Training
Hacking WordPress
Training Overview
The "Hacking WordPress" training is designed to identify security vulnerabilities in WordPress-based websites. This comprehensive training thoroughly examines the structure of WordPress, and techniques for scanning core versions, plugins, and themes.
The training begins with an overview of the basic structure and components of WordPress applications. You will learn how to scan WordPress core versions, plugins, and themes, and how to identify security vulnerabilities. Additionally, you will gain practical knowledge on using the WPScan tool for vulnerability scanning and determining security issues. Throughout the training, detailed scanning and analysis methods using WPScan will be emphasized.
What You Will Learn
- The fundamental structure of WordPress sites.
- How to use WPScan to enumerate versions, plugins, themes, and users.
- How to identify common vulnerabilities and misconfigurations in WordPress.
- Essential hardening techniques to protect a WordPress installation.
Who is this for?
- Penetration Testers targeting WordPress sites.
- WordPress administrators and developers.
- Bug Bounty Hunters.
Prerequisites
- Basic understanding of web technologies.
- Familiarity with the concept of a Content Management System (CMS).
Tools You Will Use
- WPScan
- Burp Suite
- Directory scanning tools
Training Sections
- Introduction
- Structure of WordPress
- Collecting Information on WordPress Core Version
- Collecting Information on Plugins and Themes
- Collecting Information on Users
- WPScan
- WPScan Enumeration
- WordPress Hardening Techniques
- Exam