WordPress User Enumeration

WordPress User EnumerationA common technique to reveal the usernames of a WordPress based site can be undertaken with this simple bash one liner.

In many WordPress installations it is possible to enumerate usernames through the author archives, including the admin username (usually ID:1). This is not a new trick and is available in a number of WordPress Security Testing tools.

Here is a quick bash one liner that will cycle through as many users as you want and enumerate the usernames. So if you have the need and don't have the WPScan security tool or Nmap NSE scripts on hand you could always try this.

for i in {1..5}; do curl -s -L -i http://www.wordpress-site-to-test.com/?author=$i | grep -E -o "\" title=\"View all posts by [a-z0-9A-Z\-\.]*|Location:.*" | sed 's/\// /g' | cut -f 6 -d ' ' | grep -v "^$"; done

Simply change the 5 to however many users you want to enumerate, the command will simply iterate through the authors (users) and use grep to pull from the Location Header or the HTML of the actual page depending on the sites configuration and response.

This WordPress user enumeration technique will often work on sites that have taken the trouble to rename the admin account to something else to reduce the chance of a brute force attack. It is WordPress security 101, but no matter what your username is strong passwords are essential.

, ,

3 Responses to WordPress User Enumeration

  1. Para Friv September 15, 2013 at 1:27 am #

    I have people who do not have much knowledge of computer, this information gives me a huge attraction. I will share with my friends. Thank you.

  2. Micheal June 8, 2016 at 2:04 pm #

    doesn’t work


  3. TaKeN July 16, 2016 at 6:25 am #

    This is proper script is:
    for i in {1..15}; do curl -s -L -i https://blog.taken.pl/?author=$i –user-agent “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36” | grep -E -o “” title=”View all posts by [a-z0-9A-Z-.]*|Location:.*” | sed ‘s/// /g’ |awk ‘{print $6}’ | grep -v “^$”; done

    Working on newlatest version of WordPress: 4.5.3.
    Best Regards