There are many very good and detailed guides on securing a Word Press installation available, this post is not intended to repeat those.
To get started securing a Word Press install try the excellent guide on the web portal Press.
There are known security issues even in some of the most recent releases of Word Press core, so check the discovered version against the known vulnerabilities.
Even if you are unable to find any good exploits for the version of Word Press core, knowing the installation is running anything older than the latest release indicates that the site may not be closely managed - in which case the chance of exploitation elsewhere has increased considerably.
In a default installation you should be able to find the users of a site by iterating through the user id's and appending them to the sites URL.
Since some plugins are not seen in the HTML source; to find all the installed plugins you have to get more aggressive.Other ways a password can be compromised include sniffing the password in clear text over a HTTP login session or even getting the credentials from a key logger on the workstation of the Word Press administrator.Accounts with administrator level access are the most sought after due to the amount of mischief an admin user can get up to; adding , notice how failed logins confirm the username when an incorrect password is entered. it is also makes things more user friendly for the end user who has forgotten his username and password.Directory indexing is a function of the web server that allows you to view the contents of a directory in the web accessible path.Viewing the contents of a directory allows an unauthorised user to gather a lot of information about the installation such as which plugins and themes have been installed.Discovering the account names of the users of the site, allows you to then attack the passwords of those users through the Word Press login form.We will go through attacking the password in the next section, for now lets enumerate the users of the site.Facing an issue while checking my application compatibility with IE11 in windows10 but it is throwing the below exception while accessing the URL.Can’t connect securely to this page This might be because the site uses outdated or unsafe TLS security settings.This information file contains the version of Word Press right there at the top.It is common to find the version of the installation through one of these two techniques.The numbers of installations keep growing; there are literally millions of Word Press installations.This popularity makes it a juicy target for bad guys aiming to use a compromised web server for malicious purposes.Also keep in mind that if you use a managed Word Press hosting service, some of these attacks (and mitigations) will be the responsibility of your hosting provider.