This tip is well known for years already within the OSINT community, but a lot of people are just starting in this field of work. So I thought it was a good idea to share this.
When diving into WordPress blogs, it is sometimes possible to retrieve some information on users via the API, if this is enabled. To have a look at a list of users, it is enough to change the URL to the following:
{site}/wp-json/wp/v2/users
This will return a JSON dump of everyone that has an account on the particular site, and might reveal some more interesting information.
The following API ‘endpoints’ might be worth checking out (replace the users part in the example above):
API Endpoint Information
- comments All published comments
- media All media within the blog
- pages Information with static pages
- posts All blog posts that are published
- users List of ‘authors’
If there are too many results, then feel free to add some pagination, by adding the per_page parameter:
{site}/wp-json/wp/v2/posts/?per_page=100&page=1
