Did you know that 30% of the top 10 million websites are powered by WordPress? This information comes from recent data collected by W3Techs.
WordPress is a free and open-source content management system based on PHP and MySQL. Because WordPress is free and easy to use, a lot of people are using it.
Considering that the total number of active websites is estimated at over 172 million— according to a survey published by Netcraft—that means that around 75,000,000 websites are using WordPress right now. Also, around half of those sites (37,500,000) are hosted on the WordPress.com shared hosting installation. This means that around 20% of all self-hosted websites use WordPress, which is a huge percentage of the market.
Because this system is very popular, it also comes with some flaws. The main flaw is that many people and companies are not regularly updating their sites. And if they are using an older version of the site or if they are not familiar with administration, it leaves them vulnerable to mistakes and security breaches. One of the primary mistakes is that they are not protecting their folders with .htaccess or any other methods.
Before you learn a few sourcing tricks connected with WordPress, you first need to learn a little bit more about WordPress itself. In particular, you need to understand the kinds of URLs and folders that are used on the WordPress platform.
There are three main folders under every WordPress: /wp-admin/, /wp-content/, /wp-includes/.
We need to target only one folder, which is /wp-content/ because we are interested in one specific subfolder in this folder. The /wp-content/ folder has three subfolders: plugins, themes, and uploads. Also, as you have probably already guessed, we are going to be targeting the /uploads/ subfolder.
The reason is simple: this is where all the files are stored there.
There are many sites you can target, but the easiest way is to do this is to use inurl: operator in combination with the right keywords.
You already know that you need to target /wp-content/uploads/, so the string will look like this:
This string will target all of the folder’s uploads that are not protected, where they are also using WordPress.
However, we need to find files that are related to the person’s resume, and the best way to do that is to add a keyword.
Example: inurl:/wp-content/uploads/ resume
However, this string will show us lots of results, but it will not find all of the resumes that are out there in these folders. That’s why you need to cast a wider net by adding more keywords.
Example: inurl:/wp-content/uploads/ (CV OR resume OR “curriculum vitae”)
Targeting file types
You can also use filetype: to target only PDF files, for example. Also, don’t forget to remove some keywords from your searches with the minus sign.
Example: inurl:/wp-content/uploads/ (CV OR resume OR “curriculum vitae”) filetype:pdf -sample -example
This string will target all PDF files, but it will remove those that have “sample” or “example” in the name.
In the same way, you can target other file extensions and target a list of attendees or also things that others consider as confidential.
Example: inurl:/wp-content/uploads/ filetype:xlsx “attendees”
Example: inurl:/wp-content/uploads/ filetype:doc “Confidential”
When you learn more about WordPress and about the directory structure, you can target folders that will show you how many people are visiting current sites, like when you target folders for Webalizer. (Webalizer is web log analysis software; it generates web pages of analysis from access and usage logs.)
Example: site:.com /webalizer intitle:”Usage Statistics”
This will find you all the sites that are using this statistic software but are not protecting that information.
As you can see, sites that are using WordPress could reveal interesting information and new candidates. Even though some of those who are not updating their WordPress systems might prevent you from accessing some information, WordPress is still one of the best open-source content management systems you can find.
Sometimes you will find a folder that shouldn’t be shared with the world, so it’s up to you if you are going to contact the owners of the site and let them now. I have already done that a few times.
This article was first published on sourcecon.com