tree -L 1 /var/www/html
.
├── index.php
├── license.txt
├── readme.html
├── wp-activate.php
├── wp-admin
├── wp-blog-header.php
├── wp-comments-post.php
├── wp-config.php
├── wp-config-sample.php
├── wp-content
├── wp-cron.php
├── wp-includes
├── wp-links-opml.php
├── wp-load.php
├── wp-login.php
├── wp-mail.php
├── wp-settings.php
├── wp-signup.php
├── wp-trackback.php
└── xmlrpc.php
index.php
: homepagewp-activate.php
: used for email and website activationwp-admin
: folder containing multiple backend/dashboard sitesxmlrpc.php
: XML API (soon-ish deprecated because of the new REST API)wp-config.php
: contains info like db name and credentials and other configs for wordpress
Role | Description |
---|---|
Administrator | This user has access to administrative features within the website. This includes adding and deleting users and posts, as well as editing source code. |
Editor | An editor can publish and manage posts, including the posts of other users. |
Author | Authors can publish and manage their own posts. |
Contributor | These users can write and manage their own posts but cannot publish them. |
Subscriber | These are normal users who can browse posts and edit their profiles. |
source: HTB Academy
Via source code in html-head:
<meta name="generator" content="WordPress 5.3.3" />
or as bash command:
curl -s -X GET https://<wordpress-page> | grep '<meta name="generator"'
Sometimes the version can be in the CSS files that are linked:
<link rel='stylesheet' id='bootstrap-css' href='<url>/wp-content/themes/ben_theme/css/bootstrap.css?ver=5.3.3' type='text/css' media='all' />
<link rel='stylesheet' id='transportex-style-css' href='<url>/wp-content/themes/ben_theme/style.css?ver=5.3.3' type='text/css' media='all' />
<link rel='stylesheet' id='transportex_color-css' href='<url>/wp-content/themes/ben_theme/css/colors/default.css?ver=5.3.3' type='text/css' media='all' />
<link rel='stylesheet' id='smartmenus-css' href='<url>/wp-content/themes/ben_theme/css/jquery.smartmenus.bootstrap.css?ver=5.3.3' type='text/css' media='all' />
Or in the JavaScript files that are linked into the index page/homepage
curl -s -X GET <url> | sed 's/href=/\n/g' | sed 's/src=/\n/g' | grep 'wp-content/plugins/*' | cut -d"'" -f2
curl -s -X GET <url> | sed 's/href=/\n/g' | sed 's/src=/\n/g' | grep 'themes' | cut -d"'" -f2
Tools like ffuf and/or WPScan can help here - you could fuzz the content/plugin
dir.