To scan a WordPress site for vulnerabilities using Nmap, you can use the http-wordpress-enum NSE script along with other HTTP-related scripts that target WordPress vulnerabilities.
Here’s a solid Nmap command that will:
- Detect if WordPress is present.
- Enumerate users.
- Attempt to find vulnerabilities.
✅ Basic Nmap WordPress Vuln Scan Command
nmap -p 80,443 --script=http-wordpress-enum,http-wordpress-users,http-vuln* -Pn <target_ip_or_domain>🔍 What This Does:
-p 80,443— scans only HTTP and HTTPS ports.--script=http-wordpress-enum— detects WordPress and gathers basic info (version, plugins, themes).--script=http-wordpress-users— attempts to enumerate WordPress usernames.--script=http-vuln*— runs all vulnerability detection scripts related to HTTP.-Pn— skips host discovery (useful if ICMP is blocked).<target_ip_or_domain>— replace this with your VPS IP.
🔁 Example Usage
nmap -p 80,443 --script=http-wordpress-enum,http-wordpress-users,http-vuln* -Pn <Target_IP>📦 Optional: Add Output
If you want to save the results:
nmap -p 80,443 --script=http-wordpress-enum,http-wordpress-users,http-vuln* -Pn <Target_IP> -oN wordpress_scan.txt⚠️ Notes:
- These scripts won’t exploit the vulnerabilities—they only detect them.
- Make sure you have Nmap’s scripting engine updated:
sudo nmap --script-updatedb - For deeper WordPress scanning, you can pair Nmap with WPScan later.
