There are web forms all over the Internet. Even sites that don’t usually allow regular users to log in probably have an admin area. It’s important when running and deploying a site to make sure that the passwords gating access to sensitive controls and admin panels are as secure as possible.
There are different ways to attack a web application, but this guide is going to cover using Hydra to perform a brute force attack on a log in form. The target platform of choice is WordPress. It is easily the most popular CMS platform in the world, and it is also notorious for being managed poorly.
Remember, this guide is intended to help you protect your WordPress or other website. Use on a site that you don’t own or have written permission to test is illegal.