Attacking WordPress Users

Hi guys, I am having trouble with a question. It wants me to perform a bruteforce attack against the user “roger” on my target with the wordlist “rockyou.txt” and submit the user’s password as the answer.

But when I use the command (wpscan --password-attack xmlrpc -t 20 -U roger -P rockyou.txt --url the scan is aborted saying the “XML-RPC Interface was not detected”?

The /xmlrpc.php is ON so I have no idea why it’s giving this error. I tried to do without the xmlrpc part and it gives me several passwords but none is the correct one…

I am stuck, if you could please help me I would be very grateful, I am losing my sleep with this question and I feel like I am missing something trivial.

Please be careful which side you attack in each case. is a website on the Internet and not the site you want to effectively attack.

1 Like

Oh my god, thank you! I got it, I can not believe I was making such silly mistake. Gee, I am face palming myself!!!