It has been a while since I have posted or created any videos, so I thought would create a quick one relating to WordPress. It is not something you get to test much in the real world, but there are some useful tools out there. Nothing cutting edge or new about the contents, but some of you may not have ever used the tools before.

 

WPScan and Metasploit both are great ways to enumerate users so you can then attempt to brute force the passwords. In this particular version there is a SQL injection which WPScan informs you of also.

 

Also ensure you use good strong passwords as by default there are no lockouts, so you can sit and brute force passwords all day. Also vital to keep wordpress patched including all the plugins, a dodgy 3rd party plugin could be a way in.