WordPress User Enumeration Scanner How-to

At the time of this post, WordPress (version 4.8.2) powers 2,800,000 websites (see https://wordpress.com/). Unfortunately, when you add a new WordPress user if you do not provide a nickname, the username is used as the nickname. This default configuration makes it easy to run an author query to mine WordPress username(s) to launch a brute force attack (See the Wordfence article “Huge Increase in Brute Force Attacks in December and What to Do” at  https://www.wordfence.com/blog/2016/12/how-to-protect-against-brute-force-attacks/). While there are manual queries such as http://url/?author=userid you can run to assess and audit a WordPress site for usernames, the best approach is through the use of an automated tool such as WPScan.

WPScan is a WordPress vulnerability scanner included in Kali Linux and other Linux distributions such as BlackBox Linux, Pentoo, SamuraiWTF, and BackArch that can be used to scan remote WordPress installations to find security issues (See https://wpscan.org/)

You can use WPScan not only to mine usernames but to check for vulnerable plugins and themes, also:

About the Author

David Zwickl, MSci., CISSP, CEH, has spent over 20 years in information assurance and cybersecurity for companies such as RSA Security and Cisco Systems in a variety of roles. Dave holds a Master’s degree in Information Assurance with a Cybersecurity Specialization from Regis University in Denver Colorado. Regis University’s School of Computer & Information Sciences, designated as a National Center of Excellence in Information Systems Security Education (CAE/IAE) by the National Security Agency (NSA) and the Department of Homeland Security (DHS). Dave is active in industry associations ISSA, OWASP, CSA, among others.

Leave a Reply

Your email address will not be published. Required fields are marked *