How to Brute Force WordPress (and prevent it on your site)

Подписаться 104 тыс.

Просмотров 25 тыс.

50% 1

Learn how brute forcing the WordPress login page works, and find out what you can do to prevent this attack from happening on your website.
Find more at tonyteaches.tech
Check out my vlog channel @TonyFlorida
#wordpress #bruteforce

Хобби

Опубликовано:

15 сен 2021

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 46

@it-expat-china 2 года назад

Your videos deserve more views, thanks very much!

@HammadKhanYT 9 месяцев назад

Best - Super informative

@James-lx5vk Год назад

I get a 'Can't get username' error when trying to replicate this. I know the username if that helps?

@danielp5208 Год назад

I am testing my wordpress but seeing the same issue as others, "Can't get username" when the script is ran

@minnuss 2 года назад

Usually a person who wants to brute force your website is using a public proxy list, so this type of defense is ok to some level, but not enough...because it doesn't ban IP addresses. And attack will go on and on and on and on ...

@TonyTeachesTech 2 года назад

That is true

@1000left 2 года назад

WOW!!! Had you added your password to the downloaded list or was it already in the list as a random password? That was a great demo!!! SCAAAAAAAARY!! Thank you!!!

@TonyTeachesTech 2 года назад

The password was already in the list

@sarathchet2910 2 года назад

It is error with "Can't Get Username" any advise please ?

@drmikeyg 2 года назад

Tony you should do a video on WP scan also. That's how those dirty low down hackers can get a lot of information about a wordpress site.

@TonyTeachesTech 2 года назад

Are you talking about this wpscan.com/wordpress-security-scanner

@drmikeyg 2 года назад

@@TonyTeachesTech Yes sir, That's the one.

@TonyTeachesTech 2 года назад

@@drmikeyg Okay I've added it to my list to eventually check out. Thanks!

@ging3rblox 11 месяцев назад

Bad hat hackers use it in wrong way...ethical hackers use in good way .....don't say anything about anyone if u don't know..

@jofranlirio 2 года назад

Hi Tony, how can I block direct external IP access when I using lightspeed server? When I monitor the error404 on WordPress, I can see a lot of this results...

@TonyTeachesTech 2 года назад

I'm not sure about how to do this on litespeed. I will have a video on how to do this for Nginx though soon

@charlesyaw6514 2 года назад

@@TonyTeachesTech after running the perl synthax as shown. i chose #1 for wordpress but when it ran it asked me for username. i have the username and don't know what to do next. any help? i just need the synthax that could include username because i have it thanks!

@callergaming2575 5 месяцев назад

Can this work on windows

@seyraarms4538 2 года назад

Hi, I got a username related error but I did not see you state any username , you only provided the url and the passwords.txt file. So why am I receiving this error message...? Thanks.

@TonyTeachesTech 2 года назад

You might have to modify the Perl script to specify the username since it doesn't seem like it can be passed in as an argument github.com/Moham3dRiahi/XBruteForcer/blob/master/XBruteForcer.pl

@marcelkuepfer544 2 года назад

@@TonyTeachesTech How can I do this - sorry I'm new

@karthikeyan.b8694 2 года назад

Hi can you plz put the video for the docker basic

@TonyTeachesTech 2 года назад

I will look into this soon

@ervaunal1054 Год назад

The brute forcer goes through passwords slowly even though cpu usage is at 17%

@MustafaNightcore Год назад

Tool link

@magicalfortnite3671 2 года назад

How do you get that typing server

@TonyTeachesTech 2 года назад

Terminal on Mac and Command Prompt on Windows

@phamvanhan7037 2 года назад

Can we change the username instead of ADMIN?

@TonyTeachesTech 2 года назад

Yes ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-uso1u1z7h_s.html

@ddrci88 2 года назад

user is not a credentials for wordpres its so easy to took out from XLM file from WP.

@knightride9635 2 года назад

Can you elaborate, I am new to this

@TonyTeachesTech 2 года назад

I'll have a video about this on Tuesday. Stay tuned!

@TonyTeachesTech 2 года назад

You're right

@djkvido Год назад

I also tried it on my website, but unfortunately it says that the username was not found and I couldn't find a way to solve it anywhere.

@TonyTeachesTech Год назад

Hmm weird

@Nanax96 Год назад

Doesnt works "Can't get username"

@arczi7832 Год назад

Paste website link not admin login page

@bsitworldwide2020 Год назад

share the wordlist

@TonyTeachesTech Год назад

Is this what you mean ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-RO4XJkBKn6E.html

@nirmitha 2 года назад

Can we stop this using cloudflare?

@TechnicalUstad 2 года назад

yes you can if you have pro plan you can configure login lock down and allow your ip to access wp admin

@TonyTeachesTech 2 года назад

I'm not sure

@grantwin3839 2 года назад

Hi Tony, i am so excited about this educational content you just shared. Please i keep getting this error [-] Can't open the file at Xbrute_force/XBruteForcer.pl line 96, line 1. what am i doing wrong?