Web Hacking: WordPress Penetration Testing and Security

Name: Web Hacking: WordPress Penetration Testing and Security
Rating: 3.8 (89 reviews)

Learn how to do Penetration Testing on WordPress based sites also learn how to increase security on WordPress sites

Created byArsalan Saleem, Secure Techware

Last updated 6/2026

English

What you'll learn

WordPress Core Architecture
How to find Vulnerabilities in WordPress Sites
How Hacker Exploit Vulnerabilities in WordPress
How to Increase Security of WordPress Sites
How to Defend Against WordPress Attacks

Course content

7 sections • 24 lectures • 1h 34m total length

01-Introduction1:27
Explore web site security basics, information gathering, detection, and exploitation techniques, and learn to secure WordPress sites and e-commerce solutions.
02-Prerequisite1:18
03-Course Structure2:23

01-Information Gathering Themes5:22
Learn to gather information on a WordPress target using WPScan, enumerate themes and plugins, and identify WordPress version details while noting authorized testing practices.
02-Information Gathering Plugins4:00
03-Information Gathering Users1:26
The lecture guides information gathering for WordPress testing by performing an audit, enumerating users, and saving three usernames and plugin details to a separate file.

01-Get Admin User and Encrypted Pass7:18
02-Change Admin Pass4:00
Demonstrates how an attacker alters a WordPress admin password to gain control, illustrating password verification, plugin abuse, and email-based access methods.
03-Create New Admin4:25
04-Reverse Shell Access to Server10:48
Learn how a reverse shell can grant server access through a WordPress plugin, highlighting payload creation and ethical testing practices for secure web applications.

01-WordPress Security in New Installation3:24
Learn how to secure a new WordPress installation by changing the default table prefix and admin username, using a strong password, and configuring database details during setup.
02-Change Database Prefix in Existing Installation3:46
03-Change Database Prefix in Existing Installation Part-024:25
04-Change Admin Account2:41
Replace the default WordPress admin by creating a second admin user, log in with the new account, transfer all content, and delete the old admin account.
05-Change Important File Structure4:04
Change WordPress file structure to boost security by deleting unused sample files, moving the config file outside the WordPress directory, and backing up the database and site before changes.
06-Limit Login Attempts2:17
Learn to defend WordPress sites from brute force by restricting login attempts with a limit login attempts plugin, configuring 20-minute and 24-hour lockouts after failed logins.

Requirements

Basic Ethical Hacking Knowledge
Basic knowledge of websites and web applications
Knowledge of PHP Language

Description

Did you know that more than 30% of websites on internet are based on WordPress and more than 42% of online shopping sites are using WordPress as E-commerce solution.

WordPress is robust and powerful open source website creation tool. In this course we are going to see the vulnerabilities in WordPress based sites We will start this course by looking into the core architecture of WordPress like How WordPress works? How themes work in WordPress? What are plugins and how to create plugins? Then will looking into information gathering phase of WordPress. We will see how to do version detection and how to gather user information. We will also try to find vulnerabilities in WordPress themes and plugins.

After that we will see how to exploit these vulnerabilities and gain access to WordPress site. We will also try and gain access to complete server using WordPress site. Then Will see how to write malware code and exploit WordPress site on different levels. After looking into WordPress vulnerabilities we will see how to secure WordPress sites. We will provide you step by step information to secure your new WordPress site as well as existing WordPress sites.

Disclaimer:

This course is intended strictly for educational and ethical cybersecurity research purposes. All demonstrations are performed in controlled laboratory environments on systems owned by the instructor or authorized for testing. The techniques shown are designed to help security professionals understand vulnerabilities and improve defensive security measures. Students are expected to follow all applicable laws and perform security testing only on systems they own or have explicit permission to test.

Who this course is for:

Web developers interested in WordPress Security
Ethical Hackers who wants to learn about WordPress Security
People who wants to Secure their own or company WordPress site

Web Hacking: WordPress Penetration Testing and Security

What you'll learn

Explore related topics

Course content

Introduction3 lectures • 5min

01-Module 1 WordPress Structure3 lectures • 9min

02-Module 2 WordPress Information Gathering3 lectures • 11min

03-Module 3 WordPress Vulnerability Assessment4 lectures • 22min

04-Module 4 WordPress Malware Writing with Social Engineering4 lectures • 27min

05-Module 5 WordPress Security6 lectures • 21min

Additional Materials1 lecture • 1min

Requirements

Description

Who this course is for: