Penetration test wordpress on Ubuntu
  • 29

Penetration test wordpress on Ubuntu

Penetration test can take a lot of time to learn properly and in depth.

Today we will cover just a small part of this whole field.


We will apply our penetration test on wordpress sites that nowadays are almost 80% Of the internet websites.



  • Ubuntu computer/server.
  • Internet connectivity.
  • WordPress website to test.

So I will be using a very famous tool for today’s penetration test which is wpscan.


wpscan is one of the packages shipped by default with Kali linux.

If you don’t have Kali linux, here’s how to do it on Ubuntu

So we will enable the Kali linux repo by opening our terminal and putting this command:

sudo add-apt-repository ppa:wagungs/Kali-linux

Afterwards we need to refresh our sources by putting this command:

sudo apt-get update

Next we would need a package manager, if you used older versions of Ubuntu I am sure you’ve used synaptic.


sudo apt-get install synaptic

Run synaptic and search for “wpscan” and install it, afterwards let’s open a new terminal window.


Let’s run our first penetration test:

wpscan –url


You’ll see something similar to this:


penetration test with wpscan on ubuntu


wpscan is really rich, you get to choose exactly what you would like to do for example here are some features:

  • Bruteforce the username admin with the dictionary file darkc0de this command:
  • wpscan.rb –url –wordlist darkc0de.lst –username admin
  • To enumerate the pulgins installed on that website you do it with this command:
  • wpscan –url –enumerate p

Now all the results will appear on your screen, you can find the vulnerability and patch it.

Please remember that penetration test, is for ethical hackers and protection against attacks, don’t use this guide for any other purpose.

This was just the wpscan package from Kali linux, however this distro is really rich of many other tools, if security is your field of interest, give kali linux a try on a VM on your computer.

Comments are closed.