Checking your wordpress site using WPScan is not much difficult as you think. I will show you how can you successfully scan the site vulnerability. But you will happy to know that wordpress is worlds one of the most secure CMS(Content Management System). I am using Kali Linux for example because it has some preloaded tools for testing So let’s get started.
Open WPScan from you Application/Web Application Analysis/wpscan then you will get a terminal screen like this. You will also see your available plugins in your tools.
In terminal type those code :
wpscan –-url /* your wordpress URL */
Note : the sign /* */ is means the comments. Don’t mix it with your url. You can simply replace the /* your wordpress URL */ to your target URL.
You may also notice that you need to update your wpscan. If you don’t need update then skip it.
Wait for some time to scan your target site.
wpscan --url /* your target site URL */ --enumerate vt
wpscan --url /* your target site URL */ --enumerate p
wpscan --url /* your wordpress URL */ --enumerate u
You can force to check password by typing this code wpscan –url Your site URL –wordlist Path to wordlist –username Username to bruteforce –threads Number of threads.
wpscan --url /* your site URL */ --wordlist /* path to wordlist */ --username /* username to bruteforce */ --threads /* number of threads */