Know what you hack

Think of WordPress as a house — we need to know all its entry points, weak spots, and security measures to properly test it. Let’s break this down into the juicy parts that actually matter for real-world pentesting.

🔴 Understanding the Battlefield

The WordPress Kingdom
Picture WordPress as a medieval castle with different layers of defense:

├── Public Face (wp-content)
│ ├── The Courtyard (themes)
│ ├── The Armory (plugins)
│ └── The Treasury (uploads)
├── The Keep (wp-admin)
└── The Foundation (wp-includes)

Think of wp-config.php as the castle’s secret vault — it holds all the keys to the kingdom. This is often your golden ticket if you can get your hands on it.