Breaking into a WordPress site without knowing WordPress/PHP or InfoSec at all

Someone posted to notehub.org an article on how he broke into his college’s WordPress website, without having any prior knowledge of WordPress, PHP, and without any experience with hacking web servers. The attempts were spread out over a month, but effectively totaled a day maybe. The author said to have learned a lot of things while doing the research part which accounted for most of his time, though. On NoteHub, he shares some of the relevant details and how he went along doing this.

My college has a website. And I simply wanted to find a vulnerability, exploit it, and post troll pictures on the front-page. While that’s not a very nice thing to do, but that’s irrelevant here. I knew the site ran wordpress, as my teacher vaguely recited in the webdev class.

So I googled “how to hack wordpress”, and after a couple results, I found a tool called “wpscan”, which examines a wordpress site and shows you a list of possible vulnerabilities.

It isn’t that simple though. The scan doesn’t automatically attack the website and magically understands what a script kiddie wants to do. It just puts out a list of possible issues.

Anyways, it gave me some pretty good info. The interesting bits for our story are…


Show your support


If you want to step in to help me cover the costs for running this website, that would be awesome. Just use this link to donate a cup of coffee ($5 USD for example). And please share the love and help others make use of this website. Thank you very much!


About the Author Jan Reilink

My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization.

follow me on:

Leave a Reply

Be the First to Comment!

avatar
  Subscribe  
Notify of