> ## Documentation Index
> Fetch the complete documentation index at: https://rootea.es/llms.txt
> Use this file to discover all available pages before exploring further.

# WordPress Exploitation

> Cross-platform resources for WordPress Exploitation: curated HTB machines, PortSwigger labs and TryHackMe rooms with validated writeups and related skills.

# WordPress Exploitation

This page aggregates **cross-platform resources to practice WordPress Exploitation**: retired Hack The Box machines, PortSwigger Web Security Academy labs and TryHackMe rooms, plus curated resources (HackTricks, PortSwigger, etc.) and related skills.

## Curated resources

| Source     | Link                                                                                                                                                                                   |
| ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| HackTricks | [https://book.hacktricks.wiki/en/network-services-pentesting/pentesting-web/wordpress.html](https://book.hacktricks.wiki/en/network-services-pentesting/pentesting-web/wordpress.html) |

## HTB machines practicing WordPress Exploitation (13)

| Machine                                                 | OS    | Difficulty                                           |
| ------------------------------------------------------- | ----- | ---------------------------------------------------- |
| [Apocalyst](/en/htb/machines/linux/medio/apocalyst)     | Linux | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [Aragog](/en/htb/machines/linux/medio/aragog)           | Linux | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [Backdoor](/en/htb/machines/linux/facil/backdoor)       | Linux | <span className="dbadge dbadge-easy">EASY</span>     |
| [Blocky](/en/htb/machines/linux/facil/blocky)           | Linux | <span className="dbadge dbadge-easy">EASY</span>     |
| [Brainfuck](/en/htb/machines/linux/insano/brainfuck)    | Linux | <span className="dbadge dbadge-insane">INSANE</span> |
| [Enterprise](/en/htb/machines/linux/medio/enterprise)   | Linux | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [Monitors](/en/htb/machines/linux/dificil/monitors)     | Linux | <span className="dbadge dbadge-hard">HARD</span>     |
| [Paper](/en/htb/machines/linux/facil/paper)             | Linux | <span className="dbadge dbadge-easy">EASY</span>     |
| [Phoenix](/en/htb/machines/linux/dificil/phoenix)       | Linux | <span className="dbadge dbadge-hard">HARD</span>     |
| [Pressed](/en/htb/machines/linux/dificil/pressed)       | Linux | <span className="dbadge dbadge-hard">HARD</span>     |
| [TartarSauce](/en/htb/machines/linux/medio/tartarsauce) | Linux | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [Tenten](/en/htb/machines/linux/medio/tenten)           | Linux | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [Travel](/en/htb/machines/linux/dificil/travel)         | Linux | <span className="dbadge dbadge-hard">HARD</span>     |

## TryHackMe rooms practicing WordPress Exploitation (8)

| Room                                                                            | Difficulty                                         | Type        | Access  | Official                                                      |
| ------------------------------------------------------------------------------- | -------------------------------------------------- | ----------- | ------- | ------------------------------------------------------------- |
| [Bypass Really Simple Security](/en/tryhackme/rooms/bypassreallysimplesecurity) | <span className="dbadge dbadge-easy">EASY</span>   | Walkthrough | 🟢 Free | [Open](https://tryhackme.com/room/bypassreallysimplesecurity) |
| [Web Enumeration](/en/tryhackme/rooms/webenumerationv2)                         | <span className="dbadge dbadge-easy">EASY</span>   | Walkthrough | 🔵 VIP  | [Open](https://tryhackme.com/room/webenumerationv2)           |
| [Web Security Essentials](/en/tryhackme/rooms/websecurityessentials)            | <span className="dbadge dbadge-easy">EASY</span>   | Walkthrough | 🟢 Free | [Open](https://tryhackme.com/room/websecurityessentials)      |
| [Wordpress: CVE-2021-29447](/en/tryhackme/rooms/wordpresscve202129447)          | <span className="dbadge dbadge-easy">EASY</span>   | Challenge   | 🟢 Free | [Open](https://tryhackme.com/room/wordpresscve202129447)      |
| [AWS S3 - Attack and Defense](/en/tryhackme/rooms/awss3service)                 | <span className="dbadge dbadge-easy">MEDIUM</span> | Walkthrough | 🟢 Free | [Open](https://tryhackme.com/room/awss3service)               |
| [Blog](/en/tryhackme/rooms/blog)                                                | <span className="dbadge dbadge-easy">MEDIUM</span> | Challenge   | 🟢 Free | [Open](https://tryhackme.com/room/blog)                       |
| [Wekor](/en/tryhackme/rooms/wekorra)                                            | <span className="dbadge dbadge-easy">MEDIUM</span> | Challenge   | 🟢 Free | [Open](https://tryhackme.com/room/wekorra)                    |
| [Jack](/en/tryhackme/rooms/jack)                                                | <span className="dbadge dbadge-easy">HARD</span>   | Challenge   | 🔵 VIP  | [Open](https://tryhackme.com/room/jack)                       |

## Related skills

* [/en/skills/rce](/en/skills/rce)

***

← [Back to the full glossary](/en/glossary)

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"DefinedTerm","name":"WordPress Exploitation","termCode":"wordpress-exploit","inLanguage":"en","url":"https://rootea.es/en/skills/wordpress-exploit","inDefinedTermSet":{"@type":"DefinedTermSet","name":"Tactical pentesting glossary","url":"https://rootea.es/en/glossary"}}`}
</script>

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"ItemList","name":"HTB machines practicing WordPress Exploitation","numberOfItems":13,"itemListElement":[{"@type":"ListItem","position":1,"url":"https://rootea.es/en/htb/machines/linux/medio/apocalyst","name":"Apocalyst"},{"@type":"ListItem","position":2,"url":"https://rootea.es/en/htb/machines/linux/medio/aragog","name":"Aragog"},{"@type":"ListItem","position":3,"url":"https://rootea.es/en/htb/machines/linux/facil/backdoor","name":"Backdoor"},{"@type":"ListItem","position":4,"url":"https://rootea.es/en/htb/machines/linux/facil/blocky","name":"Blocky"},{"@type":"ListItem","position":5,"url":"https://rootea.es/en/htb/machines/linux/insano/brainfuck","name":"Brainfuck"},{"@type":"ListItem","position":6,"url":"https://rootea.es/en/htb/machines/linux/medio/enterprise","name":"Enterprise"},{"@type":"ListItem","position":7,"url":"https://rootea.es/en/htb/machines/linux/dificil/monitors","name":"Monitors"},{"@type":"ListItem","position":8,"url":"https://rootea.es/en/htb/machines/linux/facil/paper","name":"Paper"},{"@type":"ListItem","position":9,"url":"https://rootea.es/en/htb/machines/linux/dificil/phoenix","name":"Phoenix"},{"@type":"ListItem","position":10,"url":"https://rootea.es/en/htb/machines/linux/dificil/pressed","name":"Pressed"},{"@type":"ListItem","position":11,"url":"https://rootea.es/en/htb/machines/linux/medio/tartarsauce","name":"TartarSauce"},{"@type":"ListItem","position":12,"url":"https://rootea.es/en/htb/machines/linux/medio/tenten","name":"Tenten"},{"@type":"ListItem","position":13,"url":"https://rootea.es/en/htb/machines/linux/dificil/travel","name":"Travel"}]}`}
</script>

*Last updated: 2026-05-09*
