Please continue this wordpress series - Thank you 😊

Back when I did testing, I had a standing rule: if I was able to get into your WP instance, it became mine to do with as I please.

Managed to find two XSS solely from a website having outdated wordpress plugins, managed to enumerate their users as well. Quite fun.

8:56 what did you write behind your webcam?

Wow u have the skills 🔥🔥🔥

Ty for the content. A suggestion - Maybe get a green screen or reduce the size of your camera? It often covers a lot of interesting details.

That was good but in a real world scenario nobody will have a default credentials like alex:alex

I tried this, and got an error for too many requests too quickly. How can I increase the time between each attempt? Thanks

Excellent - Looking forward to Part 2

On the other hand, enumerating the login and brute-force password becomes more complex if the wp-admin page is protected by 2FA. What's more, if the website is behind a nginx reverse proxy with an htpasswd file on wp-admin and the entire infrastructure is behind cloudflare with active waf, the security of the wp-admin page increases by one level.😅

PART 2 NEEDED

can you write the compleate command of FUFF you used. Wordlist file name is not visible.

Me who has a wordpress website: *nervous sweats*

when i wpscan a website it gives me an username but when i try that wp weakness that you said it say that the username doesn't exist

thx for the video, when you gonna post part 2

Excellent content. Greetings for Argentina!

if there be no limitations for pass trying burp suite is also a good option

I hope theres a part three explaining how to avoid being hacked 🙂

How did you get the rockyou file ?

How do you paste the code into the YML? whats the command keys?

What is the terminal used called ?

Nice.. Thanks 👍

Is it possible without wordlist?

you guys really need to increase mic volume

When I try that I had this error: no matching manifest for Linux/386 in the manifest list entries 😢😢 I don't know how to fix that any help plzz😊😊

I am looking forward to see part2

Waiting for part 2

i try to do what you did with the password and user brut force and i got that message: Error: Unknown response received Code: 409 what does it mean?

why sudo to anything, you don't need sudo to edit docker-compose or to run your container....

How do I save it

Great video but When is part2?

Can you wpscan https?

Nice Sir :D

First of all, I am Vegeta.

yo i just noticed, you kinda look like ed snowden

Love 💖😘

You just kidding with us😂

Alex, I must say, you look better with a beard, no homo.

bro my pc took 1 minute to brute force 200 passwords

Z aust TFT capacitive touchscreen and then you are

REUN

So

kids

parsing C:\Users\Administrator\docker-compose.yml: yaml: line 16: mapping values are not allowed in this context when try to do docker-compose up this error will show up this is the yaml file version: "3" services: database: image: mysql restart: always environment: MYSQL_ROOT_PASSWORD: wppassword MYSQL_DATABASE: wpdb MYSQL_USER: wpuser MYSQL_PASSWORD: wppassword volumes: - mysql:/var/lib/mysql wordpress: depends_on: - database image: wordpress: latest restart: always ports: - "80:80" enviorment: WORDPRESS_DB_HOST: database:3306 WORDPRESS_DB_USER: wpuser WORDPRESS_DB_PASSWORD: wppassword WORDPRESS_DB_NAME: wpdb volumes: ["./:/var/www/html"] volumes: mysql: {}