wordpress-penetration-testing

This document is an actionable WordPress penetration-testing playbook that contains concrete, high-impact offensive techniques: enumeration, credential brute-force (including XML-RPC multicall), plugin/theme-based persistence, PHP webshell and reverse shell payloads, and evasion tactics (Tor/proxies, disabling TLS). In an authorized test context it is appropriate; however, it is highly dual-use and materially enables unauthorized compromise and data exfiltration if misused. Recommend treating this content as high-risk: enforce strict authorization, operational controls, and prefer sanitized examples (non-functional payloads) or explicit safeguards in shared repositories.