• Subscribe to the low volume list for updates.

WordPress User Enumeration

WordPress User EnumerationA common technique to reveal the usernames of a WordPress based site can be undertaken with this simple bash one liner.

In many WordPress installations it is possible to enumerate usernames through the author archives, including the admin username (usually ID:1). This is not a new trick and is available in a number of WordPress Security Testing tools.

Here is a quick bash one liner that will cycle through as many users as you want and enumerate the usernames. So if you have the need and don't have the WPScan security tool or Nmap NSE scripts on hand you could always try this.

for i in {1..5}; do curl -s -L -i http://www.wordpress-site-to-test.com/?author=$i | grep -E -o "\" title=\"View all posts by [a-z0-9A-Z\-\.]*|Location:.*" | sed 's/\// /g' | cut -f 6 -d ' ' | grep -v "^$"; done

Simply change the 5 to however many users you want to enumerate, the command will iterate through the authors (users) and use grep to pull from the Location Header or the HTML of the actual page depending on the sites configuration and response.

This WordPress user enumeration technique will often work on sites that have taken the trouble to rename the admin account to something else to reduce the chance of a brute force attack. It is WordPress security 101, but no matter what your username is strong passwords are essential.

Secured WordPress?
Test WordPress and Server Security in 2 clicks


  • I have people who do not have much knowledge of computer, this information gives me a huge attraction. I will share with my friends. Thank you.
  • Micheal
    doesn't work author author author author
  • TaKeN
    This is proper script is: for i in {1..15}; do curl -s -L -i https://blog.taken.pl/?author=$i --user-agent "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36" | grep -E -o "" title="View all posts by [a-z0-9A-Z-.]*|Location:.*" | sed 's/// /g' |awk '{print $6}' | grep -v "^$"; done Working on newlatest version of Wordpress: 4.5.3. Best Regards TaKeN