WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues.
Using WPScan allow us to find the username of a wordpress blog with just a single command. This is the command that is used –> wpscan –url website –enumerate u. This example is using my wordpress account to try WPScan.
From the image above, we can see that the username has been identified (The real username is hidden).