Before you start exploiting any plugin/theme/core vulnerability of WordPress, the first step is to confirm whether the site is on WordPress or not. As for detecting WordPress itself, there are various ways to detect the installation of a WordPress CMS:
- Search for a wp-content string in the HTML page source.
- Look for the /wp-trackback.php or /wp-links-opml.php filenames—they return XML in the case of a WordPress installation.
- You can also try /wp-admin/admin-ajax.php and /wp-login.php.
- Look for static files such as readme.html and /wp-includes/js/colorpicker.js.
Once you have confirmed that the site is running on WordPress, the next step is to know what version of WordPress is running on the target server. To achieve this, you need to know the different ways you can detect its version number. Why the version number? Because based on the version of WordPress that is installed on the target server, you can test for plugin-based or WordPress-core exploits that may or may not be publicly available.