How to bypass Wordpress Password Protected Pages with FFUF, Possible?

Hi guys, this is my first post in the community and I hope to be welcomed.

I’m trying to bypass a Wordpress Password Protected Page with FFUF with no success. But I’m wondering if this is possible.

I’ll explain you the process.

How Wordpress Works

  1. Wordpress offers you the option to protect a page or post with a password (built-it)
  2. You get for example: mywebsite . com/page/
  3. When you submit the password, Wordpress makes a 302 redirect to “mywebsite . com/wp-login.php?action=postpassword”
  4. It passes on headers the Referer Page, and Password via POST.

What I’m doing with FFUF
So what I’m doing with FFUF is:

  1. Pass the Referer Page via Headers
  2. Password with Post Data.
  3. Allowing Redirects

This is my command:
ffuf -w Documents/passwords.txt -u https://mywebsite.com/wp-login.php?action=postpassword -X POST -d “post_password=FUZZ&Submit=Entrar” -H “Referrer: https://mywebsite.com/page/” -r

When I no add “-r” FFUF returns 302 redirects (for wrong and the right password)

When I add “-r” FFUF returns 200 response code.

So I get the same responses for the wrong and right password.

Any help how to get a success response with ffuf? Because in this case I have the right password but in a vulnerable page I won’t be able to know.

Thanks