in , , ,

Kali Linux Tutorials – How To Brute Force WordPress

Kali Linux Tutorials – Wpscan – How To Hack Wordpress Websites ?

How To Brute Force WordPress on Kali Linux using Wpscan

kali linux tutorial wpscan k4linux
WordPress is a free and open-source content management system (CMS) based on PHP and MySQL. But in non-geek speak, it’s probably the easiest and most powerful blogging and website content management system (or CMS) in existence today.

As a WordPress administrator or webmaster you are responsible for the security of the WordPress blog or website you manage. Most probably you’ve already done a lot to beef up the security and today in we will show you How to brute force WordPress password on Kali Linux 2018.1 using Wpscan to checking your Password Strength.
Disclaimer: This tutorial is for educational purposes only and we are NOT responsible in any way for how this information is used, use it at your own risk.  


As we knew WPScan is a black box WordPress vulnerability scanner, and it is installed by default in kali linux 2018.1 we will use it to brute force wordpress websites.

We will use our wordpress platform that we have already installed. Follow this tutorial  How To install WordPress in localhost on Kali Linux.


Hack Website on Kali Linux 2018.1

1/ To Start Open your terminal and start Xampp


root@k4linux:  /opt/lampp/lampp start


2/ Now we need to Enumerate users, type in terminal:
root@k4linux:  wpscan -u –enumerate u
kali linux tutorial wpscan k4linux


3/ Wpscan will automatically search the admin username.
kali linux tutorial wpsca k4linux


4/ Now Do wordlist password brute force on the username, type in terminal:
root@k4linux:  wpscan –url –wordlist /root/pass –username k4linux
kali linux tutorial wpscan k4linux

–wordlist set the location of your Password Wordlist

–username set the administrator username that you have found

kali linux tutorial wpscan k4linux
After a search Wpscan will find the password and this will take a few minutes, this depends on your Wordlist.

Efficiency of the Brute Force depend on how much strong is your wordlist and how many password contains it.

How To Use Wpscan on Kali Linux (2018.1)

All the steps for this tutorial are explained on a Video on our Youtube Channel you can subscribe to it by this link they are many other tutorials that you can learn about bypassing and hacking and others basics tutorials about kali Linux. 

If you have encountered a problem or you have any questions or remarks please feel free to set a comment.

Feel free to Share it with your friends … with Love and Prosperity K4LINUX-TEAM.


What do you think?

1078 points
Upvote Downvote

Total votes: 4

Upvotes: 2

Upvotes percentage: 50.000000%

Downvotes: 2

Downvotes percentage: 50.000000%


Leave a Reply
  1. Brute force means that you try all possible passwords. What you present there is just a dictionary attack…which is pretty useless if password is not common and/or in your dictionary file!

  2. Pkb traducibile italiano una domanda o perso account gmail spesso usavo hydra e dava password sbagliata lei crede che dopo avere installato xampp usando brutphp lampp lampp da password lista esattamente che a lei e piaciuto spero che lei pkb mi rispondi grazie ??

2 Pings & Trackbacks

  1. Pingback:

  2. Pingback:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

brute force wordpress kali linux wpscan

How To install WordPress in localhost on Kali Linux :

ddos attack kali linux

What is a Ddos Attack ?