One method of gaining access to an account is to brute force usernames and passwords. However, this attempt will not be successful if we do not have a valid username. In order to find valid usernames, we can use WPScan to enumerate users.

In the command line, type: wpscan –url <targeturl> –enumerate u.

In the above example, the target URL is team5.pentest.id.

Give it a few moments and it will list out the valid users. In this case, user5 and adminteam5.