URL: https://wptavern.com/ [199.16.173.3] Started: Fri Apr 4 18:44:37 2025 Interesting Finding(s): Headers | Interesting Entries: | - Server: nginx | - X-nananana: Batcache-Hit | - Host-Header: wpcloud | - X-ac: 3.bur _atomic_bur STALE | - Alt-Svc: h3=":443"; ma=86400 | Found By: Headers (Passive Detection) | Confidence: 100% robots.txt found: https://wptavern.com/robots.txt | Found By: Robots Txt (Aggressive Detection) | Confidence: 100% XML-RPC seems to be enabled: https://wptavern.com/xmlrpc.php | Found By: Direct Access (Aggressive Detection) | Confidence: 100% | References: | - http://codex.wordpress.org/XML-RPC_Pingback_API | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/ | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/ | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/ | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/ WordPress readme found: https://wptavern.com/readme.html | Found By: Direct Access (Aggressive Detection) | Confidence: 100% This site has 'Must Use Plugins': https://wptavern.com/wp-content/mu-plugins/ | Found By: Direct Access (Aggressive Detection) | Confidence: 80% | Reference: http://codex.wordpress.org/Must_Use_Plugins Registration is enabled: https://wptavern.com/wp-login.php?action=register | Found By: Direct Access (Aggressive Detection) | Confidence: 100% The external WP-Cron seems to be enabled: https://wptavern.com/wp-cron.php | Found By: Direct Access (Aggressive Detection) | Confidence: 60% | References: | - https://www.iplocation.net/defend-wordpress-from-ddos | - https://github.com/wpscanteam/wpscan/issues/1299 WordPress version 6.7.2 identified (Latest, released on 2025-02-11). | Found By: Emoji Settings (Passive Detection) | - https://wptavern.com/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=6.7.2' | Confirmed By: Query Parameter In Upgrade Page (Aggressive Detection) | - https://wptavern.com/wp-includes/css/dashicons.min.css?ver=6.7.2 | - https://wptavern.com/wp-includes/css/buttons.min.css?ver=6.7.2 | - https://wptavern.com/wp-admin/css/forms.min.css?ver=6.7.2 | - https://wptavern.com/wp-admin/css/l10n.min.css?ver=6.7.2 | - https://wptavern.com/wp-admin/css/install.min.css?ver=6.7.2 WordPress theme in use: wp-tavern-2021 | Location: https://wptavern.com/wp-content/themes/wp-tavern-2021/ | Style URL: https://wptavern.com/wp-content/themes/wp-tavern-2021/style.css | Style Name: WP Tavern 2021 | Style URI: https://github.com/a8cteam51/wptavern | Description: Full Site Editing theme for WP Tavern.... | Author: WordPress Special Projects | Author URI: https://wpspecialprojects.wordpress.com | | Found By: Urls In Homepage (Passive Detection) | Confirmed By: Urls In 404 Page (Passive Detection) | | Version: 1.0.0 (80% confidence) | Found By: Style (Passive Detection) | - https://wptavern.com/wp-content/themes/wp-tavern-2021/style.css, Match: 'Version: 1.0.0' Enumerating Users (via Passive and Aggressive Methods) Brute Forcing Author IDs -: |=================================================| User(s) Identified: Nathan Wrigley | Found By: Rss Generator (Passive Detection) | Confirmed By: Rss Generator (Aggressive Detection) Jyolsna | Found By: Rss Generator (Passive Detection) | Confirmed By: | Rss Generator (Aggressive Detection) | Login Error Messages (Aggressive Detection) adamsilver | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 | Confirmed By: Login Error Messages (Aggressive Detection) antpb | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 | Confirmed By: Login Error Messages (Aggressive Detection) belindaverytwisty-com | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 birgit | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 | Confirmed By: Login Error Messages (Aggressive Detection) bacoords | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 chrishughes | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 christopherm | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 chrisvanpatten | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 concierge | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 email2 | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 denis-zoljom | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 francina | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 ioana | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 jamesgiroux | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 jeffr0 | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection) jonathanbossenger | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 justintadlock | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 jyolsna | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 mcouch | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection) matt | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 | Confirmed By: Author Id Brute Forcing - Author Pattern (Aggressive Detection) nathanwrigley | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 ironnysh | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 sagar-nasitrtcamp-com | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 | Confirmed By: Oembed API - Author URL (Aggressive Detection) | - https://wptavern.com/wp-json/oembed/1.0/embed?url=https://wptavern.com/&format=json sarah | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 tobycryns | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 topher | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 tremi | Found By: Wp Json Api (Aggressive Detection) | - https://wptavern.com/wp-json/wp/v2/users/?per_page=100&page=1 siobhan | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection) coffee2code | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection) No WPScan API Token given, as a result vulnerability data has not been output. You can get a free API token with 25 daily requests by registering at https://wpscan.com/register Finished: Fri Apr 4 18:45:12 2025 Requests Done: 75 Cached Requests: 9 Data Sent: 24.858 KB Data Received: 6.812 MB Memory used: 259.66 MB Elapsed time: 00:00:35