When I set this blog up, I had a little idea to test it knowing the success rate of hackers being able to attack WordPress blogs.
I had never used the most excellent WPScan tool before, however, I went on to compile this script to get me going.
`wpscan -u http://www.infosecps.com -f`
The `-f` switch was to do a force scan as I was getting a “No wordpress blog exists” message, but that tends not to stop me, especially when I know there is one.
On running the above script I was met with another problem.
“The WordPress URL specified appears to be down”
Oh Really? Interesting… Ok something else to try
`wpscan -u http://www.infosecps.com -f –random-agent`
Boom! Things start happening. I’m getting feedback from the server at last. However there’s a strange response header?
“X-HACKER: If you are seeing this, please visit automattic.com/jobs and apply to join the fun.”
My natural curiosity got the better of me and I visited the site where there was details of how to work on the WordPress team. Interesting way to deal with intruders.
Needless to say I left my blog alone after that message.