Kali Linux Tutorial: How To Brute Force WordPress Using Wpscan Tool

Kali-linux-brute-force-wordpress-wpscan- picateshackz.com

As a WordPress administrator or webmaster you are responsible for the security of the WordPress blog or website you manage. Most probably you’ve already done a lot to beef up the security and today we will show you how to brute force WordPress password in Kali Linux using Wpscan to checking your Password Strength.


Disclaimer: This tutorial is for educational purposes only and we are NOT responsible in any way for how this information is used, use it at your own risk.




As we now WPScan is a black box WordPress vulnerability scanner, and it is installed by default in kali linux we will use it for brute forcing wordpress, If you have no idea about Kali Linux then i recommend you to read this article: An Introduction To Hacker’s OS: Kali Linux Setup Tutorial.

We will use our wordpress platform that we already installed in our kali linux. If you have not already done visit our article: Complete Guide To Setup WordPress In Kali Linux With Xampp Server .

Lets’s start,

  • Open your Kali Linux Terminal and start Xampp server by typing the following command:

root@kali: /opt/lampp/lampp start

  • Now we need to Enumerate users, type in terminal:

root@kali: wpscan -u 127.0.0.1/wordpress –enumerate u

Kali-linux-brute-force-wordpress-wpscan- picateshackz.com
  • Wpscan will automatically search the admin username.
Kali-linux-brute-force-wordpress-wpscan- picateshackz.com
  • Now Do wordlist password brute force on the username, type in terminal:

root@kali: wpscan –url 127.0.0.1/wordpress –wordlist /root/pass –username k4linux

Kali-linux-brute-force-wordpress-wpscan- picateshackz.com
  • wordlist set the location of your Password Wordlist
  • username set the administrator username that you have found
Kali-linux-brute-force-wordpress-wpscan- picateshackz.com

After a search Wpscan will find the password and this will take a few minutes, this depends on your Wordlist.

Efficiency of the Brute Force depend on how much strong is your wordlist and how many password contains it.

Watch the video tutorial for more explanation (Wpscan):


Recommended Hacking Tutorial:

Sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Begin typing your search above and press enter to search. Press ESC to cancel.

Back To Top

So glad to see you sticking around!

Want to be the first one to receive the new stuff?

Enter your email address below and we'll send you the goodies straight to your inbox.

Thank You For Subscribing

This means the world to us!

Spamming is not included! Pinky promise.