Mengkaji keamanan situs web berbasis WordPress yang sering menjadi target serangan terutama melalui plugin dan tema yang rentan. Dengan mengikuti panduan OWASP WSTG, dilakukan uji penetrasi pada WordPress versi 6.6 dan beberapa plugin gratis. Uji ini mencakup 11 tahapan seperti Information Gathering, Configuration and Deployment Management, Identity Management Testing, Authentication Testing, Authorization Testing, Session Management Testing, Input Validation Testing, Testing for Error Handling, Testing for Weak Cryptography, Business Logic Testing, Client-side Testing. Hasilnya menemukan tujuh kerentanan, termasuk informasi sensitif yang berpotensi dieksploitasi. Kerentanan tersebut dikategorikan berdasarkan OWASP Top 10 2021. Rekomendasi perbaikan meliputi pembaruan berkala dan peningkatan konfigurasi keamanan untuk mengurangi risiko eksploitasi. Penelitian ini men

Examines the security of WordPress-based websites, which are often the target of attacks, especially through vulnerable plugins and themes. Following the OWASP WSTG guidelines, a penetration test was conducted on WordPress version 6.6 and several free plugins. The test included 11 stages such as Information Gathering, Configuration and Deployment Management, Identity Management Testing, Authentication Testing, Authorization Testing, Session Management Testing, Input Validation Testing, Testing for Error Handling, Testing for Weak Cryptography, Business Logic Testing, Client-side Testing. The results found seven vulnerabilities, including sensitive information that could potentially be exploited. The vulnerabilities were categorized based on the OWASP Top 10 2021. Remediation recommendations include periodic updates and security configuration enhancements to reduce the risk of exploitation. This research emphasizes the importance of maintaining web security to avoid being exploited by attackers.