This tutorial within the class WordPress hacking will train you ways to scan WordPress web sites for vulnerabilities, enumerate WordPress consumer accounts and brute pressure passwords. Enumerating WordPress customers is step one in a brute pressure assault so as to acquire entry to a WordPress account. WPScan has the choice to scan a goal website to retrieve a checklist of account names. IN this tutorial we may even have a look at how to cover usernames from WPScan so you’ll be able to keep away from the enumeration of consumer accounts and restrict the effectiveness of brute pressure makes an attempt. We will conclude this tutorial with a demonstration on how to brute pressure root passwords utilizing WPScan on Kali Linux. WPScan is an automatic black field WordPress vulnerability scanner. This instrument is a will need to have for any WordPress developer to scan for vulnerabilities and resolve points earlier than they get exploited by hackers. Together with Nikto, a nice webserver evaluation instrument, this instrument must be a part of any penetration check concentrating on a WordPress website or weblog.
How to hack a WordPress website with WPScan
WPScan comes pre-installed on the next Linux distributions:
The newest model is WPScan 2.eight and the database at the moment comprises:
- Total susceptible variations: 98
- Total susceptible plugins: 1.076
- Total susceptible themes: 361
- Total model vulnerabilities: 1.104
- Total plugin vulnerabilities: 1.763
- Total theme vulnerabilities: 443
The Windows operation system is at the moment not supported by WPScan. The newest model is on the market for download on the following website (Linux & Mac): https://wpscan.org/
Start with the next command to replace the WPScan vulnerabilities database:
Scanning WordPress vulnerabilities
After updating the vulnerability database use the next command to scan the goal website for the most well-liked and up to date vulnerabilities:
wpscan –url [wordpress url]
How to enumerate WordPress customers
The WordPress consumer enumeration instrument is used the retrieve a checklist of registered WordPress customers for the goal host. User enumeration is step one when an attacker desires to acquire entry to a particular goal by brute forcing. The enumeration instrument scans the goal on posts, pages and customized sorts for authors and usernames.
Use the next command to enumerate the WordPress customers:
wpscan –url [wordpress url]–enumerate u
How to brute pressure the foundation password
Use the next command to brute pressure the password for consumer root:
wpscan –url [wordpress url]–wordlist [path to wordlist]–username [username to brute force]–threads [number of threads to use]
How to keep away from WordPress User Enumeration
If you need to keep away from WordPress consumer enumeration, it is best to keep away from utilizing the username as nickname and show title which is proven publicly in WordPress. The best choice is to select an administrator username which consists of random characters and use a totally different nickname. WPScan scans for usernames within the URL’s so for those who gained’t use the username it can’t be scanned by WPScan. Another approach to forestall consumer enumeration is to use a totally different account to publish posts and reply to replies.
How to keep away from Wordpres password brute forcing
The greatest approach to hold attackers utilizing brute pressure strategies out is to restrict the login makes an attempt for and IP handle. There are a number of plug-ins accessible for WordPress to restrict the quantity login makes an attempt for a particular username and IP, corresponding to Wordfence. The newest WordPress variations have the choice to restrict login makes an attempt by default. Make certain you restrict entries to a most of three and improve lock out time a lot after 2 lock outs (which is 6 password makes an attempt).
Fin under an overview of enumeration arguments which can be utilized for scanning:
–enumerate | -e [option(s)] Enumeration.
u – usernames from id 1 to 10
u[10-20] usernames from id 10 to 20 (you should write  chars)
p – plugins
vp – solely susceptible plugins
ap – all plugins (can take a very long time)
tt – timthumbs
t – themes
vt – solely susceptible themes
at – all themes (can take a very long time)
Multiple values are allowed : “-e tt,p” will enumerate timthumbs and plugins.