - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rv47-pc52-qrhh
 |      - https://blog.sonarsource.com/wordpress-xxe-security-vulnerability/
 |      - https://hackerone.com/reports/1095645
 |      - https://www.youtube.com/watch?v=3NBxcmqCgt4
 |
 | [!] Title: WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure
 |     Fixed in: 5.6.3
 |     References:
 |      - https://wpscan.com/vulnerability/6a3ec618-c79e-4b9c-9020-86b157458ac5
 |      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29450
 |      - https://wordpress.org/news/2021/04/wordpress-5-7-1-security-and-maintenance-release/
 |      - https://blog.wpscan.com/2021/04/15/wordpress-571-security-vulnerability-release.html
 |      - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq
 |      - https://core.trac.wordpress.org/changeset/50717/
 |      - https://www.youtube.com/watch?v=J2GXmxAdNWs
 |
 | [!] Title: WordPress 3.7 to 5.7.1 - Object Injection in PHPMailer
 |     Fixed in: 5.6.4
 |     References:
 |      - https://wpscan.com/vulnerability/4cd46653-4470-40ff-8aac-318bee2f998d
 |      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36326
 |      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19296
 |      - https://github.com/WordPress/WordPress/commit/267061c9595fedd321582d14c21ec9e7da2dcf62
 |      - https://wordpress.org/news/2021/05/wordpress-5-7-2-security-release/
 |      - https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9
 |      - https://www.wordfence.com/blog/2021/05/wordpress-5-7-2-security-release-what-you-need-to-know/
 |      - https://www.youtube.com/watch?v=HaW15aMzBUM

Users are also identified: https://printify.com/wp-json/wp/v2/users/?per_page=100&page=1