Is XML-RPC testing supported?

Yes, the skill includes techniques to check if XML-RPC is enabled and perform multicall brute-force attacks which are often faster than standard login attacks.

How does it handle WAF or rate limiting?

The workflow includes advanced configurations for WPScan such as request throttling, random user agents, and proxy support to help bypass basic detection systems.

Does this skill require external tools?

Yes, this skill provides methodologies for using tools like WPScan, Metasploit, Nmap, and Burp Suite, which should be installed on your local testing environment.

Can I use this skill to find vulnerable plugins?

Absolutely. It includes specific commands to enumerate all installed plugins and check them against known vulnerability databases using WPScan.

WordPress Penetration Testing

Name: WordPress Penetration Testing
Author: claudiodearaujo

byclaudiodearaujo

•

Security & Testing

Conducts comprehensive security audits and vulnerability assessments on WordPress installations using industry-standard tools and methodologies.

This skill provides a structured framework for performing security penetration tests on WordPress websites. It guides users through every phase of an audit, including discovery, enumeration of users, themes, and plugins, vulnerability identification using WPScan, and exploitation techniques via Metasploit or manual methods. Designed for security researchers and developers, it helps identify critical misconfigurations and unpatched vulnerabilities to harden WordPress sites against real-world attacks.

Key Features

01Automated WPScan enumeration for themes, plugins, and users

02Detection evasion techniques including throttling and proxy rotation

03Vulnerability detection with API-driven CVE cross-referencing

04Exploitation workflows for Metasploit and manual shell uploads

05Advanced password brute-forcing via wp-login and XML-RPC

061 GitHub stars

Use Cases

01Performing a security audit on a client's WordPress installation

02Identifying vulnerable third-party plugins before deployment

03Hardening WordPress sites against brute-force and XML-RPC attacks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro wordpress-penetration-testing

For use in Claude.ai and ChatGPT

Download Skill

Key Features

01Automated WPScan enumeration for themes, plugins, and users

02Detection evasion techniques including throttling and proxy rotation

03Vulnerability detection with API-driven CVE cross-referencing

04Exploitation workflows for Metasploit and manual shell uploads

05Advanced password brute-forcing via wp-login and XML-RPC

061 GitHub stars

Use Cases

01Performing a security audit on a client's WordPress installation

02Identifying vulnerable third-party plugins before deployment

03Hardening WordPress sites against brute-force and XML-RPC attacks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro wordpress-penetration-testing

For use in Claude.ai and ChatGPT

Download Skill