WordPress Login Panel - Detect

What is the "WordPress Login Panel - Detect?"

The "WordPress Login Panel - Detect" module is designed to detect the presence of the WordPress login panel. It is a test case that can be used to identify if the login panel of a WordPress website is accessible. This module is authored by its0x08 and has an informative severity level.

Impact

This module does not have any direct impact on the website or its functionality. It is solely used for detection purposes and does not perform any actions that could potentially harm the website.

How does the module work?

The "WordPress Login Panel - Detect" module works by sending a GET request to the "/wp-login.php" path of the target WordPress website. It then applies matching conditions to the response to determine if the login panel is present.

The matching conditions used in this module include:

- The presence of the string "WordPress</title>" in the response - The presence of the string "Log In</title>" in the response - The presence of the string "/wp-login.php?action=lostpassword\">Lost your password?</a>" in the response - The presence of the string "<form name=\"loginform\" id=\"loginform\" action=\"{{BaseURL}}/wp-login.php\" method=\"post\">" in the response

If any of these conditions are met, the module will report that the WordPress login panel has been detected.