Identifying WordPress Websites On Local Networks and Bruteforcing the Login Pages

Statistics from w3techs suggest that 1 out of 4 websites (around 25%) on the internet are powered by WordPress. WordPress’ popularity is derived from its ease of setup and use, its contributing community, and the big repertoire of plugins and themes that are available. Why is WordPress Such a Common Target?
Even though WordPress is a beginner friendly web application, like every other platform it has its own issues and limitations. One of the most voiced security issues is that it is possible and very easy to bruteforce login credentials. WordPress’ advice on this is to install a security plugin, protect the WordPress login page with a .htpasswd file (HTTP authentication), and of course use strong credentials.
However many users, especially the unexperienced ones do not take these extra security measures onboard. They use very weak credentials and do not setup any additional layers of security on their websites, thus making WordPress a good target for brute force attacks.
How to Bruteforce WordPress Websites and Blogs on Internal Networks
WordPress blogs aren’t always used for publicly accessible websites. They are also frequently used as websites in intranets for
Source: https://managewp.org/articles/14126/identifying-wordpress-websites-on-local-networks-and-bruteforcing-the-login-pages

source https://williechiu40.wordpress.com/2017/01/04/identifying-wordpress-websites-on-local-networks-and-bruteforcing-the-login-pages/