Discovering the account names of the users of the site, allows you to then attack the passwords of those users through the WordPress login form. We will go through attacking the password in the next section, for now lets enumerate the users of the site.

In a default installation you should be able to find the users of a site by iterating through the user id's and appending them to the sites URL. For example /?author=1, adding 2 then 3 etc to the URL will reveal the users login id either through a 301 redirect with a Location HTTP Header

[php] wordpressexample.com/?author=1 [/php]