← All Cheatsheets
web-pentest

WPScan — WordPress Security Scanner

WPScan is a WordPress security scanner for finding vulnerabilities, weak passwords, and exposed files.

12 views Apr 2026 lazyhackers
Basic Scanning (8)
wpscan --url http://target.com
Basic WordPress scan
basic scan
wpscan --url http://target.com --enumerate
Full enumeration (plugins, themes, users)
enum full
wpscan --url http://target.com --enumerate u
Enumerate users only
enum users
wpscan --url http://target.com --enumerate p
Enumerate plugins only
enum plugins
wpscan --url http://target.com --enumerate t
Enumerate themes only
enum themes
wpscan --url http://target.com --enumerate vp
Enumerate only vulnerable plugins
enum vuln plugins
wpscan --url http://target.com --enumerate vt
Enumerate only vulnerable themes
enum vuln themes
wpscan --url http://target.com --enumerate ap
Enumerate ALL plugins (aggressive, slow)
enum plugins aggressive
Password Attacks (4)
wpscan --url http://target.com --passwords rockyou.txt --usernames admin
Brute force admin password
bruteforce password admin
wpscan --url http://target.com --passwords rockyou.txt --usernames users.txt
Brute force multiple users
bruteforce password
wpscan --url http://target.com --passwords rockyou.txt --enumerate u
Enumerate users then brute force
enum bruteforce password
wpscan --url http://target.com -U admin -P rockyou.txt -t 20
Brute force with 20 threads
bruteforce speed
Advanced Options (7)
wpscan --url http://target.com --api-token TOKEN
Use WPScan API token for vuln data
api vulns
wpscan --url http://target.com --proxy http://127.0.0.1:8080
Route through Burp proxy
proxy burp
wpscan --url http://target.com --detection-mode aggressive
Aggressive detection (more requests)
aggressive detection
wpscan --url http://target.com -o report.json -f json
Save output as JSON report
output json
wpscan --url http://target.com --http-auth admin:password
Bypass HTTP basic auth
auth basic
wpscan --url http://target.com --cookie "wordpress_logged_in=TOKEN"
Scan as authenticated user
auth cookie
wpscan --url http://target.com --random-user-agent
Randomize User-Agent per request
evasion useragent