Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress takeover detection

By kannthu

Vidoc logoVidoc Module

WordPress takeover detection

What is the "WordPress takeover detection?"

The "WordPress takeover detection" module is designed to detect potential takeover vulnerabilities in WordPress websites. It focuses on identifying misconfigurations or vulnerabilities that could allow unauthorized access or control over a WordPress site. This module is particularly important for website owners and administrators who want to ensure the security of their WordPress installations.

WordPress is a popular content management system (CMS) used by millions of websites worldwide. Due to its popularity, it has become a common target for hackers and malicious actors. The severity of the vulnerabilities detected by this module is classified as high, indicating the potential for significant security risks.

This module was authored by pdteam and geeknik.


A successful takeover of a WordPress website can have severe consequences. It can lead to unauthorized access to sensitive data, defacement of the website, injection of malicious code, or even complete control over the site. This can result in reputational damage, financial losses, and potential legal implications for the website owner.

How does the module work?

The "WordPress takeover detection" module works by analyzing various aspects of a WordPress website to identify potential vulnerabilities. It utilizes HTTP request templates and matching conditions to perform its analysis.

One of the matching conditions used by this module is the presence of specific words or phrases in the website's HTML response. For example, it looks for phrases like "Do you want to register" and " doesn't exist" to identify potential misconfigurations or vulnerabilities.

The module also checks if certain words, such as "cannot be registered," are absent from the HTML response. This helps in distinguishing false positives and narrowing down the potential vulnerabilities.

By combining these matching conditions, the module can accurately detect potential takeover vulnerabilities in WordPress websites.

Here is a simplified example of an HTTP request sent by the module:

GET / HTTP/1.1

In this example, the module sends a GET request to the root URL of the WordPress website ( to analyze its response and apply the matching conditions.

It's important to note that the actual module definition is not shown here, as it is represented in JSON format and is not necessary for understanding the technical workings of the module.

Module preview

Concurrent Requests (0)
Passive global matcher
dsl: Host != ipand
word: Do you want to register,<...and
NOT word: cannot be registered
On match action
Report vulnerability