Forum Thread: The Easiest Way to Hack a WordPress Site?

Hell guys! I found Null Byte today! I'm so excited about this forum. I got a basic knowledge about hacking(I thought hacking is easy before finding this :D)

So, I was wondering if there is any "easy" way to hack in-to a WordPress website. Maybe with simple steps so anyone can understand? :)

Regards!

11 Responses

Pramod Indunith:

First of all, hacking is not easy at all. It takes a lot of work. I've been teaching myself for years and I feel like I've barely even scratched the surface.

Secondly, what are your intentions with hacking into that website.

Thirdly, if you are wanting to hack websites, you will have to learn HTML at the very least. Here is a link to learn that and more.

http://www.w3schools.com/

ghost_

yes there are super easy ways to hack word-press you just have to know what version is used and what add ons are used then Google search know vulnerabilities for them usually people don't have everything up to date...

Hi, ICQ's post above is correct and spot on. Find the WordPress Version, the Theme, and all the plugins for the site. Then learn your way around:

exploit-db.com
exploit-db.com/google-hacking-database
Search 'wordpress' on those sites.

You can try Google dorks, but you can only get about 1,000 sites from google serps.
I also use wpdata.monster because it already has all the info that I might need.

try reverse ip best and works most of the times :P or you can use wpscan to scan some known vulnerabilities

if you are using kali (or any linux just instal the program) use

wpscan --url yoursitehere and it will try to show you what version it is its plugins and then you just google know vulnerabilities :D

Thank you all for your comments.

I think it would be great if one of you can post a thread about this. I'm not the only one who willing to learn to hack a wordpress site ;)

Hacking isn't about following guides.

Hey ghost,

True, but everyone has to start somewhere, so asking questions and asking for a dedicated thread is okay. Problem is... who really wants to share the nuts and bolts

for no monetary gain and at the same time create more competition. lol

Anyways, most vulns in wordpress come from the plugins. Those are created by anyone that can code php and usually not updated often.

Any way to login back to the admin panel, if some one forgets the admin password and have no access to database or hosting panel ..

DOES WPSCAN TRACES OUR IP OR ANY physical trace and not just wpscan but does nmap trace too...
regards..

Share Your Thoughts

  • Hot
  • Active