Default .htaccess File

This is the current default WordPress .htaccess file (taken from a 5.1.1 version). Currently, as of what I know, there are no vulnerabilities with this code. Note the 4 commented out lines at the bottom. The lines may be enabled or edited by the admin. If these 4 lines have a hashtag and are untouched by an admin, this means that these lines are not enforced.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

#php_value upload_max_filesize 64M
#php_value post_max_size 64M
#php_value max_execution_time 300
#php_value max_input_time 300

WPengine Hosted Instance

If you see a WPengine header anywhere, it's hosted on WPengine's website and therefore may have a secondary domain name. This could potentially bypass a WAF in some instances:

X-Powered-By: WP Engine

After crawling and clicking throught he application, search for wpengine and a link to it may be exposed within the source of the application.

https://<instance_name>.wpengine.com/

Plugin Source Code Review

To observe the source code of a plugin registered within WordPress plugin-store. Even if the plugin is technically "closed source" because the vendor never shared it on GitHub and is a payed software. See the following link:

https://plugins.trac.wordpress.org/browser/<PLUGIN>/

Cyber Notes

Default .htaccess File

WPengine Hosted Instance

Plugin Source Code Review