![7 Minute Security artwork](https://is3-ssl.mzstatic.com/image/thumb/Podcasts123/v4/3f/c5/49/3fc5493b-b356-27bd-8751-e475bff2af75/mza_1008268055653442910.jpg/100x100bb.jpg)
7MS #264: Hacking Wordpress
7 Minute Security
English - June 29, 2017 04:32 - 11 minutes - 15.9 MB - ★★★★★ - 63 ratingsTechnology News Tech News information security security Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
I was pleasantly surprised to see a Wordpress site fall into a pentest scope this past week. One helpful tool to get familiar with when attacking Wordpress sites is wpscan, which is built right into Kali - or you can grab it from GitHub. Get familiar with the command line flags as they can help you conduct a more gentle scan that recovers from site errors/disconnections more easily. Specifically, read up on these options:
--throttle - for example, I've been using --throttle 1000 in order to be a bit less intense on my target site
--request-timeout and --connect-timeout help your scan recover smoothly from site errors/timeouts
Also, if you find yourself in a situation where you're testing a production Wordpress sight (not recommended), consider setting up a free up/downtime alert via a free service like Uptime Robot so you can get emails if the site ever poops out. That certainly beats hitting F5 in Firefox every 10 seconds :-)