This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

By using the information gathered from enumerating username, and through the generation of a password list using CUPP or CeWL (you are free to use any password list), we are able to attack a certain user by brute forcing their username alongside the password list.

To start the brute force type:

$ wpscan –url https://pentest.id/wp-login.php -P apietz.txt -U @apietz

Note: If an error occurs mentioning that the site does not seem to be running WordPress, add ” –force ” at the end of the command above.