WordPress Penetration Testing Methodologies
- Database Penetration Testing such as SQL Injection.
- Web Application Penetration Testing
- OWASP Top 10
- OWASP API Top 10
- SANS Top 25
- CIS Top 20 for WordPress Server
- ATT&CK Matrix for Kubernetes if WordPress is on Kubernetes.
There is a balance to WordPress security. You want your WordPress to be secure and available while not coming in the between your users and clients. Passwordless logins are a way to go.
By Default, The WordPress Login URI is the same for every website. And, It does not need any special privileges to access. That is why the WordPress login page is the most targeted attack vector – easy for malicious adversaries to brute force after user enumeration.
The most common types of WordPress vulnerabilities.
Brute-force Login Attempts
Cross-site Scripting (XSS)
Denial of Service