Penetration Testing on WordPress

With real world example:

Word-Press:

Word press is a content management system (CMS) that is free and used for website and blogs creation. WordPress has been developed in PHP and mostly use MySQL as an backend database

Word-Press has versatility by which we can create multiple website based on different platform such as blogs, E-Commerce and much more . It uses themes and plugins for different activities so there is not need to learn coding you can use the plugins and themes to create a full fledged website.

Benefits: Some benefits are mentioned below:

1. Easy implementation, in a single click we can install it. So any one can host application.

2. Open source and freely available also. WordPress has a distributed license known as GPL.

Penetration Testing on the Website Created on WordPress:-

WordPress File and Directory Structure:

So whenever user uploads any image on the website or installs themes of plugins where it get stored ? Word Press have lots of directories and files but here I am going to explain only those which may pose a threat if not handled properly.

1. Readme.html: This file located in root of WordPress application (can be accessed via…