Wordpress -- Pentesting Wordpress
Wordpress is a popular content management system (CMS) used by many websites. This post covers various aspects of pentesting Wordpress installations
Wordpress Discovery
- Wappalyzer plugin for browser is useful for identifying Wordpress sites.
![[file-20250506020701461.png]]
- Presence of default
wordpressfolders likewp-admin,wp-content, and etc. - Searching for wordpress references on the source code of the page
1
curl -s http://wordpressblog.local | grep -i wordpress
Enumerating the Wordpress
grepforthemes,pluginsfrom the source code- Use automatic tool like WPScan to automate the process, enumerating the plugins, themes, users, and etc.
This post is licensed under CC BY 4.0 by the author.