Hacking WordPress websites – capturing WordPress passwords with free tools

When you login to your WordPress website, the username and password are sent in clear text.

If your WordPress website is on HTTPS, the communication between your browser and website is encrypted. There is nothing to worry about. However, credentials are sent over the internet in clear text if your website is on HTTP.

Clear text traffic, such as your WordPress credentials, can be easily by malicious users. So the risk of having your WordPress username and password stolen are very high.

This post uses real life examples to highlight how easy it is for malicious hackers to steal WordPress passwords using free software. Then it recommends how best to protect your WordPress password and site.

Table of Content

  • How to steal WordPress credentials (Usernames and Passwords)
  • Routing of clear text data over the internet
  • Hacking WordPress websites – stealing passwords & login details
  • Capturing the WordPress password and login details
  • Finding the stolen WordPress password & username in the sniffed traffic
  • How easy it is to capture WordPress login details?
  • Protecting your WordPress login details (and website)

Full read: