This tutorial is how to do brute force attack technique on a WordPress site using WPscan on Kali Linux.

Only sites with the Wordpress platform will be tried to break into a username and passwordlogin using WPscan. To get started, you must use Kali Linux on the computer you are using.

How to Brute Force a Attack on a WordPress Site Using WPscan

This tutorial is only for learning so that we know how the techniques used by hackers in breaking into victims. For that also included how to avoid it. The site in this trial is just an example. 142bit

Before you begin, make sure you have made a wordlist . How to make a wordlist , please read the previous 142bit article.

Open Terminal, then type:

wpscan -u –enumerate u
Change in the section with the site you are trying to crack.

If there is a notification to redirect, just type Y then Enter

Then ENTER. The process of scanning the target WordPress site will take place as a list of plugins installed on the site.

At the end of the enumerating usernames section, a list of usernames to log in to the target site administrator will be identified. Now you have got the site’s username, what is needed next is the password to enter the administrator.

Next, type it again in the terminal:

wpscan –url –wordlist / layoutwordlist / namawordlist –username usernamename



Change in the section with the site you are trying to crack. Change letakwordlist the location where your wordlist. If the word list is in the root, change it to root, if it is on the Desktop, then change it to the desktop, etc. Also, change the username in accordance with the username obtained in the scanning process above using WPscan. Remember, just one if there are multiple usernames. The process of cracking the password with a prepared wordlist will be processed as shown below.

 If you are lucky, you will get the victim’s password listed in the password section . But if it fails, then no password is found as below.

The power of the wordlist is the one that plays the most role in using this technique. So after knowing where the weak points are, here are tips for you to avoid attacks using brute force hacking techniques :

1. Use strong passwords

2. Don’t use passwords that are related to your personal life

3. Don’t use passwords that are related to numbers your identity, such as your date of birth, house number, vehicle and so on