WordPress Website Hacking Tips


WordPress Pentesting Tips:

Before testing Wordpress website with Wpscan make sure you are using their API token. Because when you use the Wpscan API token, you can scan the target using data from your vulnerability database.

  1. Signup and Login o wpscan website.
  2. 2. Go to account and get api token.
  3. 3. Go to your linux home folerd and type cd .wpscan
  4. 4. Now create a file name scan.yml with the following content.


api_token: <enter API token>

5. save the file and run the Wpsacn (“free version they give only 25 request per day”).



Aditya Chauhan

ISO 27001 LA | VAPT | Synack Red Teamer | HTB Dante | HTB RASTA | HTB Cybernetics | HTB Offshore | HTB APTLabs | Cyber Security Analyst | Security Researcher